The
Access Grid is an Internet-based model
for video conferencing that focuses on group-to-group communication, using an
ensemble of resources including multimedia large-format displays, presentation
and interactive environments, and interfaces to Grid middleware and
visualization environments. For
instance, the Access Grid is used for large-scale distributed meetings,
collaborative work sessions, seminars, lectures, tutorials, and training. Even though the Access Grid is concentrated
on group interactions, it also provides an access point for individual desktop
users, permitting one-to-many or one-to-one communication.
The
virtual meeting space, where people come together to collaborate in the Access
Grid, is called a Virtual Venue. If authorized, the Venue provides users with
all the necessary information needed to communicate with each other, including
audio and video streams, user capabilities, data, services, applications, and
connections to other venues.
Users
connect to a Virtual Venue from their particular environment, identified as a node, which contains collaborative
resources needed to provide high-quality user experiences. Access Grid users are given the ability to
configure nodes according to their own preference. Examples of node
configurations are a desktop using a Quick Camera or an entire room with
several microphones, cameras, and advanced display environments. Figure 1 shows one of several nodes available
at Argonne National Laboratory.
Figure 1 A Node at
The
Venue Client, in Figure 2, is used to connect and participate in an Access Grid
Virtual Venue. It displays the contents
of the Virtual Venue, connections to other venues, and an interface to
configure your node arrangement. The
description below explains the different components that represent the Venue
Client.
Figure 2 Venue Client
The
Address Bar is used to connect to a
venue. You are allowed to enter two different types of addresses in the address
bar, either the default venue on a venue server
(https://host:port/Venues/default) or the actual address of a specific venue
(https://host:port/Venues/unique id).
For instance, you can in Figure 2 see the Venue Client connected to
default venue on a venue server running on host “vv2.mcs.anl.gov” using port
9000. After writing the address in the
address bar, click the “Go” button to connect to the venue.
The
Title Bar includes the name of the
venue you are currently connected to.
The
Contents Panel displays participants of the venue, present data,
applications, and services available to share.
Users can join the venue either as a single participant or as a
node. A node is a group of people taking
part in the venue together in which all of the participants are sharing the
same collaborative capabilities, for example, watching the venue projected on a
white screen with cameras placed strategically around the room.
The
Exits Panel shows other venues linked to this venue, connected through
exits, enabling users to travel through the venue space. Next to the door icon you can see the name of
the connected venue. The venue description
is displayed as a tool tip that shows up if the mouse is held over the exit.
All
venue participants and nodes will receive the text available in the Text Field.
You
can write a short message in the Message
Field and display the text by clicking on the “Display”
button.
This
section describes how to use the Venue Client.
The discussion begins with basics such as setting up certificates and
gradually covers such complex issues as managing a node.
To
connect to a venue you have to have a valid grid identity certificate (for more
information about certificates, see Section 3.1). You
have to request and configure your certificate only once; the same
certificate can then be used for all future Access Grid interactions. Also, you are allowed to user the same
certificate on several machines; so if you already have a certificate, you can
simply export your certificate files over to the other machines.
Figure 3 Certificate Request Wizard; Step 1
Figure 4 Certificate Request Wizard; Step 2
Figure 5 Certificate Request Wizard; Step 3
If
this is the first time you are using the Venue Client, a profile dialog will
appear, and you should enter your information, which will be used to represent
you in venues (see Figure 6). You are
required at least to fill in your name, but it is helpful if you enter as much
information as possible. Keep in mind
that you can change the profile at any time (see “Changing your Profile,”
Section 2.4). When you are present in a
venue, your profile information will be made available for every participant in
that venue (read “View Profile,” Section 2.3)
Figure 6 Profile Dialog
Note:
Location: Your physical location, for instance, Argonne
National Laboratory.
Support Information: Information on how to contact the responsible
person for this node. For
example, support@mcs.anl.gov.
Home Venue: This address will show up in the Address Bar when you start the Venue
Client.
Profile Type: A user is a single participant maybe connected via laptop. A node represents a group of people using the
same collaborative environment
Enter
the venue address in the Address Bar,
and then click Go to enter the
venue. Apart from venue addresses (https://<host>:<port>/<unique id>) you can
enter the address of the default venue on a venue server
(https://<host>:<port>/Venues/default), as shown in Figure 7.
Figure 7 Using the Address Bar to
connect to a venue
In
order to successfully connect to the venue server, you have to have a valid
grid proxy certificate (for more information, read Section 3.1). If such a certificate is missing, the dialog
in Figure 8 will enable you to create a proxy.
