80 likes | 181 Vues
Remote Access Review. EXPERIMENTAL AREAS GRAHAM HEYES December 1, 2010 . Experimental Areas - Systems. Detector slow control systems, magnets, gas supplies, high voltage supplies., motors, etc. EPICS via accelerator controls group. Custom systems from outside institutes.
E N D
Remote Access Review EXPERIMENTAL AREAS GRAHAM HEYES December 1, 2010
Experimental Areas - Systems • Detector slow control systems, magnets, gas supplies, high voltage supplies., motors, etc. • EPICS via accelerator controls group. • Custom systems from outside institutes. • Data acquisition systems. • CODA run control. • Non-CODA systems, i.e. detector test stands. • Diagnostic displays, system message log. • Online data monitoring and analysis. • Event displays, histograms, etc. • Online logbook. • Safety systems - not talked about by me. • Online systems are “owned” by the halls.
Experimental Areas, general • EPICS is used for all halls for most “slow control”. • Covered in other talks. • Some slow control using Windows based systems and custom software. RAS or Counting House only. • Data acquisition and online monitoring systems use X11. • In principle the X11 displays can be viewed from anywhere via ssh tunnel. • Technical and administrative controls limit access. • Logbooks are web based using either custom software or open source Wiki-like systems. • Web and database servers are controlled by IT. • Access limited by location or login. • Still some paper logbooks.
Experimental areas, A • Technical controls • The DAQ network is partitioned from the lab network. • ssh required from office or offsite (two hops). • Some “privileged networks” such as DAQ group. • Two passwords, user logs in with their own account then logs in using AN online account. Usually one account per major experiment. • Administrative controls • Remote control requires voice communication with a manned counting house. • Remote access is limited to “experts” or is read-only. • No technical control enforces these controls.
Experimental areas, B • Technical controls • The DAQ network is partitioned from the lab network. • Two passwords, user logs in with their own account then logs in using THE online account. • The clasrun account password is “well known”. • Administrative controls • Remote control requires voice communication with a manned counting house. • Remote access is limited to “experts”. • No technical control enforces these controls.
Experimental areas, C • Technical controls • The DAQ network is partitioned from the lab network. • Two passwords required. • Some areas of remote access limited to experts by access control software. • Some controls disabled when counting house is unmanned. • Administrative controls • Remote control requires voice communication with a manned counting house. • Remote access is limited to “experts”. • Enforced by technical control in some cases.
Experimental Areas future • None of the halls are planning any significant changes for the remainder of the 6 GeV program. • The “Run Control” system in CODA is being replaced by the “Experiment Control” system, AFECS, in CODA 3. • AFECS can control “custom” slow control systems. • AFECS can communicate with EPICS. • The cmsg communication protocol used by AFECS can use SSH or SSL directly, i.e. without tunneling X11. • AFECS displays and system components can run remotely, outside the counting house or offsite. • Opportunity to improve technical access control. • Opportunity to restrict “online accounts”.
Experimental Areas • Comments • Each hall is different in both attitude and application. • Systems have evolved with a focus on data taking not security. • Administrative controls are trust based and often not backed up by technical controls. • There is much room for improvement but online groups are small and their focus is still on data taking. • There is a strong reliance on IT division support.