LDAP For Alarms and Authorization Matthias Clausen (DESY)

Slides:

Advertisements

Similar presentations

Control System Studio (CSS)

Advertisements

Jan Hatje, DESY AMS – Alarm Management System PCaPAC AMS – Alarm Management System and CSS – Control System Studio Update PCaPAC 2008 J.Stefan Institute,

SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)

Matthias Clausen, DESY CSS GSI Feb. 2009: Introduction XFEL The European X-Ray Laser Project X-Ray Free-Electron Laser 1 CSS – Control System.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

1 Software Testing and Quality Assurance Lecture 32 – SWE 205 Course Objective: Basics of Programming Languages & Software Construction Techniques.

Topics in this presentation: The Web and how it works Difference between Web pages and web sites Web browsers and Web servers HTML purpose and structure.

Managed by UT-Battelle for the Department of Energy Kay Kasemir ORNL/SNS Jan Control System Studio Training - Alarm System Use.

Understanding Active Directory

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

Managed by UT-Battelle for the Department of Energy Kay Kasemir ORNL/SNS April 2013 Control System Studio Training - Alarm System Use.

Ch 8-3 Working with domains and Active Directory.

Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

E-Commerce LAB#1 Samia alblwi1E-Commerce ( IS412) 2011.

Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.

Installing and Configuring Tomcat A quick guide to getting things set up on Windows.

Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.

Classroom User Training June 29, 2005 Presented by:

KJOlinski.com - RapidHMI INTRODUCING RapidHMI AND PLCExplorer.

Pc Naming Configuration 1.WEB REGISTER 2.FIXNAME 3.MCAFEE AGENT SETUP ITC Training: Session 2.

XFEL The European X-Ray Laser Project X-Ray Free-Electron Laser Matthias Clausen, DESY XFEL Refrigerator Controls – April Alarm Training Making.

Jan Hatje, DESY CSS ITER March 2009: Alarm System, Authorization, Remote Management XFEL The European X-Ray Laser Project X-Ray Free-Electron.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.

5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.

XFEL The European X-Ray Laser Project X-Ray Free-Electron Laser Matthias Clausen, DESY XFEL Refrigerator Controls – April CSS-DCT (SNL) Training.

Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.

September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.

The Internet and World Wide Web

MACIASZEK, L.A. (2001): Requirements Analysis and System Design. Developing Information Systems with UML, Addison Wesley Chapter 6 - Tutorial Guided Tutorial.

How to upload files to Altervista Overview:

Managed by UT-Battelle for the Department of Energy Kay Kasemir ORNL/SNS Oct EPICS Meeting, PAL, Korea Control System Studio Training.

Jan Hatje, DESY CSS ITER March 2009: Technology and Interfaces XFEL The European X-Ray Laser Project X-Ray Free-Electron Laser 1 CSS – Control.

Chapter 8 Collecting Data with Forms. Chapter 8 Lessons Introduction 1.Plan and create a form 2.Edit and format a form 3.Work with form objects 4.Test.

Managed by UT-Battelle for the Department of Energy Kay Kasemir ORNL/SNS Oct EPICS Meeting, PAL, Korea Control System Studio Training.

Matthias Clausen, DESY CSS – Control System Studio TINE User Meeting 1 CSS – Control System Studio TINE Users Meeting DESY 5 th December 2008 Matthias.

XFEL The European X-Ray Laser Project X-Ray Free-Electron Laser Matthias Clausen, DESY XFEL Refrigerator Controls – April CSS Core Applications.

Jan Hatje, DESY CSS GSI Feb. 2009: Alarm System, Authorization, Remote Management XFEL The European X-Ray Laser Project X-Ray Free-Electron.

Matthias Clausen, DESY CSS GSI Feb. 2009: Synoptic Display Studio and ArchiveBrowser XFEL The European X-Ray Laser Project X-Ray Free-Electron.

Abingdon JoiMint-eLog Matthias Clausen.

Managed by UT-Battelle for the Department of Energy CSS Update Matthias Clausen, Helge Rickens, Jan Hatje and DESY Delphy Armstrong, Xihui Chen,

Reliability/ Secure IOC / Outlook M. Clausen / DESY 1 CA-Put Logging BurtSave Warm Reboot Matthias Clausen DESY/ MKS.

07/10/2007 VDCT Status Update EPICS Collaboration, October 2007 Knoxville, Tennessee

27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Jan Hatje, DESY CSS GSI Feb. 2009: Technology and Interfaces XFEL The European X-Ray Laser Project X-Ray Free-Electron Laser 1 CSS – Control.

Jan Hatje, DESY CSS – Control System Studio EPICS collaboration meeting CSS – Control System Studio Update EPICS collaboration meeting 2008 Shanghai.

Introduction to Active Directory

Matthias Clausen, Jan Hatje, DESY CSS Overview – Alarm System and Management CSS Overview - GSI, 11 Februrary CSS Overview Alarm System and CSS.

Applications Kay Kasemir ORNL/SNS Using Information and pictures from Matthias Clausen, Jan Hatje, and Helge Rickens (DESY) October 2007.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

CSCI 3327 Visual Basic Chapter 13: Databases and LINQ UTPA – Fall 2011.

Matthias Clausen, DESY EPICS Training – Client Tools/ CSS EPICS collaboration meeting EPICS Training Client Tools EPICS collaboration meeting 2008.

1 Introduction to Active Directory Directory Services Uniquely identify users and resources on a network Provide a single point of network management.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Managed by UT-Battelle for the Department of Energy Kay Kasemir ORNL/SNS 2012, April at SLAC Control System Studio Training - Alarm System.

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

Installing the ALSMS Software on a Windows Platform Configuration Example Alcatel-Lucent Security Products Configuration Example Series.