Fill in the password you chose when you initially requested your
certificate in the Pass phrase
field. You can set details of this grid
proxy by clicking the Proxy Details…
button. The “Proxy lifetime (hours)”
field indicates how long this proxy certificate will be valid; the default
value is 8 hours, but you may change this number. When the proxy life time expires, you will be
prompted for your password again. After
specifying the validity of the proxy, click “Ok.”
Figure 8 Creating
a grid proxy
Right
click on the participant or node you want to see profile information about, and
select View Profile…, as shown in
Figure 9.
Figure 9 View Profile
From
the menu, choose Preferences - Edit
Profile… as shown in Figure 10. When
the Profile Dialog appears, edit the appropriate fields, and then click Ok.
Figure 10 Edit
your profile from the menu
Enter
text in the Message Field, and click
Display. The text will show up in
the Text Field for all participants
in the venue; see Figure 11.
Figure 11 Text chat
To save text that has been
posted in the Text Field go to the Venue menu and select Save Text. In the dialog, enter the file location where
you want to save the text and click OK.
The
My Venues menu option helps you to
save and get easy access to Venues you are visiting often. You can set and go to your home venue and you
can also add a list of venue names that, when clicked on, connects to
associated venue. This functionality is
available to avoid you having to remember and type long addresses for venues
you are visiting frequently, much like the “bookmark” feature in most Web
browsers.
The
address to your home venue will always appear in the Address Bar when you first start the Venue Client. You can change this setting by selecting Set as Home Venue from the My Venues menu, the venue you are
currently connected to will then be your home venue. You can also change your home venue from your
profile; see Changing your Profile in section 2.4.
To connect to your home venue,
select Go to Home Venue from the My Venues menu.
First,
go to the menu and click on My Venues -
Add Current Venue. The dialog in
Figure 12 opens with the current venue’s name filled in automatically. You can change the name to whatever you want
and then click Ok. The name will be added to the list found
under the My Venues menu
option. When you select a name in the
list the Venue Client will try to connect to the associated venue.
Figure 12 Associate a venue address with a name
Go to My Venues - Edit in the menu bar, and right click the venue you
want to delete. Select Remove Venue and then Ok.
Go
to My Venues - Edit in the menu bar,
and right click the venue you want to rename.
Select Rename, fill in the
new name, and then press Ok.
To
the left side of the Venue Client is the Exits Panel, containing a list of
names of other venues. If you place the mouse
over one of the exits, the description of the venue shows up as a tool
tip. You can see the description of the
Test Room in Figure 13. If you click the
left mouse button on one of the exits, you will leave the venue you are
currently connected to and enter the other venue.
Figure 13 Navigating
The
Venue Client allows you to share data among users of the venue. Files can either belong to the venue or be
user specific. The user may carry around
personal data when walking between venues.
Files belonging to a participant or node will therefore stay in the
venue for as long as its owner is present.
Venue data, however, always stays in the venue until deleted. Personal
user data is placed under the participant or node that owns the file, while
venue data is found under the “Data” heading in the Contents Panel. VenueClient.py,
in Figure 14, is one example of a personal file belonging to Ivan’s Office, and hallo.txt is owned by the venue.
Figure 14 Venue and personal data as displayed in the Venue Client
Right
click on the Data heading, and
choose Add…. Or, from the menu, go
to Venue-Add Data…. A file browse
dialog will show up from which you can pick the file you wish to add to the
venue. Then press the Ok button.
Right
click on your profile under the Participant
heading, and choose the option Add
Personal Data. A file browse dialog
will show up from which you can pick the file you wish to add to your personal
files. Click the Ok button. Observe that
personal data will be shown under your profile and not under the Data heading, illustrated in Figure
14.
Right
click on the data item, personal or venue specific, and choose Delete. A dialog will ask whether you
really want to remove the selected data.
Click Ok to confirm.
Right
click on the data item and choose Open…. If the file type is associated with an
application, the data will be opened directly using that program. Otherwise you will be prompted for a program
to associate with and handle the file.
Right
click on the data item, and choose Properties….
A dialog will be opened showing the file name, the distinguished name of its
owner, and file size.
A
very useful feature in the Access Grid is the possibility to share applications
among several participants. The software includes several applications that get
installed along with the toolkit, such as the Shared Browser for viewing the
Web together and the Shared Presentation for power point presentations. However, the Access Grid is not limited to
pre-installed applications. Developers may create and plug in custom applications
that can be made available for venue participants.
