1 / 10

DCS Remote Access and Access Control

DCS Remote Access and Access Control. Peter Chochula. General Remarks. The Remote Access mechanism was explained in previous workshops and presented during the DCS review The remote access mechanism follows the CNIC architecture and is based on Windows Terminal Server (WTS) and PVSS remote UI

carr
Download Presentation

DCS Remote Access and Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DCS Remote Access and Access Control Peter Chochula Peter Chochula

  2. General Remarks • The Remote Access mechanism was explained in previous workshops and presented during the DCS review • The remote access mechanism follows the CNIC architecture and is based on Windows Terminal Server (WTS) and PVSS remote UI • Performance was studied and results were presented during the review • There are no known showstoppers • Real DCS WTSs are operational Peter Chochula

  3. Accessing the DCS from the ACR • Original concept was based on common terminal service for all detectors Peter Chochula

  4. DCS Access via WTS ACR • + simple layout – single entry point • + easy management • WTS becomes a critical component • Risk of WTS overload RDP RDP RDP RDP CR3 WTS PVSS PVSS PVSS Detector 1 Detector 1 Detector 1 ON ON ON PVSS PVSS PVSS WN WN WN Peter Chochula

  5. WTS in the described concept becomes a critical component • In the DCS architecture we planned for 1 Operator Node per detector • The ON will be hosting the terminal service, each detector will therefore handle its own load • The detector ONs were already ordered and will be installed latest in April Peter Chochula

  6. DCS Access pushing the terminal services to operator nodes ACR - multiple entry points + WTS load is distributed across the network + Server system on ONs provides enhanced flexibility in expert mode RDP RDP RDP RDP CR3 Detector 1 Detector 1 Detector 1 ON - WTS ON - WTS ON - WTS PVSS PVSS PVSS WN WN WN Peter Chochula

  7. Remote access to the DCS from the GPN • The ACR is separated from the GPN • Remote access from the GPN is provided via a separate WTS cluster • This cluster allows access from outside of CERN • Wireless connections from the pit to the DCS are routed via the same cluster • (foreign laptops are always considered as risky devices and will not have direct access to the DCS) Peter Chochula

  8. Remote access to the DCS network ACR GPN Remote RDP RDP RDP RDP RDP CR3 WTS cluster PVSS PVSS Detector 1 Detector 1 Detector 1 ON - WTS ON - WTS ON - WTS PVSS PVSS PVSS WN WN WN Peter Chochula

  9. The WTS will be configured by the ACC • Detector teams are expected to provide the panels for the remote UI manager • The detector panels must provide the access control implemented via FW tools Peter Chochula

  10. PVSSII Access Control • PVSSII access control provides complex tool sfor access control • JCOP FW provides guidelines and tools for implementing an uniform access control mechanism • JCOP PVSS access model is described in the advanced course • FW access control component is available for download (part of the framework) • To be done: • Integration with central authentication service Peter Chochula

More Related