190 likes | 313 Views
CNIC in AB: Status report. P. Charrue - AB/CO/IN. Outline. Reminder of what will happen 9.Jan.06 Reminder of the proposed solutions List of the current actions in AB What will happen between now and 9.Jan.06 What will happen between 9.Jan.06 and 31.dec.06. Outline.
E N D
CNIC in AB: Status report P. Charrue - AB/CO/IN AB/CO/TC on CNIC
Outline • Reminder of what will happen 9.Jan.06 • Reminder of the proposed solutions • List of the current actions in AB • What will happen between now and 9.Jan.06 • What will happen between 9.Jan.06 and 31.dec.06 AB/CO/TC on CNIC
Outline • Reminder of what will happen 9.Jan.06 • Reminder of the proposed solutions • List of the current actions in AB • What will happen between now and 9.Jan.06 • What will happen between 9.Jan.06 and 31.dec.06 AB/CO/TC on CNIC
Monday 9 January 2006 • Official date of the closure of the GN <-> TN connection • No communication will be allowed to cross the bridge • Except from hosts on the GN that are considered as TRUSTED • Except to hosts on the TN that are considered as EXPOSED AB/CO/TC on CNIC
Graphical View Courtesy S.Lueders AB/CO/TC on CNIC
Proposed solutions • Monitoring of the GN<->TN traffic • Window Terminal Service (WTS) • NICEFC and LINUXFC • NETOPS forms to manage groups • CNIC Users Exchange Forum • TN connection authorisation • MAC address authentication AB/CO/TC on CNIC
AB CNIC Strategy • Deploy and maintain NICEFC and WTS • All front-ends on the GPN will be TRUSTED • See demo later • Important services offered from the TN and used by AB will be EXPOSED • E.g. all the databases for "Controls Configuration", "Settings", "Measurements" and "Logging", web server, PVSS application servers. • Your development computers will be TRUSTED to start with. But only for limited time! AB/CO/TC on CNIC
Outline • Reminder of what will happen 9.Jan.06 • Reminder of the proposed solutions • List of the current actions in AB • What will happen between now and 9.Jan.06 • What will happen between 9.Jan.06 and 31.dec.06 AB/CO/TC on CNIC
Current actions in AB (1/3) • Collect information from the users and publish it on the CNIC WIKI pages • ===> Demo • Populate both TRUSTED and EXPOSED lists • ===> Demo • Continuous cleaning of the NETOPS database • The NETOPS database is the ONLY place to lookup for information about network devices. • Description, Hardware MAC address, responsible person, … • ‘MIKE” sniffer is going through this database and will issue emails to correct the bad entries • ===> Demo AB/CO/TC on CNIC
Current actions in AB (2/3) • NICEFC deployment • Managing groups of computers (see demo) • MSI packages and Policy settings creation • Available MSI packages : JAVA JRE and Exceed • Working on the Passerelle package, PVSS client, STEP-7, • NICEFC will be deployed in the CCC consoles in the coming days • All consoles in the same group • Apply the JAVA, Exceed package + Policy settings • One operational console is available for test CWO-936-TST6 in the µCR in 936 • ===> Demo AB/CO/TC on CNIC
Current actions in AB (3/3) • WTS Deployment • CERNTSDEV01 • JAVA and Exceed installed. CESAR project made tests on this WTS • CERNTSAB01 • LabVIEW tests with AB/PO (S. Page) • PVSS tests with Cryo • Tests with AB/PO (PS side) • CERNTSTS01 • STEP7 tests with IS and PIC • CERNVACLHC01, CERNVACSPS01 and CERNVACLEIR01 for vacuum operation • CERNTSAB02, 03, 04, 05 available early December • To distribute the load of CERNTSAB01 AB/CO/TC on CNIC
UseCase #1 : LINUX developer • The LINUX development PC will be in the TRUSTED list • It will have visibility of • the /ps files from ABSRV1 • the configuration database • the IT CVS infrastructure • The developer will be able to remote-login to a FrontEnd to deploy and test the new application • In a second phase, a TRUSTED Application Server running LINUX will be made available for FESA developments. This Application Server will have access to all the resources (/ps, config DB, test or operational FE). • The LINUX dev PC will be removed from the TRUSTED list AB/CO/TC on CNIC
Outline • Reminder of what will happen 9.Jan.06 • Reminder of the proposed solutions • List of the current actions in AB • What will happen between now and 9.Jan.06 • What will happen between 9.Jan.06 and 31.dec.06 AB/CO/TC on CNIC
What will happen from now till 9.Jan.06 (1/3) • Finalise the lists of TRUSTED and EXPOSED • We have a good overview of what has to be in the TRUSTED and EXPOSED lists • The lists have been created and contains already more then 200 AB TRUSTED hosts • Alastair, Nicolas and myself have received lists from the users • Monday 12 December the two lists will be published on the CNIC Wiki site and a mail sent to the users for them to check AB/CO/TC on CNIC
What will happen from now till 9.Jan.06 (2/3) • Continue the user awareness campaigns • Mail was sent to AB, AT, TS, IT department + article in the bulletin to inform people about the TN<->GN separation • Many individual interviews have been made (See reports in the WIKI pages) and are currently followed-up by the CNIC team • CNIC User Exchange Working Group meets every week • CNIC User mailing list is used to disseminate information • WIKI website is the center of the information • Monitor the packets between GN and TN to understand the inter-dependance and : • Make sure the TRUSTED or EXPOSED list are right • Move some services to the most appropriate network (TN or GN) AB/CO/TC on CNIC
What will happen from now till 9.Jan.06 (3/3) • Still some use cases to study and implement : • Windows developer • Equipment specialist running specific software to access TN equipment from the GN • HWC specialist in the tunnel with his/her wireless laptop • Finalise the WTS tests and deployment with the users • PVSS, Step7, LabVIEW, Java GUI, … • Progress on NICEFC packages • MSI packages : JAVA JRE, PVSS Client, Exceed, Step7, … • Collaboration inside the CNIC Users Exchange Group • NICEFC will be deployed in operation after January 2006 • Review of operator accounts • Replace ‘OPERA’ with more specific accounts (SPSOP, LEIROP, LHCOP, UNICRYO, … • First discussion already underway AB/CO/TC on CNIC
What will happenafter 9.Jan.06 • Monitor all the rejected packets between GN and TN to discover what has eventually been missed in the TRUSTED and EXPOSED lists. • From 10th to 20th January 2006 : • Run through the use cases presented before to confirm the solutions put in place (WTS, NICEFC, TRUSTED and EXPOSED lists) • Specific test in UA83 for the HWC • From February onwards, reduce the EXPOSED and TRUSTED list as much as we can • Monitor the load on the WTS and be ready to deploy more WTS. AB/CO/TC on CNIC
Conclusion • The CNIC is in the deployment phase now and January, 9th 2006 will be a very important step • Almost every user has now been contacted and the CNIC Exchange User Group will allow for information flow • The tools and solutions proposed by CNIC are available now and are deployed on the AB controls infrastructure • We will start with long lists of TRUSTED and EXPOSED hosts. These lists will have to be shortened afterwards. • We do not anticipate major problems for CNIC deployment and the CNIC experts will be fully available in January AB/CO/TC on CNIC
All CNIC info • CNIC WIKI pages https://uimon.cern.ch/twiki/bin/viewauth/CNIC/WebHome AB/CO/TC on CNIC