Installed
applications for your Venue Client are listed under Start Application Session in the Venue menu, see Figure 15.
To start a session, select an application from the list. Give the session a name and a short
description before adding it to the Venue.
The newly created session is listed under the Application Sessions heading in the Venue Client.
Figure 15 Shared Application Sessions.
To
join an application session, right click the correct name under the Application Sessions heading and select
Open, as shown in Figure 16. The
appropriate application will then launch and display current session status.
Figure 16 the Application Session Menu
To
stop an application session, right click the correct name under the Application Sessions heading, and
select Delete, as shown in Figure
16. A dialog will appear to check that
you really want to delete the session.
Click Ok to confirm.
Right
click on the session you wish to authorize and select Manage Roles… A frame will display current authorization setting
for this application session. The
session has a set of Roles that
identifies different authorization privileges for groups of participants. The authorization privileges are identified
as Actions. When selecting a role
from the left panel, you can see which actions are enabled for that role in the
right action panel. When expanding a
role, participants that are included in this role are shown. A participant may
be added to several roles and are allowed to perform all actions for that set
of roles. You may add/remove roles, add/remove participants to different roles,
and add/remove actions to roles.
If you want to view who are
currently participating in an application session, you may right click the
application session and select Open
Application Monitor…. In addition
to participants, the monitor displays events occurring in the session and data
being exchanged among participants as shown in Figure 17.
Figure 17 Application Monitor
To
view session properties, right click on the application session and choose Properties…. A dialog will be opened showing the name, URL
address, MIME type, and the description associate with the selected session.
Before
adding a service to the venue, you need to know the address where the service
is located and what MIME type to associate with the service. The MIME type helps the Venue Client to
identify what type of service is being added and how to handle it. When you have gathered this information,
right click on the Service heading
and click Add…, or from the main
menu choose Venue-Add Service…. In
the dialog, enter name, URL address, MIME type, and the description you want to
associate with the service. Then click Ok. Figure 18 shows you an example of how to add a
service that points to a Web Site.
Figure 18 Add Service Dialog
To
open a service, right click on the service you wish to use, and select Open.
To
delete a service, right click on the service you wish to remove, and select Delete.
A dialog will appear to check that you really want to delete the service. Click “Ok” to confirm.
2.11.4 Viewing Service Properties
To
view service properties, right click on the service item and choose Properties…. A dialog will be opened showing the name, URL
address, MIME type, and the description associate with the selected service.
Every
user and service connected to the Access Grid is required to have a valid
certificate issued by a trusted certificate authority. Certificates are a form
of electronic identification that is superior to the well-known and widely used
password strategy. This form of
authentication aims to reduce the many problems seen with passwords, such as
poorly chosen, forgotten, or insecurely stored passwords, in order to enable a
reliable environment for collaboration.
The certificate authority is responsible for giving you a certificate;
thus make sure you really are who you say you are.
The
most common certificate is the Identity
Certificate. It is used to verify that a person is who they say they are
when connected to the Access Grid.
However, if you are going to run a venue server, or any kind of service,
you should use a Service Certificate. The
service certificate does not require a pass phrase and allows the server to
stay up and running for longer periods of time.
If
you want to know which certificates you have installed, select Preferences - Manage Certificates –
Certificate Manager… from the
main menu. The Certificates tab in Figure 19 shows all your certificates. If you want to see more details about a
certificate, for instance validity, select it from the list and click the View certificate button to the right.
Figure 19 Certificate Manager - Certificates
If
you have a certificate you want to use with the Venue Client, you can import it
from Preferences – Manage Certificates –
Certificate Manager… menu. In the Certificates tab in Figure 19, click
the Import button to the right. The
file browse dialog that opens will let you specify location of the certificate
file (usercert.pem) and the certificate key file (userkey.pem).
If you need to use your
certificate on a different machine you can chose to export it to a file. In the main menu select Preferences – Manage Certificates – Certificate Manager…. Choose a certificate from the Certificates tab in Figure 19 and then
click the Export button. Enter the name of the file you want your
certificate to be saved to and click Export
Certificate.
From the main menu, select Preferences – Manage Certificates –
Certificate Manager…. Choose a certificate from the Certificates tab in Figure 19 and then click the Delete button. A dialog will confirm that you really want to
remove selected certificate, click Ok.
