Skip to content. | Skip to navigation

Personal tools


You are here: Home / Wiki / Glossary


Glossary of Terms

Glossary of Terms

This glossary is derived largely from the Slice-Based Facility Architecture.


From a researcher's perspective, a slice is a substrate-wide network of computing and communication resources capable of running an experiment or a wide-area network service. From an operator's perspective, slices are the primary abstraction for accounting and accountability; resources are acquired and consumed by slices, and external program behavior is traceable to a slice, respectively.

A slice is defined by a set of slivers spanning a set of network components, plus an associated set of users that are allowed to access those slivers for the purpose of running an experiment on the substrate. That is, a slice has a name, which is bound to a set of users associated with the slice and a (possibly empty) set of slivers.

A slice has to be registered and bound to a set of users before it can be instantiated, and it must be instantiated before being it can run code or be accessed by a user.

Slices are registered in the context of a slice authority; a principal that takes responsibility for the behavior of the slice. A slice is registered only once, but the set of users bound to it can change over time. A slice registration has a finite lifetime; the responsible slice authority must refresh this registration periodically.

Slice Authority

A slice authority (SA) is responsible for the behavior of a set of slices, vouching for the researchers running experiments in each slice and taking appropriate action should the slice misbehave. In ProtoGeni, the local Emulab installation serves as the slice authority, granting registered Emulab users permission to create slices.


Components are the primary building block. For example, a component might correspond to an edge computer, a customizable router, or a programmable access point.

A component encapsulates a collection of resources, including physical resources (e.g., CPU, memory, disk, bandwidth) logical resources (e.g., file descriptors, port numbers), and synthetic resources (e.g., packet forwarding fast paths). These resources can be contained in a single physical device or distributed across a set of devices, depending on the nature of the component. A given resource can belong to at most one component.

Component Manager

Each component is controlled via a component manager (CM), which exports a well-defined, remotely accessible interface. The component manager defines the operations available to user-level services to manage the allocation of component resources to different users and their experiments. Typically, a component's CM runs on the component itself, although a remote proxy CM can control components that are unable to host a CM.

In ProtoGeni, the Component Manager runs on boss, and is responsible for all of the resources (nodes, switches) within the local Emulab. For this reason, it is referred to as an aggregate component manager.


A sliver is a portion of a component that has been granted to a user (in the context of a slice). A sliver can be viewed as a resource container.

A sliver that includes resources capable of loading and executing user-provided programs can also be viewed as supporting an execution environment. Slivers that support such execution environments are said to be active slivers. Other (non-active) slivers might correspond to communication resources; e.g., a tunnel, VLAN, or a circuit.


A resource specification (RSpec) describes a component in terms of the resources it possesses and constraints and dependencies on the allocation of those resources.

ProtoGeni defines it own RSpec.


A credential carries the rights issued to a particular principal. For example, a user might be granted credentials that allow it to register a slice name, or to instantiate a slice in a set of willing components for the period of time.

A credential includes the following fields:

  1. the target of the credential,
  2. the owner of the credential (who it was issued to),
  3. a set of privileges,
  4. an expiration time,
  5. a serial number and a type.

A credential is signed by the responsible authority, and similarly re-signed when delegated.


A ticket is a type of credential. A component signs an RSpec to produce a ticket, indicating a promise by the component to bind resources to the ticket-holder. Such tickets are issued by a component, and later redeemedto acquire resources on the component.

In ProtoGeni, a ticket and a credential use the same structure. While a credential includes a set of privileges, a ticket includes an RSpec. Otherwise they are the same; the ticket is bound to the user, and the target of the ticket is the component which signed it (holds the resources).