Computing infrastructure for accelerator controls and security-related aspects BE/CO Day – 22.June.2010 The first part of this talk gives an overview of the computing infrastructure dedicated to the accelerator controls: consoles, files and application servers, and explains how it is supervised and how high availability is achieved. The second part explains the security-related aspects, such as the management of user passwords and groups, the separation of general purpose and technical (accelerator) networks, and the role-based access control system protecting accelerator devices.
Outline Operator Console in the CCC File and Application servers in the CCR Users management General and Technical Network Security Role Based Access Control 22 June 2010 BE/CO Day - Pierre Charrue
Outline Operator Console in the CCC File and Application servers in the CCR Users management General and Technical Network Security Role Based Access Control 22 June 2010 BE/CO Day - Pierre Charrue
The CCC and CCR 22 June 2010 BE/CO Day - Pierre Charrue
Inside CCC General Purpose Fixed Display Operator Consoles 22 June 2010 BE/CO Day - Pierre Charrue
A typical Operator Console Acoustic panel used as back door Screens with tunable distance and tilt PCs hidden but easily accessible Task lighting Table height 72cm, American Oak look 22 June 2010 BE/CO Day - Pierre Charrue
CCR principles High Availability infrastructure The servers (and the services offered) should never stop The CCR has a double power distribution coming from 2 different sources, with 15’ (resp. 60’) UPS Each server has Redundant power supply Redundant system disks and user disks (RAID-1) Hot swappable power supply, RAID disks and fans units Automatic ECC RAM checks and isolation of faulty memory blocks The CCR is very closely monitored Tº by the Operators in the CCC System monitoring with SMS and mails to the experts Extremely good results : The CCR servers hardly stop when there is a general CERN power outage! 22 June 2010 BE/CO Day - Pierre Charrue
Inside the CCR 22 June 2010 BE/CO Day - Pierre Charrue
Inside the CCR 22 June 2010 BE/CO Day - Pierre Charrue
Outline Operator Console in the CCC File and Application servers in the CCR Users management General and Technical Network Security Role Based Access Control 22 June 2010 BE/CO Day - Pierre Charrue
User Management CERN has a global user management and creates an account for every people working at CERN. BE/CO manages the users that are allowed to access the Controls Infrastructure NFS filespace, passwd and groups system files Today this is based on a manual process We are in the process of implementing and deploying a more secure and automatic management of our potential users Including SSH authorisations, limiting global accounts to specific areas, automatic removal of accounts not valid anymore, … 22 June 2010 BE/CO Day - Pierre Charrue
Outline Operator Console in the CCC File and Application servers in the CCR Users management General and Technical Network Security Role Based Access Control 22 June 2010 BE/CO Day - Pierre Charrue
Access from the office inside CERN Specialist access from home Office development PC Trusted Application Gateways Home or remote PC CERN Firewall Connection to Internet INTERNET CERN Public Gateways (LXPLUS, CERNTS) 3 typical Use Cases Operator in the CCC Access from the office inside CERN Specialist access from home 22 June 2010 BE/CO Day - Pierre Charrue
Network Security CERN security policy for Controls (CNIC initiative) defined and implemented the following : 9 January 2006 : closure of the GPN <-> TN connection No communication allowed to cross the bridge except from TRUSTED hosts on the GPN to EXPOSED hosts on the TN Connection to the TN requires formal authorization MAC address authentication 22 June 2010 BE/CO Day - Pierre Charrue
Outline Operator Console in the CCC File and Application servers in the CCR Users management General and Technical Network Security Role Based Access Control 22 June 2010 BE/CO Day - Pierre Charrue
What is RBAC RBAC stands for Role Based Access Control RBAC is an infrastructure to prevent: A well meaning person from doing the wrong thing at the wrong time. An ignorant person from doing anything, at anytime. It is a suite of software components that provides AUTHENTICATION (A1) on the client level AUTHORIZATION (A2) on the server level Depending on WHICH action is made, on WHO is making the call, and from WHERE the call is issued, the access will be granted or denied This allows for filtering, for control and for traceability of the access to the equipment 22 June 2010 BE/CO Day - Pierre Charrue
Basic Concepts Roles: user are assigned to roles Rules: access permission A1 = Authentication : Verifies who you are with the NICE user name and password A2 = Authorization: Roles have permission to make specified access 22 June 2010 BE/CO Day - Pierre Charrue
RBAC Overview A1: A2: User requests to be authenticated. RBAC authenticates user via NICE user name and password RBA returns token to Application A2: Application sends token to CMW when connecting. CMW server (on front-end) verifies token signature once, and uses the credentials for every subsequent request CMW checks access map for role, location, application, mode Application RBAC RBAC Token: Application name User name IP address/location Time of authentication Time of expiry Roles[ ] Digital signature (RBA private key) CMW client CMW server Access MAP FESA 22 June 2010 BE/CO Day - Pierre Charrue
RBAC deployed on LHC in 2008 LHC Applications have now this little green/orange button to login to RBAC 22 June 2010 BE/CO Day - Pierre Charrue
Summary The BE/CO/IN section is responsible for many different areas within the Controls infrastructure In a controls infrastructure…. High availability file and application servers Network Controls security User management Role Based access control …. are essential Do not hesitate to contact us for further discussions 22 June 2010 BE/CO Day - Pierre Charrue