70 likes | 246 Vues
Remote Access Review . Accelerator Controls Brad Cumbia Anthony Cuffe December 1, 2010 . Accelerator Controls. Identify Lab systems in your area that are remotely accessed or will be in the near future - Network Systems (Network Administrators) - Switches - Routers
E N D
Remote Access Review Accelerator Controls Brad Cumbia Anthony Cuffe December 1, 2010
Accelerator Controls • Identify Lab systems in your area that are remotely accessed or will be in the near future - Network Systems (Network Administrators) - Switches - Routers - Management systems (Cisco Works, Network Node Manger, etc..) - Accelerator Control Systems (On-Call Personnel and Administrators) - IOCs (On-call and Administrators) - Unix systems (On-call and Administrators) - Windows systems (All users) - Web servers (All users)
Accelerator Controls • Explain how your systems are remotely accessed from - Network Systems - on-site - Access via ssh protocol only (from Linux and Windows) - Authentication control by TACACS+ Server (Cisco ACS) - ACLs for finer access restrictions - Network Systems - off-site - Access via ssh protocol through login.jlab.org and then Accel system - Equivalent to on-site after authenticating
Accelerator Controls Cont. - Accelerator Control Systems - on-site - Access to Unix systems via ssh protocol (terminal) - Access to Unix desktop via NXclient over ssh - Access to Windows systems via rdp protocol - Access to IOCs via dedicated Terminal Servers (ssh only) - Accelerator Control Systems - off-site (through login.jlab.org) - Access to Unix systems (terminal) via ssh protocol w/tcp wrappers - Access to Unix desktop via NXclient tunneled over ssh - Access to Windows systems via rdp protocol tunneled over ssh - Access to IOCs via dedicated Terminal Servers (ssh only) - Access to Web servers via a proxy server tunneled over ssh
Accelerator Controls Cont. - Global Measures - Write Access to IOCs controlled by Channel Access (host and user) - tcp wrappers employed widely to restrict access to systems. - Network level ACLs blocking protocols and restricting access to systems. - Procedures - How to Access Internal Web servers from Off-Site -https://devweb.acc.jlab.org/twiki/bin/view/SWDocs/HowToTunnelWebViaSSH - How to Open A Remote Windows Desktop - https://devweb.acc.jlab.org/twiki/bin/view/SysAdmin/HowToRemoteDesktopWindows - How to Open A Remote Linux Desktop - https://devweb.acc.jlab.org/twiki/bin/view/SysAdmin/HowToRemoteDesktopLinux
Accelerator Controls • Describe future plans or needs for enhancing/upgrading remote access, e.g. changed systems, different controls, access for PDAs, etc. - Extended use of NXclient (Linux Desktop) over RDP (Windows Desktop). - Develop remote access procedures and tools for smart phones and tablet devices. - Stronger ACLs with hardware based firewalls.
Area • Comments