Configuring XCOMPUTE#
Required Reading!#
Anyone who administers or uses XCOMPUTE is required to register with a valid email address.
XCOMPUTE is a server-client network. As most engineering professionals must control who can access/edit their work, we must enforce proper identification and authentication to yield a functional and secure networked platform.
Essentials#
XC requires users and host admins obtain credentials to access the xcompute network:
$email : human account identifier
$fingerprint : license identifier
Don’t worry about the following parts, just know what’s happening:
XC generates a cryptographic key and periodic certificates associated with each fingerprint:
$fingerprint.key : digital license private key (permanent)
$fingerprint.crt : semi-public certificate (transient)
Keys and certs are managed automatically by xcompute, so you don’t have to worry about them (but keep them safe!).
If reinstalling your OS or moving your license to another computer, you can either move or delete your key(s), but you’ll need to contact XC via your email including your fingerprint to unassign your mash (so it can be auto re-assigned and certificate signing can resume).
Each computer (hardware + OS) produces an quasi-unique machine identifier hash (aka mash), adding protection against impersonation attacks in the event of leaked credentials. The mash can be checked: ./xcompute-server --mash or ./xcompute-client --mash.
Generally the less information you share, the more secure you will be. We’ve made this as simple and secure as possible; all you have to do is copy your email address and fingerprint in for the first time (and press save).
Setup#
1. Receive an email with your fingerprint.#
Note the license type.
2. Install the software package.#
Ensure it matches the license type.
3. Add your fingerprint to the config.#
For XCOMPUTE-CLIENT, fill out your credentials in the login screen, or manually assign them in the config file client.cfg, then click Save:
user=YOUR_EMAIL
fingerprint=YOUR_XCCLIENT_FINGERPRINT
For XCOMPUTE-SERVER, the config file server.cfg must be edited (e.g. vi server.cfg):
admin=YOUR_EMAIL
fingerprint=YOUR_XCSERVER_FINGERPRINT
4. Set recommended entries in client.cfg or server.cfg:#
input=/path/to/project
output=/path/to/project
Note: Usually, input and output paths are the same (e.g. /path/to/project); a fast SSD mount point is recommended (e.g. /mnt/FAST).
Other important *.cfg files present include compute.cfg and interface.cfg; feel free to customized these key-value entries as desired.
5. Launch the xcompute application or service.#
If installed, XCOMPUTE-CLIENT should be able to be run from the desktop launcher menu.
The XCOMPUTE-SERVER service can be run in user space via ./xcompute-server or by starting a systemd service:
sudo systemctl start xcompute
Authentication#
The client.cfg or server.cfg file will be loaded to obtain the email and fingerprint. This and the runtime mash are used to request the one-time generated private key from Xplicit Computing HQ using an HTTPS/PHP request via cURL. These credentials are subsequently used to request associated signed certificates with the proper embedded information and effective dates. Upon launch, xcompute checks for a valid key and certificate to identify and validate connections.
Certificates are designed to expire after a month; xcompute will automatically request a renewal from the keyserver as needed. You will periodically receive an email notifying you of this renewal. You don’t need to do anything.
Network Encryption#
Our existing key-cert framework has all the ingredients to establish a TLS/AES connection over WAN. However, while xcompute is in beta this feature is in testing and is not enabled.