Windows Terminal Services for Remote PVSS Access Peter Chochula ALICE DCS Workshop 21 June 2004 Colmar.

Slides:

Advertisements

Similar presentations

Anders Vinger, University of Oslo Personal Data Recovery The pain of laptops.

Advertisements

SLAC Remote Access and Citrix XPe Brian Scott SLAC May 2004.

Remote access to PVSS projects and security issues DCS computing related issues Peter Chochula.

WSUS Presented by: Nada Abdullah Ahmed.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

Jeff Patton & Doug Whiteley It Service Group IT Roundtable July 15 th, 2009 Thin Clients & Terminal Services.

Understand Virtualized Clients Windows Operating System Fundamentals LESSON 2.4.

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

Designing, Deploying and Supporting Windows Terminal Services At CERN by Ruben Gaspar IT – Internet Services Group CERN.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Server 2008 Terminal Services and Remote Desktop Services Basic application access is possible without Citrix, and Server 2008 R2 adds on some key features.

Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.

Terminal Services Terminal Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively.

Microsoft Windows XP Remote Desktop Alvin Loh Program Manager Terminal Services Group.

Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.

Windows XP tests at DESY Henner Bartels W2K HTASC Coordination Committee CERN, December 3 rd – 4 th.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Course 201 – Administration, Content Inspection and SSL VPN

Windows Server 2008 Chapter 9 Last Update

Implementing and Configuring Microsoft ® Windows Server ® 2008 Terminal Services Nicola Ferrini

Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.

Windows Server 2003 Terminal Server. Windows Terminal Server Rapid access to data and applications from anywhere LAN Data Wireless LAN VPN Applications.

Virtual Desktops and Flex CSU-Pueblo Joseph Campbell.

IGEL UMS Product Marketing Manager October 2011 Florian Spatz Universal Management Suite.

Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.

© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.

Remote Desktop Services Remote Desktop Connection Remote Desktop Protocol Remote Assistance Remote Server Administration T0ols.

Windows Terminal Services for Remote PVSS Access Peter Chochula – ALICE 17 June 2004.

Windows 2003 Overview Lecture 1. Windows Networking Evolution Windows for Workgroups – peer-to-peer networking built into the OS Windows NT – separate.

Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.

Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.

Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.

André Augustinus 10 September 2001 Common Applications to Prototype A two way learning process.

By Rashid Khan Lesson 10-From Here to There: Remote Installation of the Windows XP Professional Client.

What’s New in Fireware v11.9.5

Update on Database Issues Peter Chochula DCS Workshop, June 21, 2004 Colmar.

Peter Chochula ALICE DCS Workshop, October 6,2005 DCS Computing policies and rules.

1.1. TechNet Security Summit 2004 Terminal Server Security Marcus Murray.

Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

How to use Remote Desktop and Remote Support. What is remote desktop? Remotely control your computer from another office, from home, or while traveling.

Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.

Module 8: Managing Terminal Services. Overview Use and manage Terminal Services RemoteApp programs Use and manage Terminal Services Gateway Optimize and.

Peter Chochula DCS Remote Access and Access Control Peter Chochula.

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Update on Windows 7 at CERN & Remote Desktop.

The DCS lab. Computer infrastructure Peter Chochula.

Peter Chochula ALICE Offline Week, October 04,2005 External access to the ALICE DCS archives.

(WINDOWS PLATFORM - ITI310 – S15)

Remote Access Usages. Remote Desktop Remote desktop technology makes it possible to view another computer's desktop on your computer. This means you can.

Hands-On Virtual Computing

Virtualization Vitalis Konopelec Technology Solution Professional Microsoft Slovakia s.r.o.

Alex Chee Daniel LaBare Mike Oster John Spann Bryan Unbangluang Collaborative Document Sharing In Conjunction With.

Database Issues Peter Chochula 7 th DCS Workshop, June 16, 2003.

Windows Server 2003 Terminal Server: Overview And Deployment Haim Inger CTO Malam Group.

Supervision of production computers DCS security Remote access to DCS Peter Chochula 9 th DCS Workshop, March 15, 2004 Geneva.

Using Virtualization in the Classroom

Basharat Institute of Higher Education

Contents Software components All users in one location:

How to have an Espresso Espresso User Guide.

RBS Remote Business Support System

CERN Certificates platform Emmanuel Ormancey / Anatoly Gladkov

Preparing for the Windows 8.1 MCSA

Presentation transcript:

Windows Terminal Services for Remote PVSS Access Peter Chochula ALICE DCS Workshop 21 June 2004 Colmar

This talk is based on presentation given at JCOP Project Team meeting (June 17) This talk is based on presentation given at JCOP Project Team meeting (June 17) For full version please see: For full version please see: 

Outline Motivation Motivation Technology : RDP, RDC, Windows Server 2003 Technology : RDP, RDC, Windows Server 2003 CERNTS, licensing issues CERNTS, licensing issues ALICE Test Setup ALICE Test Setup Tests to be performed Tests to be performed

