Peter Chochula ALICE DCS Workshop, October 6,2005 DCS Computing policies and rules.

Slides:



Advertisements
Similar presentations
This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Advertisements

Remote access to PVSS projects and security issues DCS computing related issues Peter Chochula.
Experiment Control Systems at the LHC An Overview of the System Architecture An Overview of the System Architecture JCOP Framework Overview JCOP Framework.
Lesson 17: Configuring Security Policies
Content Overview Update Process Additional Tools.
System Center Configuration Manager Push Software By, Teresa Behm.
Jeff Patton & Doug Whiteley It Service Group IT Roundtable July 15 th, 2009 Thin Clients & Terminal Services.
Peter Chochula, January 31, 2006  Motivation for this meeting: Get together experts from different fields See what do we know See what is missing See.
Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.
Information Security Policies and Standards
Software Frameworks for Acquisition and Control European PhD – 2009 Horácio Fernandes.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.
Terminal Services Terminal Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively.
Installing software on personal computer
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Objectives  Understand the purpose of the superuser account  Outline the key features of the Linux desktops  Navigate through the menus  Getting help.
IGEL UMS Product Marketing Manager October 2011 Florian Spatz Universal Management Suite.
Ken Dorsey KA8OAD. What is EchoLink? The simple answer is EchoLink software uses VoIP technology to link ham radio stations together around the world.
Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.
Module 4: Add Client Computers and Devices to the Network.
Chapter Fourteen Windows XP Professional Fault Tolerance.
Module 7: Fundamentals of Administering Windows Server 2008.
JCOP Workshop September 8th 1999 H.J.Burckhart 1 ATLAS DCS Organization of Detector and Controls Architecture Connection to DAQ Front-end System Practical.
Update on Database Issues Peter Chochula DCS Workshop, June 21, 2004 Colmar.
June 14, 2005 Alice DCS workshop, Utrecht S.Popescu Guidelines and conventions for ALICE PVSSII control software Graphical User Interface Naming and Numbering.
ALICE DCS Meeting.- 05/02/2007 De Cataldo, Franco - INFN Bari - 1 ALICE dcsUI Version 3.0 -dcsUI v3.0 is ready and will be soon posted on the ACC site.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
NiceFC and CMF Introduction Ivan Deloose IT-IS Custom Windows Services for Controls Applications.
André Augustinus 10 October 2005 ALICE Detector Control Status Report A. Augustinus, P. Chochula, G. De Cataldo, L. Jirdén, S. Popescu the DCS team, ALICE.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
Module 8: Managing Terminal Services. Overview Use and manage Terminal Services RemoteApp programs Use and manage Terminal Services Gateway Optimize and.
Remote Administration Remote Desktop Remote Desktop Gateway Remote Assistance Windows Remote Management Service Remote Server Administration Tools.
Peter Chochula DCS Remote Access and Access Control Peter Chochula.
Module 5: Implementing Printing. Overview Introduction to Printing in the Windows Server 2003 Family Installing and Sharing Printers Managing Access to.
20th September 2004ALICE DCS Meeting1 Overview FW News PVSS News PVSS Scaling Up News Front-end News Questions.
Naming and Code Conventions for ALICE DCS (1st thoughts)
Online Software 8-July-98 Commissioning Working Group DØ Workshop S. Fuess Objective: Define for you, the customers of the Online system, the products.
General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.
The DCS lab. Computer infrastructure Peter Chochula.
ALICE Use of CMF (CC) for the installation of OS and basic S/W OPC servers and other special S/W installed and configured by hand PVSS project provided.
Peter Chochula ALICE Offline Week, October 04,2005 External access to the ALICE DCS archives.
Deploying Software with Group Policy Chapter Twelve.
Computing and Network Infrastructure for Controls CNIC Context? Why CNIC? What is CNIC? CNIC Phases and Definitions CNIC Status and Manpower Conclusion.
DCS Software Installation computing, network, software guidelines, procedures Peter Rosinsky, Peter Chochula, ACC team ALICE DCS Workshop, CERN, 5-6 March.
14 November 08ELACCO meeting1 Alice Detector Control System EST Fellow : Lionel Wallet, CERN Supervisor : Andre Augustinus, CERN Marie Curie Early Stage.
R. Krempaska, October, 2013 Wir schaffen Wissen – heute für morgen Controls Security at PSI Current Status R. Krempaska, A. Bertrand, C. Higgs, R. Kapeller,
The DCS Databases Peter Chochula. 31/05/2005Peter Chochula 2 Outline PVSS basics (boring topic but useful if one wants to understand the DCS data flow)
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
CERN Computing and Network Infrastructure for Controls (CNIC) Status Report on the Implementation Dr. Stefan Lüders (CERN IT/CO) (CS) 2 /HEP Workshop,
Windows Terminal Services for Remote PVSS Access Peter Chochula ALICE DCS Workshop 21 June 2004 Colmar.
Database Issues Peter Chochula 7 th DCS Workshop, June 16, 2003.
11 November 1999Sticky Technology for Augmented Reality Systems Robert Kurian Inspection Team STARS Project Carnegie Mellon University 11 November.
Managing Servers Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Using Remote DesktopPlan server management strategies 2.1 Delegating.
Supervision of production computers DCS security Remote access to DCS Peter Chochula 9 th DCS Workshop, March 15, 2004 Geneva.
Control system network security issues and recommendations
Configuration for Network Security
The Visible Computer Chapter 3.
Thin Clients, RDP and Citrix.
Unit 27: Network Operating Systems
Networking for Home and Small Businesses – Chapter 2
Securing Windows 7 Lesson 10.
Networking for Home and Small Businesses – Chapter 2
Networking for Home and Small Businesses – Chapter 2
Presentation transcript:

