1 / 17

Windows Terminal Services for Remote PVSS Access

Windows Terminal Services for Remote PVSS Access. Peter Chochula ALICE DCS Workshop 21 June 2004 Colmar. This talk is based on presentation given at JCOP Project Team meeting (June 17) For full version please see: http://agenda.cern.ch/fullAgenda.php?ida=a042724. Outline. Motivation

kory
Download Presentation

Windows Terminal Services for Remote PVSS Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Terminal Services for Remote PVSS Access Peter Chochula ALICE DCS Workshop 21 June 2004 Colmar

  2. This talk is based on presentation given at JCOP Project Team meeting (June 17) • For full version please see: • http://agenda.cern.ch/fullAgenda.php?ida=a042724

  3. Outline • Motivation • Technology : RDP, RDC, Windows Server 2003 • CERNTS, licensing issues • ALICE Test Setup • Tests to be performed

  4. Motivation for using TS • Remote access to control systems is required by several groups • We were looking for secure and reliable solution • Number of protocols passing through CERN’s firewall should be limited to minimum • CERN’s security team recommends TS in conjunction with PVSS remote UI as a preferred solution

  5. Remote Connection to Control Systems (basic ideas) Control System Remote client CERN’s firewall W2003 TS PVSS Remote UI Remote desktop connection over VPN PVSS Master Projects

  6. Remote desktop clients (RDC) • Implemented in Windows XP • Clients available for • Windows 95/98/98SE/ME/NT4/2k • Windows CE – allows for using palmtops on client side! • Linux • MAC OS X 10.2.8 or later • Web based interface available for ActiveX enabled browsers

  7. Benefits from TS and RDC • Centralized maintenance of remote UI projects • No need to install project on each client machine • Low-bandwidth access to data • Only screen view of the data is transmitted • RDP provides techniques such as data compression or persistent bitmap caching • Connection optimization based on network bandwidth • High level of security • 128 bit bi-directional RC4 encryption (client dependent) • Additional FIPS compliant encryption level

  8. Overview of TS licensing • Two licensing modes • Per user • Per device • License is issued to the client by the server • License server provides a pool of licenses • Licenses are not returned to the pool after disconnecting the session • E.g. a colleague using a laptop goes away with the license • Reformatting a client disk wipes out the license • Unused licenses will be returned to pool after a timeout period (~80 days) • If the connection to licensing server is lost, TS issues temporary licenses to clients

  9. TS at CERN • Central service provided by CERN’s IT is now operational (CERNTS) • User rights are restricted to minimum (basically the user is allowed to use only the Office applications) • No possibility to install new software by the user • PVSS support not foreseen

  10. Cloning of CERN TS for experiments • No manpower for central maintenance of additional TS available • We were offered help with installation of the servers and setting-up of licensing and local policies • Credits and thanks to Ruben D. Gaspar Aparicio • BUT!: • We can profit from CERN License Server • A reasonable number of licenses (~5000) available at CERN (out of them ~300 presently in use)

  11. Test Setup in ALICE CERN network Private network RDC 2x W2003 Enterprise Edition running TS RDC PVSS Master Projects PVSS Master Projects

  12. Tests to perform • A preliminary list of tests to be performed has been prepared • Some test were already done – as a proof of the concept • Systematic tests will be performed this summer • Everyone is invited to participate

  13. Present Status • 2 Servers installed (180 day trial of Enterprise Edition) and created remote UI projects • NLB cluster setup in progress – it will be setup on private network • tested simultaneous access to 2 different PVSS projects (even across CERN’s firewall) using our TS • tested RDC with XP, Windows 2000, Windows 98 SE, Mac OS X and Linux

  14. Present Status • our test server is recognized by CERN License server • Seems to work (tested with ~20 simultaneous connections to WTS)

  15. Performance of TS in case of network problems • Loss of connection between RDC an TS • This is not a problem, connection can be resumed even after days. (Can be of course killed by server) • Loss of connection between TS and remote PVSS project • If less thank 7s, it will be resumed • If the disconnection lasts more than 7 s, the remote UI manager has to be restarted – no effect on master project

  16. Additional tests • All tests should be done more systematically and with more realistic systems • So far we tried just to check the concept • Identify bottlenecks (e.g. network influence) • Understand user requirements • Study related technologies (e.g. SFU, SUS…)

  17. Conclusions • Concept of TS has been studied in ALICE • Test setup including 2 Enterprise servers is operational (we will be forced to reinstall at least one server by the end of July – grace period is over) • No major problems discovered so far • DCS Terminal service operational at CERN • Production version will be released by the end of August • We will continue our tests and report the results • Any help is appreciated

More Related