Your default certificate
will automatically be used when you run the Venue Client and the pass phrase
entered when creating a proxy have to be associated with that certificate. If you want to change default certificate,
from the main menu, select Preferences –
Manage Certificates – Certificate Manager…. Choose a certificate from the Certificates tab in Figure 19 and then
click the Set as default
button. You can determine which
certificate is default by looking at the Validity
field in the header of the certificate list; it should be marked with a Y.
The identity certificate in Figure X is the default certificate for the
client.
You are not
actually using your certificate for authentication. Rather you have to create a grid proxy
certificate, which is used for authentication without requiring you to enter
your pass phrase. Once you have
initiated the proxy with your pass phrase you will not have to enter it again
until the proxy is invalid. However,
longer validity means less security.
To view
proxies currently running, select Preferences
– Manage Certificates – Certificate Manager… from the main menu. The Globus proxies tab in Figure 20 shows a list
of proxies and their information, including certificate authority that issued
the certificate and how long the proxy is valid. If you want more details,
select a proxy from the list and click the View
proxy button.
Figure 20 Certificate Manager - Proxies
Select Preferences – Manage Certificates –
Certificate Manager… from the main menu. Choose a proxy from the list in
the Globus proxies tab in Figure 20 and click the
Destroy button. A dialog will confirm that you really want to
remove selected proxy, click Ok.
The
certificates used by all participants in the venue are issued from a trusted certificate
authority. To find out which
certificates are accepted by your Venue Client, select from the main menu, Preferences - Manage Certificates -
Certificate Manager…. The Trusted CA
Certificates tab lists acknowledged certificate authorities and their
validity. To view more details about a certificate
authority, select it from the list and click the View certificate button.
A
node consists of a node service, one or more service managers, and one or more
services. One example of a node configuration,
pictured in Figure 21, uses three machines; one for video creation, one for
video display and one responsible for audio.
The services, in this case, are used to produce and receive audio and
video. Each machine runs a service manager
communicating with services on that specific machine. The service managers are controlled by the
node service, which can run on any machine.
Default services used by the Venue Client are VIC for video and RAT for
audio.
Figure 21 Example of an Access Grid node layout
If you want to start a
service manager, run AGServiceManager.py.
If you want to start a node service, run AGNodeService.py.
The
Venue Client allows you to set up and configure the resources available in your
node layout. Go to the main menu and
click on My Node-Manage…; and the
Node Management Window will open. To the
left side of the window you can see a list of Service Managers. A Service Manager is responsible for managing
different services present in your specific node. In Figure 22, the Service Manager is running
on zuz-10.mcs.anl.gov using port 12000.
To the right side of the Node Management window, you can see a list of
services corresponding to the selected item in the Service Manager list. The selected Service Manager is controlling
one audio service responsible for sending and receiving voice communication.
Figure 22 Node Management
If
you want to add a new Service Manager, go to the main menu and select ServiceManager - Add…, or right click
on the Service Manager and select Add…. Enter the computer in which the service
manager is running and the port it is using.
When you are finished, click Ok. If the service manager is located on your
local computer, it is sufficient to enter localhost as Hostname; see Figure 23.
Figure 23 Add Service Manager
Select
the Service Manager to remove, then click ServiceManager
- Remove in the main menu, or right click the Service Manager and select Remove. The Service Manager should
disappear from the list.
Select
the Service Manager you wish to add a service to, select from the menu Service-Add… or right click on a
Service Manager and click Add…. A window containing a list of all available
services will be displayed. Select the
service to add; then click Ok. In Figure 24 you can see three existing
services to use for voice and video communication available for Service Manager
zuz-10.mcs.anl.gov:12000.
Figure 24 Add Service
Select
the service you wish to start or stop from the list of services. Go to the main menu and select Services – Enable or Services-Disable, or right click on the
service and select Enable or Disable. You should now see the status field for the
service you selected change accordingly in the list.
Select
the service you wish to delete from the list of services, and choose from the
main menu Service - Remove or right
click the service and select Remove.
Select
the service you want to change, and choose from the main menu Service - Configure….
2.13.10 Attach to Node
You can connect to a node service running on any
machine by selecting from the main menu File-Attach to Node. Give the host and port information where the
node service is running.
2.13.11 Loading a Configuration
An
existing Service Manager configuration can be loaded with all services added
automatically. From the main menu select
File-Load Configuration…, and select
the desired configuration from the list of names. Then click Ok.