Peter Chochula ALICE DCS Workshop, October 6,2005 DCS Computing policies and rules

 Proposal for the ALICE implementation of CNIC recommendations was circulated  This talk should trigger the discussion during this workshop  Collected feedback will be implemented in the new version of the document which will be then sent to detector teams for approval

DCS Computer Categories  Servers (SE) – provide back-end service and are not directly accessible by the users (the Terminal Server (TS) is the only exception)  Worker Nodes (WN) – perform the DCS tasks.  Operator Nodes (ON) – run the user interface and all software needed to operate the detector DCS. There is one ON per detector  Consoles (CO) – computers used by the operator to interact with the system

Adding and removing devices to/from the DCS network  Each detector is responsible for adding and removing their devices (other than PCs) to/from the network (mainframes, PLCs, etc.)  The connection request must be made by a responsible person named by the detector (DR)  The request will be authorized by the DCS responsible  Needed web-based tools are released  No wireless connections are expected on the DCS network (wireless connectivity is available on the General Purpose Network)

 The detector responsible person must provide following information about each device prior to the connection:  Device name, type, model, MAC address  This data is mandatory for the web-based connection request form  Expected data volumes to be transferred to/from this device and other networked devices which will be accessed  In case of the network abuse (due to wrong configuration, unexpected connections etc.) the DCS responsible is authorized to disconnect the device until the anomaly is solved

Purchasing and installation of DCS computers  All DCS computers are purchased, tested and installed (including the network connection and OS configuration) by the DCS team  Windows system is mandatory for all computers running the PVSSII and will be installed using the NICEFC tools  Linux system will be installed on some servers using the LinuxFC tools  Embedded computers and computers part of the FERO might require Linux operating system  Use and installation of such computers requires an approval of the DCS responsible  These computers are under responsibility of the detector team and are considered as part of their FERO sub-system

Installation of the applications and drivers  All applications and drivers are installed by the DCS system administrator and detector expert  Standard applications will be deployed using the NiceFC tools  Non standard applications will be installed on detector request  Rules described in the draft document must be followed (long term maintenance, licensing issues, documentation…)

Installation of Detector Projects  Detector projects must be first tested in the DCS Lab  Basic tests will include virus scanning, conformity with naming and numbering conventions for critical components (system number, service names, installation paths, software version)  Verified projects will be transferred to the production network via the application gateway  No direct installation fro example from USB sticks or CD-ROMs will be allowed  No application development will be allowed on the production network  Small hot-fixes can be performed, however the project must be backed-up before it is modified

Access to the DCS  DCS control actions can be performed only from the ACR  Remote operation is restricted to monitoring  Access to the DCS will be restricted according to user privileges  At operating system level  At PVSSII level – using the framework access mechanisms  The DCS administrator has administrative rights on all devices connected to the DCS network

External Internal Remote Access Scheme HTTP, RDP PVSS RDP X11  Authentication against the Terminal Server  Access to an instance of the UI (no Desktop)  Genuine UI controls navigation  JCOP FW handles privileges on the UI  Authentication against the Terminal Server  Access to an instance of the UI (no Desktop)  Separate Desktop access for experts for e.g. PC maintenance  Operator UI never disturbed PVSS, RDP, X11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.