Virtual Venue
Client 2.0 User
Manual
Access Grid Toolkit
Documentation
The
Futures
Laboratory
5/28/2003
1.0 Introduction
Background
The Access
Grid is an Internet-based model for video conferencing that focuses on
group-to-group communication, using an ensemble of resources including
multimedia large-format displays, presentation and interactive environments, and
interfaces to Grid middleware and visualization environments. For instance, the Access Grid is used
for large-scale distributed meetings, collaborative work sessions, seminars,
lectures, tutorials, and training.
Even though the Access Grid is concentrated on group interactions, it
also provides an access point for individual desktop users, permitting
one-to-many or one-to-one communication.
The virtual meeting space, where people come together
to collaborate in the Access Grid, is called a Virtual Venue. If authorized, the Venue provides users
with all the necessary information needed to communicate with each other,
including audio and video streams, user capabilities, data, services,
applications, and connections to other venues.
Users connect to a
Virtual Venue from their particular environment, identified as a node, which contains collaborative
resources needed to provide high-quality user experiences. Access Grid users are given the ability
to configure nodes according to their own preference. Examples of node
configurations are a desktop using a Quick Camera or an entire room with several
microphones, cameras, and advanced display environments. Figure 1 shows one of several nodes
available at Argonne National Laboratory.
Figure
1 A node at Argonne
National Laboratory
Overview
The Venue Client, in Figure 2, is used to connect and
participate in an Access Grid Virtual Venue. It displays the contents of the Virtual
Venue, connections to other venues, and an interface to configure your node
arrangement. The description below
explains the different components that represent the Venue
Client.
Figure 2 Venue
Client
The Address Bar is used to
connect to a venue. You are allowed
to enter two different types of addresses in the address bar, either the default
venue on a venue server (https://host:port/Venues/default) or the actual address
of a specific venue
(https://host:port/Venues/unique id). For instance, you can in Figure 2 see
the Venue Client connected to default venue on a venue server running on host
“vv2.mcs.anl.gov” using port 9000.
After writing the
address in the address bar, click the “Go” button to connect to the venue.
The Title
Bar includes the name of the venue you are currently connected
to.
The Contents
Panel displays participants of
the venue, present data, applications, and services available to share. Users can join the venue either as a
single participant or as a node. A
node is a group of people taking part in the venue together in which all of the
participants are sharing the same collaborative capabilities, for example,
watching the venue projected on a white screen with cameras placed strategically
around the room.
The Exits
Panel shows other venues linked
to this venue, connected through exits, enabling users to travel through the
venue space. Next to the door icon
you can see the name of the connected venue. The venue
description is displayed as a tool tip that shows up if the mouse is held over
the exit.
All venue participants and nodes will receive the
text available in the Text Field.
You can write a short message in the Message Field and display the text by
clicking on the
“Display” button.
2.0
Actions
This section describes how to use the Venue
Client. The discussion begins with
basics such as setting up certificates and gradually covers such complex issues
as managing a node.
2.1 Start Venue
Client
Set
up Certificate
To connect to a venue you have to have a valid grid
identity certificate (for more information about certificates, see Section
3.1). You have to request and configure your
certificate only once; the same certificate can then be used for all future
Access Grid interactions.
Also, you are allowed to user the same certificate on several machines;
so if you already have a certificate, you can simply move your certificate files
over to the right directory on the other machine (for Windows: C:\Documents and
Settings\<your user name>\Application Data\globus\ and for Linux: /home/<your user name>/.globus).
For Windows users:
Go to “Get a Certificate” in the “Windows Globus” start menu.
A window will appear prompting you for necessary information to create
your certificate and the distinguished name you will be associated with (for
more information about distinguished names read Section 3.3). Take care to remember the password you
select because you will be using this in the future. After you are done, a file called usercert.pem is created at the specified location. Send this
file to leggett@mcs.anl.gov who will provide you with a
user certificate. This can
take some time depending on how many requests are being processed at the moment;
please be patient.
When your request has been approved,
you will receive an email containing your certificate files. Place them in C:\Documents and
Settings\<your user name>\Application Data\globus\ together with usercert.pem, as instructed in the email. To keep your identity private, make sure
the certificate files are readable only by you. After receiving all your certificate
files, you are ready to configure your certificate settings by selecting “Globus Configuration” from the “Windows Globus” start menu. The window in Figure 3 is
displayed, click “Next”.
Figure 3 Configure
your certificate settings
A new window, shown in Figure 4, will now open. Make sure you see four OK’s to the right
of the certificate files. If any of
the files is missing, you will have to use the “Browse…” button to find where
the file is located. After this is
done, click “Next.”
