Changes between Initial Version and Version 1 of DETERIntro


Ignore:
Timestamp:
Sep 25, 2015 1:36:20 PM (9 years ago)
Author:
cristina
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DETERIntro

    v1 v1  
     1[[TOC]]
     2
     3= Student Introduction to DETER =
     4
     5Contributors:
     6Peter A. H. Peterson, UCLA. pahp@cs.ucla.edu
     7David Morgan, USC. davidmor@usc.edu
     8
     9== What is DETER? ==
     10
     11[https://www.isi.deterlab.net/ The DETER testbed] is a security and [https://www.isi.deterlab.net/education.php education]-enhanced version of [http://www.emulab.net/ Emulab]. Funded by the [http://www.nsf.gov/ National Science Foundation] and the [http://www.dhs.gov/ Department of Homeland Security], DETER is hosted by [http://www.isi.edu/ USC/ISI] and [http://www.berkeley.edu/ UC Berkeley].
     12
     13     "USC/ISI’s DeterLab (cyber DEfense Technology Experimental Research Laboratory) is a state-of-the-art scientific computing facility for cyber-security researchers engaged in research, development, discovery, experimentation, and testing of innovative cyber-security technology. DeterLab is a shared testbed providing a platform for research in cyber security and serving a broad user community, including academia, industry, and government. To date, DeterLab-based projects have included behavior analysis and defensive technologies including DDoS attacks, worm and botnet attacks, encryption, pattern detection, and intrusion-tolerant storage protocols. \[[http://deter-project.org/about_deterlab 1]\]."
     14
     15DETER (like Emulab) offers user accounts with assorted permissions associated with different experiment groups. Each group can have its own preconfigured experimental environments running on Linux, BSD, Windows, or other operating systems. Users running DETER experiments have full control of real hardware and networks running preconfigured software packages. These features make it an ideal platform for computer science and especially computer security education. Many instructors have designed class exercises (homework assignments, project assignments, in-class demos, etc.) consisting of a lab manual, software, data, network configurations, and machines from DETER's pool. This allows each student to run her own experiments on dedicated hardware.
     16
     17== How does it work? ==
     18
     19The software running DETER will load operating system images (low level disk copies) onto to free nodes in the testbed, and then reconfigure programmable switches to create VLANs with the newly-imaged nodes connected according to the topology specified by the experiement creator. After the system is fully imaged and configured, DETER will execute specified scripts, unpack tarballs, and/or install rpm files according to the experiment's configuration. The end result is a live network of real machines, accessible via the Internet.
     20
     21== How do I get a DETER login? ==
     22
     231. Your instructor will request an account for you. Simply send your preferred email address to your instructor.
     242. Once the testbed ops set up your account, you will receive an email with your username and password at the address you supplied.
     253. Within one week, use those credentials to log in.
     264. Edit your profile as follows:
     27  a. Choose "Profile" tab
     28  b. Choose "Edit profile" menu option
     29  c. Replace any default contents in the 2 fields shown with your actual name and working phone number
     30  d. Change your password!
     31  e. Click "Submit"
     32
     33== Using DeterLab ==
     34
     35=== How do I start an exercise? ===
     36
     37Before you can perform the tasks described in your exercise assignment, you will, in many cases, need to create an experiment in DeterLab to work on. This will be your environment to use whenever you need it. To create a new experiment:
     38
     391. Log into DETER with your account.
     402. Under the "Experimentation" menu at the top of the page, click "Begin an Experiment".
     413. Select your Class Project name from the "Select Project" dropdown. (Throughout this document, we'll assume your class project name is YourProject)
     424. Leave the "Group" dropdown set to Default unless otherwise instructed.
     435. In the "Name" field, enter a name of the format ''username-exercisename''. (Example:'' jstudent-exploits'').
     446. Enter a brief description in the "Description" field.
     457. In the "Your NS File" field, follow the instructions in the "Setup" section of your exercise manual.
     468. Set the "Idle Swap" field to ''1 h''. Leave the rest of the settings for "Swapping," "Linktest Option," and "BatchMode" alone (unless otherwise instructed).
     479. If you would like to start your lab now, check the "Swap In Immediately" box and move to the next section. Otherwise, do not check this box.
     4810. Click "Submit"!
     49
     50=== How do I work on my exercise? ===
     51
     521. Log into DeterLab with your DeterLab account (or contact your instructor if you need an account).
     532. Click on the "My DeterLab" link on the left hand menu.
     543. In the "Current Experiments" table, click on the name of the experiment you want.
     554. Under the "Experiment Options" menu on the left margin, click "Swap Experiment In", then click "Confirm".
     565. The swap in process will take 5 to 10 minutes. While you're waiting, you can watch the swap in process displayed in your web browser. Or, you can watch your email box for a message letting you know that it has finished swapping in.
     576. When the experiment has finished swapping in, you can perform the tasks in your exercise manual.
     58
     59=== How do I access my experiment? ===
     60
     61Your experiment is made up of one or more machines on the internal DETER network, which is behind a firewall. To access your experimental nodes, you'll need to first ssh to {{{users.deterlab.net}}}. If you don't know how to use SSH, see our tutorial (TBD).
     62
     63{{{users.deterlab.net}}} (or {{{users}}} for short) is the "control server" for DETER. From {{{users}}} you can contact all your nodes, reboot them, connect to their serial ports, etc.
     64
     65Once you log in to {{{users}}}, you'll need to SSH again to your actual experimental nodes. Since your nodes' addresses may change every time you swap them in, it's best to SSH to the permanent network names of the nodes. Here's how to figure out what their names are:
     66
     67Once your experiment has swapped in:
     68Navigate to the experiment you just installed.