Motivation for using TS Remote access to control systems is required by several groups Remote access to control systems is required by several groups We were looking for secure and reliable solution We were looking for secure and reliable solution Number of protocols passing through CERN’s firewall should be limited to minimum Number of protocols passing through CERN’s firewall should be limited to minimum CERN’s security team recommends TS in conjunction with PVSS remote UI as a preferred solution CERN’s security team recommends TS in conjunction with PVSS remote UI as a preferred solution

Remote Connection to Control Systems (basic ideas) Remote client CERN’s firewall W2003 TS Control System Remote desktop connection over VPN PVSS Remote UI PVSS Master Projects

Remote desktop clients (RDC) Implemented in Windows XP Implemented in Windows XP Clients available for Clients available for  Windows 95/98/98SE/ME/NT4/2k  Windows CE – allows for using palmtops on client side!  Linux  MAC OS X or later Web based interface available for ActiveX enabled browsers Web based interface available for ActiveX enabled browsers

Benefits from TS and RDC Centralized maintenance of remote UI projects Centralized maintenance of remote UI projects  No need to install project on each client machine Low-bandwidth access to data Low-bandwidth access to data  Only screen view of the data is transmitted  RDP provides techniques such as data compression or persistent bitmap caching  Connection optimization based on network bandwidth High level of security High level of security  128 bit bi-directional RC4 encryption (client dependent)  Additional FIPS compliant encryption level

Overview of TS licensing Two licensing modes Two licensing modes  Per user  Per device License is issued to the client by the server License is issued to the client by the server  License server provides a pool of licenses  Licenses are not returned to the pool after disconnecting the session  E.g. a colleague using a laptop goes away with the license  Reformatting a client disk wipes out the license  Unused licenses will be returned to pool after a timeout period (~80 days) If the connection to licensing server is lost, TS issues temporary licenses to clients If the connection to licensing server is lost, TS issues temporary licenses to clients

TS at CERN Central service provided by CERN’s IT is now operational (CERNTS) Central service provided by CERN’s IT is now operational (CERNTS) User rights are restricted to minimum (basically the user is allowed to use only the Office applications) User rights are restricted to minimum (basically the user is allowed to use only the Office applications) No possibility to install new software by the user No possibility to install new software by the user PVSS support not foreseen PVSS support not foreseen

Cloning of CERN TS for experiments No manpower for central maintenance of additional TS available No manpower for central maintenance of additional TS available We were offered help with installation of the servers and setting-up of licensing and local policies We were offered help with installation of the servers and setting-up of licensing and local policies  Credits and thanks to Ruben D. Gaspar Aparicio BUT!: BUT!:  We can profit from CERN License Server  A reasonable number of licenses (~5000) available at CERN (out of them ~300 presently in use)

Test Setup in ALICE CERN network 2x W2003 Enterprise Edition running TS PVSS Master Projects RDC Private network RDC PVSS Master Projects

Tests to perform A preliminary list of tests to be performed has been prepared A preliminary list of tests to be performed has been prepared Some test were already done – as a proof of the concept Some test were already done – as a proof of the concept Systematic tests will be performed this summer Systematic tests will be performed this summer Everyone is invited to participate Everyone is invited to participate

Present Status 2 Servers installed (180 day trial of Enterprise Edition) and created remote UI projects 2 Servers installed (180 day trial of Enterprise Edition) and created remote UI projects  NLB cluster setup in progress – it will be setup on private network tested simultaneous access to 2 different PVSS projects (even across CERN’s firewall) using our TS tested simultaneous access to 2 different PVSS projects (even across CERN’s firewall) using our TS tested RDC with XP, Windows 2000, Windows 98 SE, Mac OS X and Linux tested RDC with XP, Windows 2000, Windows 98 SE, Mac OS X and Linux

Present Status our test server is recognized by CERN License server our test server is recognized by CERN License server  Seems to work (tested with ~20 simultaneous connections to WTS)

Performance of TS in case of network problems Loss of connection between RDC an TS Loss of connection between RDC an TS  This is not a problem, connection can be resumed even after days. (Can be of course killed by server) Loss of connection between TS and remote PVSS project Loss of connection between TS and remote PVSS project  If less thank 7s, it will be resumed  If the disconnection lasts more than 7 s, the remote UI manager has to be restarted – no effect on master project

Additional tests All tests should be done more systematically and with more realistic systems All tests should be done more systematically and with more realistic systems  So far we tried just to check the concept Identify bottlenecks (e.g. network influence) Identify bottlenecks (e.g. network influence) Understand user requirements Understand user requirements Study related technologies (e.g. SFU, SUS…) Study related technologies (e.g. SFU, SUS…)

Conclusions Concept of TS has been studied in ALICE Concept of TS has been studied in ALICE Test setup including 2 Enterprise servers is operational (we will be forced to reinstall at least one server by the end of July – grace period is over) Test setup including 2 Enterprise servers is operational (we will be forced to reinstall at least one server by the end of July – grace period is over) No major problems discovered so far No major problems discovered so far DCS Terminal service operational at CERN DCS Terminal service operational at CERN  Production version will be released by the end of August We will continue our tests and report the results We will continue our tests and report the results  Any help is appreciated