2.13.12 Saving a Configuration
If
you know you will use your Service Manager configuration several times, it is a
good idea to store the configuration.
You can then simply load the configuration when you want to use it,
instead of adding the same services all over again. In the main menu, go to File-Save Configuration…, specify the name you want the
configuration to be associated with, and then click Ok.
2.13.13
Using Unicast
If
you are having problems with multicast on you network, you have the opportunity
to use unicast until the problem is fixed. This will allow you to run the media tools
even though you are not multicast enabled.
From the Preferences Menu, in
the Venue Client, select Use Unicast. Please
note that not all venues are connected to a bridge server and will therefore
not be able to provide the unicast option.
2.13.14 Enable Video
The Venue Client provides a way to
quickly turn your video on and off. Go to the Preferences menu and
select Enable/Disable Video. If video is turned off, you will not send
or receive any video.
2.13.15 Enable Audio
The Venue Client provides a way to
quickly turn your audio on and off. Go to the Preferences menu and
select Enable/Disable Audio. If audio is turned off, you will not send
or receive any audio.
Access Grid venues has a
role-based security to establish an authorization policy, determining which
participants to let in and with what authority.
Administrators can decide who are allowed to perform different actions,
such as entering the venue, adding data, and so forth.
To
open the authorization frame, go to the Venue
menu and select Manage Roles…. The
frame in Figure 25 displays current authorization setting for the venue. The venue has a set of Roles that identifies different authorization privileges for groups
of participants. The authorization
privileges are identified as Actions.
When selecting a role from the left panel, you can see which actions are
enabled for that role in the right action panel. When expanding a role, participants included
in the role are shown. A participant may be added to several roles and are
allowed to perform all actions for that set of roles. You may add/remove roles,
add/remove participants to different roles, and add/remove actions to roles.
Figure 25 Authorization
In
order to improve the quality of the Access Grid software, users are encouraged
to submit bug reports when experiencing problems. Also, feature requests and
improvements are very welcome and can be submitted in the same fashion.
Ideally,
bug reports are entered manually at the Bugzilla Web
Site (http://bugzilla.mcs.anl.gov/).
In order to do so, you need to set up an account with a valid email address.
The Access Grid development team will then process the bug at earliest
convenience and comments will get sent to the reporter. This is the recommended way to file bugs
since they get organized into categories and reporters will receive and may
submit feedback regarding the bug.
If
you do not have time to register with Bugzilla, you
can file automatic bug reports using the Venue Client. In the Help menu select Submit Error Report of Feature Request. Though not necessary, you
may enter an email address where we can reach you if you are interested in
providing more information regarding the problem. The bugs will be submitted to
the Bugzilla system; however, the reporter will not
receive updates, entered in Bugzilla, about the bug.
Every
user and service in the Access Grid is required to have a valid identity certificate
issued by a trusted certificate authority. Certificates are a form of
electronic identification that is superior to the well-known and widely used
password strategy. This form of
authentication aims to reduce the many problems seen with passwords, such as
poorly chosen, forgotten, or insecurely stored passwords, in order to enable a
reliable environment for collaboration.
The certificate authority is responsible for giving you a certificate;
thus make sure you really are who you say you are.
A
certificate is basically used to assure your security when connected to the
Access Grid. The following are examples
of security provided in the certificate mechanism:
1.
Deal with authentication during log in procedures to identify who you are.
2.
Authorize what resources people are allowed and have permission to access.
3.
Preserve confidentiality by just showing given individuals’ resources and
information they are supposed to see, secure transactions, and so forth.
4.
Take care of users’ integrity; for example, back up resources when something
unexpected happens.
For
more information about security through certificates, read http://www.globus.org/security/.
A
distinguished name (DN) is a globally unique identifier that represents the
user as an individual. In the Access Grid, DNs are constructed from entity name
and domain information. The following is an example of a distinguished name
"/O=Grid/O=Globus/OU=mcs.anl.gov/CN=John Doe.” On Windows you can find your distinguished
name in the usercert.pem file, created when you requested your certificate,
found in C:\Documents and Settings\<your user name>\Application
Data\globus\usercert.pem. Linux users
can run grid-cert-info –subject.
You are not actually using your certificate for authentication. Rather you have to create a grid proxy certificate, which is used for authentication without requiring you to enter your pass phrase. Once you have initiated the proxy with your password you will not have to enter it again until the proxy is invalid. However, longer validity means less security.