Figure 4 Checking
your certificate location
Finally, the window in Figure 5 will appear. Click “Finish,” and your certificate
should be configured.
Figure 5
Configure your certificate settings
For Linux
users:
An easy way to determine whether you have a
certificate is to run grid-proxy-init
on the command line. If it
returns “user certificate not found,” you need to request a certificate. Or, if you know you have a certificate,
you can simply move your certificate files to /home/<your user
name>/.globus. To request a certificate, run grid-cert-request on the command
line. Enter a pass phrase when
prompted; remember the password, since you will be using this in the
future. A file, usercert_request.pem, is created. Copy or attach this file to an email, and
send it to leggett@mcs.anl.gov, who will provide you
with a user certificate. This can
take some time depending on how many requests are being processed at the moment.
Please be
patient.
When your request has been approved, you will receive
an email containing your certificate files. Place them in /home/lefvert/.globus/ as instructed in the email. To keep your identity private, make sure
the certificate files are readable only by you.
Useful Linux commands:
grid-cert-request – Request a certificate.
grid-cert-info – View information about your
certificate.
grid-proxy-info – View information about your
proxy.
grid-proxy-init – Create your proxy
grid-proxy-destroy – Destroy your
proxy.
Note: Use the –help flag for different
command options.
Running the
Program
For Windows users:
Go to the Start menu and select “All Programs-Access
Grid Toolkit-Venue Client,” or click on the desktop
shortcut.
For Linux
users:
Run VenueClient on the
command line.
Create Your Profile
If this is the first time you are using the Venue
Client, a profile dialog will appear, and you should enter your
information, which will be used
to represent you in venues (see Figure
6). You are required at least to
fill in your name, but it is helpful if you enter as much information as
possible. Keep in mind that you can
change the profile at any time (see “Changing your Profile,” Section 2.4). When you are present in a venue, your
profile information will be made available for every participant in that venue
(read “View Profile,” Section 2.3)
Figure 6 Profile
Dialog
2.2 Connecting to a Venue
Specify Venue Address
Enter the venue address in the
Address Bar, and then
click “Go” to enter the venue.
Apart from venue addresses (https://<host>:<port>/<unique id>) you can
enter the address of the default venue on a venue server
(https://<host>:<port>/Venues/default), as shown in
Figure 7.
Figure 7 Using the Address Bar to connect to
a venue
Create Grid Proxy Certificate
In order to successfully connect to the venue server,
you have to have a valid grid proxy certificate (for more information, read
Section 3.1). If such a certificate
is missing, the dialog in Figure 8 will enable you to create a proxy. Fill in the password you chose when you
initially requested your certificate in the “Passphrase” field.
The “Proxy lifetime (hours)” field indicates how long this proxy
certificate will be valid; the default value is 8 hours, but you may change this
number. When the proxy life time
expires, you will be prompted for your password again. After specifying the validity of the
proxy, click “Ok.”
Figure 8 Creating
a grid proxy
2.3 Viewing a Profile
Right click on the participant or node you want to
see profile information about, and select “View
Profile….” as shown in Figure 9.
Figure 9 View
Profile
2.4 Changing Your Profile
From the menu, choose “Preferences-Edit Profile…” as shown
in Figure 10. When the Profile Dialog appears, edit the
appropriate fields, and then click “Ok.”
Figure 10 Edit
your profile from the menu
2.5 Writing Text Message
Enter text in the Message Field, and click
“Display.” The text will show up in
the Text Field for all participants in the venue; see Figure
11.
Figure 11 Text
chat
2.6 My Venues
In the “My Venues” menu option, you can add a list of
venue names that, when clicked on, fills in the Address Bar with correct venue
address. This functionality is
available to avoid you having to remember and type long addresses for venues you
are visiting frequently, much like the “bookmark” feature in most Web
browsers.
2.6.1 Adding a Venue to My Venues
First, go to the menu and click on “My Venues-Add
Current Venue.” The dialog in
Figure 12 opens with the current venue’s name filled in automatically. You can change the name to whatever you
want and then click “Ok.” The name will be added to the list found
under the “My Venues” menu option.
When you select a name in the list, you will automatically connect to
that venue.
Figure 12 Associate
a venue address with a name
2.6.2 Removing Venue from My
Venues
Go to “My Venues - Edit” in
the menu bar, and right click the venue you want to delete. Select “Remove Venue” and then
“Ok.”
2.6.3 Rename Venue in My
Venues
Go to “My Venues - Edit” in the menu bar, and right
click the venue you want to rename.
Select “Rename,” fill in the new
name, then press “Ok.”