     69If you just swapped in your experiment, the quickest way to find your node names is to click on the experiment name in the table under "Swap Control." However, you can also get there by clicking "My DETERlab" under the "Experimentation" menu. Your experiment is listed as "active" in the "State" column. Click on the experiment's name in the "EID" column.
     70Once you can see your experiment's page, click on the "Details" tab in the main content panel. Your nodes' network names are listed under the heading "Qualified Name."
     71For example, node1.YourExperiment.YourProject.isi.deterlab.net.
     72You should familiarize yourself with the information available on this page, but for now we just need to know the long DNS qualified name(s) node(s) you just swapped in. If you are curious, you should also look at the "Settings" (generic info), "Visualization," and "NS File." (The topology mapplet may be disabled for some labs, so these last two may not be visible).
     73Now that you are logged in to {{{users.deterlab.net}}}, your nodes are swapped in, and you know their network name(s), you can ssh from {{{users}}} to your experimental nodes by executing: ssh node1.YourExperiment.YourProject.isi.deterlab.net. You will not need to re-authenticate.
     74You may need to wait a few more minutes. Once DETER is finished setting up the experiment, the nodes still need a minute or two to boot and complete their configuration. If you get a message about "server configuration" when you try to log in, wait a few minutes and try again.
     75If a lab instructs you to create new users on your experimental nodes, you can log in as them by running ssh newuser@node1.YourExperiment.YourProject.isi.deterlab.net or ssh newuser@localhost from the experimental node.
     76Congratulations! Your lab environment is now set up, and you can get to work at the tasks in your lab manual. Make sure you read Things to keep in mind section.
     77
     78 Some labs benefit from Port Forwarding. Port Forwarding is a technique that can allow you to access your experimental nodes directly from your desktop computer. This is especially useful for accessing web applications running on your experimental nodes. See our ssh tutorial for more information.
     79
     80Finally, when you are done working with your nodes, you should save your work and swap out the experiment so that someone else can use the physical machines.
     81
     82
     83Things to keep in mind
     84
     85Carefully read the evolving version of this document.
     86
     87Saving and securing your files on DETER
     88
     89Every user on DETER has a home directory on {{{users.deterlab.net}}} which is mounted via NFS (Network File System) to experimental nodes. This means that anything you place in your home directory on one experimental node (or the {{{users}}} machine) is visible in your home directory on your other experimental nodes. Your home directory is private, so you may save your work in that directory. However, everything else on experimental nodes is permanently lost when an experiment is swapped out.
     90
     91Make sure you save your work in your home directory before swapping out your experiment!
     92
     93Another place where to save your files would be {{{/proj/YourProject}}}. This directory is also NFS-mounted to all experimental nodes so same rules apply about writing to it a lot, as for your home directory. It is shared by all members of your project/class.
     94
     95Again, on DeterLab, files ARE NOT SAVED between swap-ins. Additionally, class experiments may be forcibly swapped out after a certain number of idle hours (or some maximum amount of time).
     96
     97You must manually save copies of any files you want to keep in your home directory. Any files left elsewhere on the experimental nodes will be erased and lost forever. This means that if you want to store progress for a lab and come back to it later, you will need to put it in your home directory before swapping out the experiment.
     98
     99
     100Swap out -- DON'T "terminate"!
     101
     102When you are done with your experiment for the time being, please make sure you save your work into an appropriate location and then swap out your experiment. To do this, use the "Swap Experiment Out" link in the "Experiment Options" panel. (This is the same place that used to have a "Swap Experiment In" link.) This allows the resources to be deallocated so that someone else can use them.
     103
     104 Do not use the potentially misleading "Terminate Experiment" link unless you are completely finished with your exercise. Termination will erase the experiment and you won't be able to swap it back in without recreating it.
     105
     106Swapping out is the equivalent of temporarily stopping the experiment and relinquishing the testbed resources. Swapping out is what you want to do when you're taking a break from the work, but coming back later. Terminating says "I won't need this experiment again, ever." This may be confusing, especially since "Swap Out" seems to imply that it saves your progress (it doesn't, as described above). Just remember to Swap In/Out, and never "Terminate" unless you're sure you're completely done with the experiment. If you do end up terminating an experiment, you can always go back and recreate it.
     107
     108
     109Submitting your work to your instructor
     110
     111Each exercise manual has a section entitled "Submission Instructions," and your instructor may have given you additional instructions for submission. Follow the instructions in that section, and submit your work to your instructor.
     112
     113Unless otherwise instructed, it's a good idea to include:
     114
     115Your name
     116Your preferred email address
     117Your student ID (if applicable)
     118Your DETER username
     119Your experiment's name (e.g., jstudent-exploits)
     120
     121Frequently Asked Questions
     122
     123Please check the following list of questions for answers. If you do not find an answer to your question here or elsewhere, please email your instructor or TA. Do not email testbed ops unless specifically instructed to do so by your instructor.
     124
     125Why can't I log in to DETER?
     126
     127DETER has an automatic blacklist mechanism. If you enter the wrong username and password combination too many times, your account will no longer be accessible from your current IP address. If you think that this has happened to you, you can try logging in from another address (if you know how), or you can email your instructor or TA and specify your IP address. They will relay the request to the testbed ops that this specific blacklist entry should be erased.
     128
     129If you have questions you think should be added to this FAQ, or other information you think should be added to this document, please contact us.