Configuration

Configuration#

Summary for first-time users:

  • At login, copy/paste your email and fingerprint.

  • Press Save. Then Ok.

Setup#

1. Receive an email with your fingerprint or check your account profile.#

Log into your account profile to manage licenses. Note the license type and assignments.

2. Install the software package.#

Ensure it matches the license type:

3. Set your email and fingerprint in the config file#

For XCOMPUTE-CLIENT, fill out your credentials in the login screen, or manually assign them in the config file client.cfg, then click Save:

user=YOUR_EMAIL
fingerprint=YOUR_XCCLIENT_FINGERPRINT

For XCOMPUTE-SERVER, the config file server.cfg must be edited (e.g. vi server.cfg):

admin=YOUR_EMAIL
fingerprint=YOUR_XCSERVER_FINGERPRINT

5. Launch the xcompute application or service.#

If installed, XCOMPUTE-CLIENT should be able to be run from the desktop launcher menu.

The XCOMPUTE-SERVER service can be run in user space via ./xcompute-server or by starting a systemd service.

sudo systemctl start xcompute

If XCOMPUTE-SERVER is installed, the systemd service should launch automatically following boot. The service can be checked:

systemctl status xcompute

Credential Information#

Each project admin controls access of their project to the world; XCOMPUTE enforces identification and authentication, enabling peers to connect with confidence and control.

Issued credentials are required to access the xcompute network. Fingerprints for each user and admin are listed in their account profile. Following package download, a license and an associated fingerprint are generated, and upon use, mapped to a computer with X509 key-cert cryptography.

Three necessary pieces of information are:

$email          human identifier
$fingerprint    license identifier
$mash           machine identifier

Fingerprint#

Upon launching XCOMPUTE, a secure request is made to Xplicit Web Services (XWS) for a private key from a secure administrative machine on dedicated hardware. Using a complementary mechanism, certificates are issued every 31 days to renew the credentials and encryption:

$fingerprint.key : digital license private key (permanent)
$fingerprint.crt : semi-public certificate (transient)

Keys and certificates are auto-managed by XCOMPUTE; normally you don’t have to touch them.

Machine Id#

At runtime, each computer (hardware + OS) produces a machine identifier hash (aka mash). The mash can be checked like so: ./xcompute-server --mash or ./xcompute-client --mash.

Authentication#

The client.cfg / server.cfg file will be loaded to obtain the email and fingerprint. XCOMPUTE checks for a valid key and certificate to identify and validate connections. If it does not find a viable key/cert, it will attempt to request a new set from XWS using the fingerprint and mash as credentials.

Certificates are designed to expire after 31 days; your software will automatically request a renewal from XWS as needed and you will periodically receive an email notifying you of this renewal. You don’t need to do anything.

Network Encryption#

Our X509 infrastructure provides 4096-bit security over WAN by establishing an advanced encryption standard (AES/GCM) connection via SSL/TLS handshake. While encryption is enabled by default, it can be manually disabled by setting encrypt=false in client.cfg / server.cfg.

License Transfer#

If for some reason a mash changes, or you’d like to transfer the license to another computer, log into to your account profile and copy the fingerprint associated with the mash into the field under “Unassign Machine/License” and click UNASSIGN to free the license.

  • While fingerprints and keys can be transferred across machines, the associated certs must be regenerated and thus the above process must be followed.