2.7 Navigating
To the
left side of the Venue
Client is the Exits Panel, containing a list of names of other venues. If you place the mouse over one of the
exits, the description of the venue shows up as a tool tip. You can see the description of the Test
Room in Figure 13. If you click the
left mouse button on one of the exits, you will leave the venue you are
currently connected to and enter the other venue.
Figure 13 Navigating
2.8 Sharing Data
The Venue Client allows you to share data among users
of the venue. Files can either
belong to the venue or be user specific.
The user may carry around personal data when walking between venues. Files belonging to a participant or node
will therefore stay in the venue for as long as its owner is present. Venue data, however, always stays in the
venue until deleted. Personal user data is placed under the participant or node
that owns the file, while venue data is found under the “Data” heading in the
Contents Panel. “VenueClient.py”, in
Figure 14, is one example of a personal file belonging to “Ivan’s Office”, and
“hallo.txt” is owned by the venue.
Figure 14 Venue and personal data as
displayed in the Venue Client
2.8.1 Adding Venue Data
Right click on the “Data” heading, and choose the
option “Add….” Or, from the menu,
go to “Venue-Add Data….” A file browse dialog will show up from which you can
pick the file you wish to add to the venue. Then press the “Ok” button.
2.8.2 Adding Personal Data
Right click on your profile under the “Participant”
heading, and choose the option “Add Personal Data”. A file browse dialog will show up from
which you can pick the file you wish to add to your personal files. Click the “Ok” button. Observe that personal data will be shown
under your profile and not under the “Data” heading, illustrated in Figure
14.
2.8.3 Deleting Data
Right click on the data item, personal or venue
specific, and choose “Delete.” A
dialog will ask whether you really want to
remove the selected data. Click
“Ok” to confirm.
2.8.4 Opening Data
Right click on the data item and choose “Open….” If the file type is associated
with an application, the data will be
opened directly using that program. Otherwise you will be prompted for a
program to associate with and handle the file.
2.8.5 Viewing Data Properties
Right click on the data item, and choose
“Properties….” A dialog will be opened showing the file name, the distinguished
name of its owner, and file size.
2.9 Sharing Applications
2.9.1 Joining Application
To join an application, right click on the
application you wish to use,
and select “Join.”
2.9.2 Deleting Application
To delete an application, right click on the
application you wish to remove, and select
“Delete.” A dialog will
appear to check that you really want to
delete the service. Click “Ok” to
confirm.
2.10 Sharing Services
2.10.1 Adding Service
Before adding a service to the venue, you need to
know the address where the service is located and what MIME type to associate
with the service. The MIME type
helps the Venue Client to identify what type of service is being added and how
to handle it. When you have
gathered this information, right click on the “Service” heading and click
“Add…,” or from the main
menu choose “Venue-Add Service….” In the dialog,
enter name, URL address, MIME type, and the description you want to associate
with the service. Then click
“Ok.”
2.10.2 Opening Service
To open a service, right click on the service you
wish to use, and select “Open.”
2.10.3 Deleting Service
To delete a service, right click on the service you
wish to remove, and select “Delete.”
A dialog will appear to check that you really want to
delete the service. Click “Ok” to
confirm.
2.10.4 Viewing Service
Properties
To view service properties, right click on the
service item and choose
“Properties….” A dialog will be
opened showing the name, URL address, MIME type, and the description associate
with the selected service.
2.11 Managing Certificates
2.11.1 View Trusted CA Certificate
The certificates used by all participants in the
venue are issued from a trusted certificate authority. To find out what certificates are being
accepted by your Venue Client, select from the main menu, “Preferences-Manage
Certificates-View Trusted CA Certificates….” The dialog in Figure 15 will
appear. If you select one of the
certificate authorities shown in the list you can see its information displayed
below.
Figure 15
Authorities currently trusted by this Venue Client
2.11.2 View Identity Certificates
If you want to know details about the certificates
you are using, go to “Preferences-Manage Certificates-View Identity
Certificates…” in the main menu.
The dialog in Figure 16 will then show you a list of all your
certificates. If you select an
identity from the list, its information will be displayed
below.
Figure 16
Your certificates
2.12 Managing Your
Node
A node consists of a node service, one or more
service managers, and one or more services. One example of a node configuration,
pictured in Figure 17, uses three machines; one for video creation, one for
video display and one responsible for audio. The services, in this case, are used to
produce and receive audio and video. Each machine runs a service manager
communicating with services on that specific machine. The service managers are controlled by
the node service, which can run on any machine. Default services used by the Venue
Client are VIC for video and RAT for audio.
2.1 Start Service
Manager
If you want to start a
service manager, run AGServiceManager.py.
2.2 Start Node
Service
If you want to start a node
service, run AGNodeService.py.
