# Introduction to provisioning in NVIDIA FLARE

Previously, we saw examples on how to use the [FL Simulator](https://nvflare.readthedocs.io/en/main/user_guide/nvflare_cli/fl_simulator.html#fl-simulator) to run federated applications in a simulated environment. In those examples, the generation and management of server and clients were all handled by the FL Simulator tool, and we didn't really have the need to set them up.

In real-world FL deployment, different participants have their own clearly defined roles that require more managed setup. Apart from server and clients, FL projects are usually assigned with administrators who manage and monitor project status. Proper user authentication and authorization mechanisms need to be set up to ensure a secure deployment environment for all participants to establish mutually-trusted communication channels. Also, due to the distributed nature of FL projects, all participants would need to be able to join the FL system from different locations through secure network connections, potentially dynamically. On top of all that, extra security and resource management features might also be required due to different participants requirements in terms of privacy and compute resources.

As a managed way to properly set up a federated system for all these aspects, NVIDIA FLARE introduces the concept of [**Provisioning**](https://nvflare.readthedocs.io/en/main/programming_guide/provisioning_system.html#provisioning-in-nvidia-flare): **the process of setting up a federated system and participants for a scalable, extensible and secure real world deployment**. Provisioning in NVIDIA FLARE is used to:
- Establish the identities of the server, clients, and administrators
- Generate startup kits for each participant
- Set up secure communication channels between participants

![NVFLARE Provision](provision.png)

Provisioning can be done in 2 ways in NVIDIA FLARE:
- Using the [CLI tool `nvflare provision`](https://nvflare.readthedocs.io/en/main/real_world_fl/overview.html#provisioning-via-the-cli-tool)
- Using the webUI-based [FLARE Dashboard](https://nvflare.readthedocs.io/en/main/user_guide/dashboard_ui.html).

We will walk through examples of both methods in this chapter. 

# Provision: a 3-Step Process

The provisioning process typically involves the following steps:
1. Configure the project using a configuration file
2. Use the FLARE provisioning tool to generate startup kits from project configuration file
3. Distribute the startup kits to participants

Let's walk through these steps together.

## 1. Configure the project

The input to the povisioning process is a project configuration file (typically a `yaml` file). This configuration is used to set up the FL project, and generally includes definitions for:
- Project meta-data
- Participants of the project
- Builders to build project workspace

## 2. Generate startup kits

Running the provisioning with an input configuration file generates a well-defined directory hierarchy. In particular, **startup kits** are generated for all participants.

**A startup kit is a folder with a set of files, scripts and credentials generated by provisioning for each participant in the FL project**. A startup kit is local to a specific participant and typically include:
- Authentication credentials
- Authorization policies
- Signatures for tamper-proof mechanisms
- Convenient shell scripts for launching the participant

## 3. Distribute the startup kits

With startup kits generated, the last step is to distribute these kits to the corresponding participants. You can use email, sftp etc. to do so, as long as you can ensure that it is secure. In general, each site should have an organization admin to receive or download the startup kits. The organization admin can then install their own packages, start the services, map the data location, and instrument the authorization policies and organization level site privacy policies. Another way to distribute startup kits is to use the [FLARE Dashboard](https://nvflare.readthedocs.io/en/main/user_guide/dashboard_ui.html) with a convenient webUI, as we will see later in this chapter.

# What's next

Next, let's learn [how to perform provisioning using the CLI tool `nvflare provision`](../04.1_provision_via_cli/provision_via_cli.ipynb).