1 / 10

SLS Beamline Networks and Data Storage

This presentation discusses the problems with the common beamline network and proposes a new network layout for safer communication. It includes firewall and gateway setups, safety measures, hardware specifications, and data safety considerations.

howze
Download Presentation

SLS Beamline Networks and Data Storage

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SLS Beamline Networksand Data Storage Dirk Zimoch, EPICS Collaboration Meeting October 2008

  2. PSI network Old Network Layout (last year) SLS Accelerator Gate way Beamlines Dirk Zimoch, EPICS Collaboration Meeting October 2008

  3. The Problem • Common beamline network is not safe • Badly programmed CA clients can flood the network with broadcasts • Users may accidently write to records of other beamlines • Viruses etc may spread over all beamlines • Industrial users want their data safe and protected • Separate beamline networks need safe communication • Access to machine and other beamlines • Access from outside (e.g. offices) • Internet access from beamline • Storage access Dirk Zimoch, EPICS Collaboration Meeting October 2008

  4. PSI network New Network Layout (now) Firewall Switch SLS Accelerator Gate way Gate way Beamline1 Beamline2 Dirk Zimoch, EPICS Collaboration Meeting October 2008

  5. Channel Access Gateway Setup • All gateways connect to central accelerator network • Assumption: Beamline to beamline traffic is low • Central services in accelerator network (e.g. archiver) • All gateways are bi-directional • Full write access from accelerator • Limited write access from beamlines to machine(We trust the accelerator but not the beamlines) • No write access from beamline to beamline • Take care to prevent loops • Access from outside world is read-only Dirk Zimoch, EPICS Collaboration Meeting October 2008

  6. PSI network Firewall Beamline Network Firewall blocks incoming traffic except ssh to login gateway. Beamline hutch vmWare Login gateway IOC Accelerator CA gateway IOC Bootserver Compute node Softioc Compute node Compute node User Laptop Compute node Console Fileserver Fileserver GPFS Detector Dirk Zimoch, EPICS Collaboration Meeting October 2008

  7. Safety Measures • Firewall allows ssh from outside only to login gateway • Other machines with less strict security cannot compromise system • Login gateway has list of trusted users (PAM) • Beamline scientists • Beamline supporters • People doing on-call service • No external beamline users • Servers are located in server room, not at the beamline • No physical access • Better cooling • Uninterruptible power supply Dirk Zimoch, EPICS Collaboration Meeting October 2008

  8. HP blade system 16 blades per enclosure Dual core Opteron 2.4 GHz 2 GB RAM 2 network connections Accelerator 16 beamlines via VLAN VmWare for virtual machines 256 MB per virtual machine VmWare Server System Dirk Zimoch, EPICS Collaboration Meeting October 2008

  9. controller 0 controller 0 controller 0 controller 0 controller 1 controller 1 controller 1 controller 1 Beamline Storage 2 x 4 Gbit/sec Fibre Channel 500 GB SATA • Up to 30 TB netto • 400 MB/sec from one host • 600-700 MB/sec total Up to 4 disk arrays per beamline RAID 6 Dirk Zimoch, EPICS Collaboration Meeting October 2008

  10. Data safety • Double redundancy with RAID 6 • Individual LDAP accounts for users • No access to data of other users • Automated account generation • No long term storage • 30 TB is just enough for one month • No backup • Users take data home on constantly synchronized external hard disk (Firewire or USB) Dirk Zimoch, EPICS Collaboration Meeting October 2008

More Related