2.12.3 Open Node Management
The Venue Client allows you to set up and configure
the resources available in your node layout. Go to the main menu and click on “My
Node-Manage…”; and the Node Management Window will
open. To the left side of the
window you can see a list of Service Managers. A Service Manager is responsible for
managing different services present in your specific node. In Figure 18, the Service Manager is
running on “zuz-10.mcs.anl.gov” using port 12000. To the right side of the Node Management
window, you can see a list of services corresponding to the selected item in the
Service Manager list. The selected
Service Manager is controlling one audio service responsible for sending and
receiving voice communication.
Figure 18 Node
Management
2.12.4 Adding a Service Manager
If you want to add a new Service Manager, go to the
main menu and select “ServiceManager-Add…,”
or right click on the Service Manager and select “Add….” Enter the computer in which the service
manager is running and the port it is using. When you are finished, click “Ok.” If the service manager is located on
your local computer, it is sufficient to enter localhost as “Hostname”; see Figure 19.
Figure 19 Add Service Manager
2.12.5 Removing a Service Manager
Select the Service Manager to remove, then click
“ServiceManager-Remove” in the main menu, or right
click the Service Manager and select “Remove.” The Service Manager should disappear
from the list.
2.12.6 Adding a Service
Select the Service Manager you wish to add a service
to, select from the menu “Service-Add…” or right click on a Service Manager and
click “Add….” A window containing a
list of all available services will be displayed. Select the service to
add; then click “Ok.”
In Figure 20 you can see three existing services to use for voice and
video communication available for Service Manager zuz-10.mcs.anl.gov:12000.
Figure 20 Adding a Service
2.12.7 Enabling or Disabling a Service
Select the service you wish to start or stop from the
list of services. Go to the main menu and select
“Services-Enable” or
“Services-Disable,” or right click on the service
and select “Enable” or “Disable.” You
should now see the status field for the service you selected change accordingly
in the list.
2.12.8 Removing a Service
Select the service you wish to delete from the list
of services, and choose from the main menu “Service-Remove” or right click the
service and select “Remove.”
2.12.9 Change Service Configuration
Select the service you want to change, and choose
from the main menu “Service-Configure….”
2.12.10 Attach to
Node
You can connect to a node
service running on any machine by selecting from the main menu “File-Attach to
Node”. Give the host and port
information where the node service is running.
2.12.11 Loading a
Configuration
An existing Service Manager configuration can be
loaded with all services added automatically. From the main menu select “File-Load
Configuration…”, and select the desired configuration from the list of
names. Then click “Ok.”
2.12.12 Saving a
Configuration
If you know you will use your Service Manager
configuration several times, it is a good idea to store the configuration. You can then simply load the
configuration when you want to use it, instead of adding the same services all
over again. In the main menu, go to
“File-Save Configuration…,” specify the name you want the configuration to be
associated with, then click “Ok”.
3.0 About Certificates
3.1 What Is a Certificate?
Every user and service in the Access Grid is required
to have a valid identity certificate issued by a trusted certificate authority.
Certificates are a form of electronic identification that is superior to the
well-known and
widely used password strategy. This
form of authentication aims to reduce the many problems seen with
passwords, such as poorly
chosen, forgotten, or insecurely stored passwords, in order to enable a reliable
environment for collaboration. The
certificate authority is responsible for giving you a certificate; thus make
sure you really are who you say you are.
3.2 Why use
Certificates?
A certificate is basically used to assure your
security when connected to the Access Grid. The following are examples of security
provided in the certificate mechanism:
1. Deal with authentication during log in procedures
to identify who you are.
2. Authorize what resources people are allowed and
have permission to access.
3. Preserve confidentiality by just showing given
individuals’ resources and information they
are supposed to see, secure transactions, and so
forth.
4. Take care of users’ integrity; for example, back
up resources when something unexpected happens.
For more information about security through
certificates, read http://www.globus.org/security/.
3.3 Distinguished
Name
A distinguished name (DN) is a globally unique
identifier that represents the user as an individual. In the Access Grid, DNs are constructed from entity name and domain information.
The following is an example of a distinguished name "/O=Grid/O=Globus/OU=mcs.anl.gov/CN=John Doe.” On Windows you can find your
distinguished name in the usercert.pem file, created
when you requested your certificate, found in C:\Documents and Settings\<your
user name>\Application Data\globus\usercert.pem.
Linux users can run grid-cert-info –subject.
3.4 Grid Proxy
You are not actually using your certificate for authentication. Rather you have to create a grid proxy certificate, which is used for authentication without requiring you to enter your pass phrase. Once you have initiated the proxy with your password you will not have to enter it again until the proxy is invalid. However, longer validity means less security.