1 / 8

Remote Access Review

Remote Access Review. EXPERIMENTAL AREAS GRAHAM HEYES December 1, 2010 . Experimental Areas - Systems. Detector slow control systems, magnets, gas supplies, high voltage supplies., motors, etc. EPICS via accelerator controls group. Custom systems from outside institutes.

marin
Download Presentation

Remote Access Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Remote Access Review EXPERIMENTAL AREAS GRAHAM HEYES December 1, 2010 

  2. Experimental Areas - Systems • Detector slow control systems, magnets, gas supplies, high voltage supplies., motors, etc. • EPICS via accelerator controls group. • Custom systems from outside institutes. • Data acquisition systems. • CODA run control. • Non-CODA systems, i.e. detector test stands. • Diagnostic displays, system message log. • Online data monitoring and analysis. • Event displays, histograms, etc. • Online logbook. • Safety systems - not talked about by me. • Online systems are “owned” by the halls.

  3. Experimental Areas, general • EPICS is used for all halls for most “slow control”. • Covered in other talks. • Some slow control using Windows based systems and custom software. RAS or Counting House only. • Data acquisition and online monitoring systems use X11. • In principle the X11 displays can be viewed from anywhere via ssh tunnel. • Technical and administrative controls limit access. • Logbooks are web based using either custom software or open source Wiki-like systems. • Web and database servers are controlled by IT. • Access limited by location or login. • Still some paper logbooks.

  4. Experimental areas, A • Technical controls • The DAQ network is partitioned from the lab network. • ssh required from office or offsite (two hops). • Some “privileged networks” such as DAQ group. • Two passwords, user logs in with their own account then logs in using AN online account. Usually one account per major experiment. • Administrative controls • Remote control requires voice communication with a manned counting house. • Remote access is limited to “experts” or is read-only. • No technical control enforces these controls.

  5. Experimental areas, B • Technical controls • The DAQ network is partitioned from the lab network. • Two passwords, user logs in with their own account then logs in using THE online account. • The clasrun account password is “well known”. • Administrative controls • Remote control requires voice communication with a manned counting house. • Remote access is limited to “experts”. • No technical control enforces these controls.

  6. Experimental areas, C • Technical controls • The DAQ network is partitioned from the lab network. • Two passwords required. • Some areas of remote access limited to experts by access control software. • Some controls disabled when counting house is unmanned. • Administrative controls • Remote control requires voice communication with a manned counting house. • Remote access is limited to “experts”. • Enforced by technical control in some cases.

  7. Experimental Areas future • None of the halls are planning any significant changes for the remainder of the 6 GeV program. • The “Run Control” system in CODA is being replaced by the “Experiment Control” system, AFECS, in CODA 3. • AFECS can control “custom” slow control systems. • AFECS can communicate with EPICS. • The cmsg communication protocol used by AFECS can use SSH or SSL directly, i.e. without tunneling X11. • AFECS displays and system components can run remotely, outside the counting house or offsite. • Opportunity to improve technical access control. • Opportunity to restrict “online accounts”.

  8. Experimental Areas • Comments • Each hall is different in both attitude and application. • Systems have evolved with a focus on data taking not security. • Administrative controls are trust based and often not backed up by technical controls. • There is much room for improvement but online groups are small and their focus is still on data taking. • There is a strong reliance on IT division support.

More Related