ABone Architecture and Operation ABCd — ABone Control Daemon • Server for remote EE management • On-demand EE initiation and termination • Automatic EE restart (permanent EEs) • Java and C debugging support • Node management support • File upload/download • Script execution (management “EE- lets”) • Self-management capabilities • Event logging and status reporting • Reconfiguration and restart • Supports the ABone security model • Runs as an ordinary, unprivileged user Netiod — Network I/O Daemon • Packet I/O service for EEs and AAs • Implements Node OS channel abstraction • Uniform I/O interface across node OSs • Supplements OS kernel filtering capabilities • Normally runs as a root- privileged service • Can run in user space ABone Registry • Central database maintained by ABOCC • User contact data and public authentication keys • Core node information • Trusted code server data • Access control (ACL/TCL) data • Features • User self-service for contact data, keys, and nodes • Administrative functions for ABOCC • Secure Web interface • ABone support functions • Automated ACL/TCL generation and distribution • Node and contact lists to support monitoring tools Usability Features ABCd Client GUI • Guided command construction • Context-sensitive menus • Intuitive explanations • No syntax to learn • Command history and recall • Uses ABCd client Java API • Modular library implementation • Supports custom client development ABoneShell • Client/server extensions to ABCd • Simplifies common tasks • EE management • File transfer • Problem diagnosis • Client user interface • Unix shell-like command tool • Scripting capabilities • Command history and recall • Remote server extension • Special-purpose EE- let • Transparently invoked ABoneMonitor • Web-based node and EE monitor • Real-time ABone status reporting • Graphical summary views • Permanent EE topologies • Whole ABone • Table-based detailed views • Node liveness • ABCd status • EE and AA status High-Level Design • Core nodes • Centrally administered community resource • Required to be continually available • Support multiple EE topologies in permanent configurations • Edge nodes • Private nodes controlled by individual developers • Not registered as part of the testbed • Dynamically join and leave permanent EE topologies Composed of Two Node Types • Active Applications (AAs): Java and C (EE- dependent) • Execution Environments (EEs): Java and C • Node Operating System (Node OS): Unix/POSIX- based Based on the Active Networks Reference Architecture • Active Applications (AAs) • Fundamental unit of network programming • AA code may migrate from node to node • Execution Environments (EEs) • Environment for AA execution • Stable part of active node software • Node Operating System (Node OS) • Environment for EE execution • Permanent part of active node software . . . Node OS EE AA AA . . . EE AA AA . . . Reference Architecture for Active Nodes Developed by the Active Networks Community ABone Security Model • Trusted EEs, untrusted AAs • All code executed within ordinary Unix user accounts • EEs may be downloaded only from trusted servers • EE code trusted not to be malevolent • AA trust requirements EE-dependent • Access controls • ACL files control who may perform what operations • TCL files control who may use which EE code servers • File integrity • Guarded by Unix file permission rules • Security-critical files strictly separated from EE/AA files • Node access • ABOCC trusted to maintain ACL/TCL files • Node administrators control root access ABone Node Architecture Authentication & Access Control Command Processing Client Communications EE Downloading and Execution Unix Operating System EE ABCd Netio d EE Code Server ACL/TCL Server Remote User Channel Control Packet Filtering Control messages InChannel OutChannel Network I/O AA AA AA Code Server