Managed by UT-Battelle for the Department of Energy Quest for the Best Ever Alarm System Tool Kay Kasemir Oct

Best Ever Alarm System Toolkit Kay Kasemir, Xihui Chen, Katia Danilova, SNS/ORNL ICALEPCS 2009, Kobe, Japan, Oct 2009.

4.01 How Web Pages Work.

Understand Names Resolution

4.01 How Web Pages Work.

EPICS Training Client Tools

Control System Studio (CSS)

Alarm Training Making the transition from alh to CSS Alarm Tools

Configuration Of A Pull Network.

Introduction to Active Directory Directory Services

4.01 How Web Pages Work.

IS 4506 Configuring the FTP Service

Presentation transcript:

LDAP For Alarms and Authorization Matthias Clausen (DESY)

Overview Please find LDAP Schema File and LDIF Files on the CSS Web Site: LDAP Screen Dumps were created using Apache Directory Studio and JXplorer

LDAP Tree Currently the LDAP Tree consists of FOUR main Branches: EpicsControls –Structured List of ALL IOCs with ALL records. Reference for Namespace Browser Location to persist Alarm States EpicsAlarmcfg –Alh-Like Alarm Tree (support for interactive configuration in CSS) EpicsAuthorize –Applying (access)rolls to Users EpicsAuthorizeID –Applying Authorize-IDs to Access-Rolls

EpicsControls Tree is filled by: Based on the dbl -> iocName.db files –Initially a set of scripts created LDAP entries –No a Java program is running periodically checking for new/changed *.db files and updates the LDAP tree IOC-Name / IP-address is set by: Script/ Program Record Entries (Alarm-States) are written by: InterConnection-Server (Alarm-States read from IOC) Set to invalid if IOC is disconnected from IC-Server. CSS Alarm-Table and CSS Alarm-Tree on Alarm Acknowledge. Record Entries (Alarm-States) are read by: CSS Alarm-Tree to display current alarm states  Note: Each record MUST be defined in EpicsControls and MAY be defined multiple times in EpicsAlarmcfg!!

EpicsControls Tree Structure: Ou=EpicsControls –efan=TTF (facilityName) ecom=EPICS-IOC (componente) –econ=ttfKryo (controller) »eren=recordName (recordName)

EpicsControls Subcomponents epicsController –epicsIPAddress Important to find (logical) IOC name for an established IP- Connection. E.g. by interconnectionServer. –ecom Important to find the IOC name for a given record name Save changes in iocName.ca Use caPut to write iocName.ca back to IOC at the end of an IOC reboot. IOCs always keep their logical name! IOC hardware (e.g. VME boards) always keeps the IP address of the HARDWARE. Thus IP addresses of (logical) IOCs may change!

EpicsControls Subcomponents epicsRecordName (eren) –epicsAlarmAcknTimeStamp –epicsAlarmHighUnAckn Highest unackn. alarm –epicsAlarmSeverity –epicsAlarmStatus –epicsAlarmTimeStamp

EpicsAlarmcfg Tree is filled by: Manual Entries using the CSS Alarm-Tree interactively (next slide) Automated Entries retrieved from the alh config files Record Entries (Alarm-States) are written by: InterConnection-Server (Alarm-States read from IOC) Set to invalid if IOC is disconnected from IC-Server. CSS Alarm-Table and CSS Alarm-Tree on Alarm Acknowledge. Record Entries (Alarm-States) are read by: CSS Alarm-Tree to display current alarm states  Alarms can only be written to those records in the EpicsAlarmcfg which have been defined here!  Note: Each record MUST be defined in EpicsControls and MAY be defined multiple times in EpicsAlarmcfg!!

Configuring the Alarm-Tree (EpicsAlarmcfg) Adding Components (root-nodes) and records (leaves) to the Alarm- Tree interactively Changes are stored in the current LDAP server Configuring Root Nodes (logical structure) and Leaves (records) using the default Eclipse property view Root Nodes and Leaves share the same Properties Properties: Alarm Display (Css Display) Display (Css Display) Help Guidance (text) Help Page (http address) Strip Chart (dataBrowser config file)

EpicsAlarmcfg Subcomponents epicsRecordName (eren) –epicsAlarmAcknTimeStamp –epicsAlarmHighUnAckn Highest unackn. alarm –epicsAlarmSeverity –epicsAlarmStatus –epicsAlarmTimeStamp –epicsCssAlarmDisplay –epicsCssDisplay –epicsCssStripChart –epicsHelpGuidance –epicsHelpPage

EpicsAlarmcfg Sub Functionalities Alarm Acknowledge From Alarm-Tree From Alarm-Table CSS Ackn. LDAP JMS CSS Acknowledge is DIRECTLY written to LDAP  persistence Acknowledge-JMS Message is created to send ackn. to ALL CSS instances to set ackn.-flag (even in the CSS instance which generated the JMS message!)  correctly: CSS instances register for the ACK Topic

EpicsAuthorize Tree is filled by: Automated Entries created by the DESY registry –Computer Accounts and access grants are defined here centrally No Manual Entries allowed Entries are read by: CSS Security plugin

EpicsAuthorize Tree Structure: Ou=EpicsAuthorize –ou=Css (organizational unit) ou=Css (CSS group authorization(group)) –eagn=Admin (Admins of Css group(roll)) »eaun=claus epicsAccesUserName (DESY: DESY account)

EpicsAuthorizeID (not yet functional) Tree is filled by: For now: only manual entries CSS-Plugin is planned to ease entering new IDs Entries are read by: CSS Security plugin

EpicsAuthorizeID Tree Structure: Ou=EpicsAuthorizeID –ou=SDS (organizational unit) eain=remoteManagement (ID Name) –eair=admin (roll) –eaig=css (group)