Key GENI Concepts

For a description of key GENI concepts, see GENI Concepts.


An aggregate is a software server that provides resources to clients based on the GENI aggregate manager API. Through that API an aggregate may advertise resources of different types (computation, storage, network) and accept requests for allocating these resources for a period of time. The aggregate may provide virtual ‘sliced’ or non-virtual ‘whole’ resources to customers. An aggregate generates custom private internal network topologies per request, and participates in a process for generating cross-aggregate custom private network topologies known as stitching.

Opt-in User

A person or organization that makes an explicit choice to participate in a GENI experiment. For example, a person may opt-in to an experiment by choosing to use a service offered by the experiment. A campus may opt-in to an experiment by making select campus network traffic available to the experiment. The experimenter is responsible for informing the opt-in user of any risks associated with participating in the experiment and the user must have to take an explicit action to participate. It must be easy for an opt-in user to terminate participation in an experiment.


A project organizes research in GENI, containing both people and their experiments. A project is led by a single responsible individual: the project lead. Many GENI experimenters may belong to a given project, and each GENI Experimenter may belong to multiple projects. Experimenters can create slices and perform experiments in the context of a project. A GENI slice belongs to a single project. Project names arepublicglobal and permanent; there can only ever be a single project with a given name, and that name is visible to all registered users.

People in a project have one of four roles:

  • Project Lead A principal investigator, professor or lead researcher that manages a set of experiments and associated research staff. The project lead is ultimately accountable for any operations taken on resources associated with slices of the given project. There is a single lead of a project. Leads and Admins have full control over the project. Leads and Admins can change slice membership, others cannot. Based on current GENI policy, only faculty and senior members of an organization can be project leads (i.e. students can not be project leads). In a classroom setting, The Project Lead would be the Professor of the class.
  • Project Admin Has the same permissions as the Project Lead. However, unlike the Lead, there can be many Admins. In a classroom setting, Teaching Assistants would likely be Admins.
  • Project Member Has read-only permissions on a Project. They can view project meta-data (eg name and expiration) and see who is in a project. But unlike Auditors, they can create Slices.
  • Project Auditor Has read-only permissions on Projects. They can view project meta-data (eg name and expiration) and see who is in a project.

An example of a project


Slices and slivers are created with a particular expiration time, which is aggregate-specific. An experimenter may request that the expiration time be extended by a renewal request. Once the expiration time of a given slice or sliver has passed, however, these elements can no longer be renewed and may be reclaimed by GENI.


Resources in GENI are described in XML files called Resource Specifications (RSpecs). Aggregate resource listings (advertisements), reservation requests, and manifests of resources you have reserved are all represented as RSpecs.


A slice is the context for a particular set of experiments, and contains reserved resources and the set of GENI users who are entitled to act on those resources. A slice belongs to a single project, and multiple experimenters may belong to the slice. Experimenters can add and delete resources from a slice. Experimenters must belong to the project containing the slice before they can belong to the slice.

People in a slice have one of four roles:

  • Slice Lead The person responsible for what happens in a slice. There is a single lead of a slice. Leads and Admins have full control over the slice. Leads and Admins can change slice membership, others cannot.
  • Slice Admin Leads and Admins have full control over the slice. Slice Admins can change slice membership, like a slice lead.
  • Slice Member A slice member can renew the slice, and reserve or delete resources. Slice members cannot change slice membership
  • Slice Auditor Has read only permission on a Slice. A slice auditor can view slice meta-data (eg name and expiration) and see who is in the slice. Depending on tool support, they may be allowed to log into compute resources.

An example of a slice

Slice Credential

A signed statement from a GENI federation slice authority indicating that a given experimenter has particular rights to operate on a given slice. Such credentials have a specified expiration date. Aggregates receiving the credential will authorize operations only as permitted by the credential and only for the life of the credential.


A Sliver is one or more resources provided by an aggregate, whether virtual or whole (‘bare metal’). Slivers are created and added to Slices through calls to the Aggregate Manager API at aggregates. Slivers are isolated from other slivers on the same resources.

SSH Keys

These are PKI (Public Key Infrastructure) public/private key pairs that represent a user’s identity for logging into a remote computer. Typically, the public key is stored on the remote computer and the private key is held by the user trying to ‘ssh’ (secure remote login). See  Wikipedia’s SSH page for more general info. When slivers are created for compute resources, tools (such as the GENI portal) can provide the aggregate with a set of public SSH keys, enabling experimenters to securely log in to the reserved compute resources.

SSL Key and Certificate

These are PKI (Public Key Infrastructure) materials representing a user’s identity for SSL (secure sockets layer) communications such as HTTPS sessions. Specifically the AM API requires authentication by means of SSL client certificates signed by a trusted GENI root.