Download presentation
Presentation is loading. Please wait.
Published byKatherine Scott Modified over 8 years ago
1
Dirk Zimoch, EPICS Collaboration Meeting October 20081 SLS Beamline Networks and Data Storage
2
Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 2 PSI network Old Network Layout (last year) SLS Accelerator Gat e way Beamlines
3
Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 3 The Problem ■ Common beamline network is not safe ► Badly programmed CA clients can flood the network with broadcasts ► Users may accidently write to records of other beamlines ► Viruses etc may spread over all beamlines ► Industrial users want their data safe and protected ■ Separate beamline networks need safe communication ► Access to machine and other beamlines ► Access from outside (e.g. offices) ► Internet access from beamline ► Storage access
4
Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 4 PSI network New Network Layout (now) SLS Accelerator Beamline 1 Beamline 2 Gat e way Gate way Firewall Switch
5
Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 5 Channel Access Gateway Setup ■ All gateways connect to central accelerator network ► Assumption: Beamline to beamline traffic is low ► Central services in accelerator network (e.g. archiver) ■ All gateways are bi-directional ► Full write access from accelerator ► Limited write access from beamlines to machine (We trust the accelerator but not the beamlines) ► No write access from beamline to beamline ► Take care to prevent loops ■ Access from outside world is read-only
6
Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 6 vmWare Beamline Network Console IOC User Laptop Login gateway IOC Bootserver Softioc PSI network Firewall blocks incoming traffic except ssh to login gateway. Firewall CA gateway Accelerator Fileserver Compute node Fileserver GPFS Detector Beamline hutch
7
Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 7 Safety Measures ■ Firewall allows ssh from outside only to login gateway ► Other machines with less strict security cannot compromise system ► Login gateway has list of trusted users (PAM) ● Beamline scientists ● Beamline supporters ● People doing on-call service ● No external beamline users ■ Servers are located in server room, not at the beamline ► No physical access ► Better cooling ► Uninterruptible power supply
8
Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 8 VmWare Server System ■ ■ HP blade system ■ ■ 16 blades per enclosure ► Dual core Opteron 2.4 GHz ► 2 GB RAM ■ ■ 2 network connections ► Accelerator ► 16 beamlines via VLAN ■ ■ VmWare for virtual machines ► 256 MB per virtual machine
9
Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 9 controller 0controller 1controller 0controller 1controller 0controller 1 Beamline Storage ■ ■ Up to 30 TB netto ■ ■ 400 MB/sec from one host ■ ■ 600-700 MB/sec total controller 0controller 1 500 GB SATA RAID 6 Up to 4 disk arrays per beamline 2 x 4 Gbit/sec Fibre Channel
10
Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 10 Data safety ■ Double redundancy with RAID 6 ■ Individual LDAP accounts for users ► No access to data of other users ► Automated account generation ■ No long term storage ► 30 TB is just enough for one month ► No backup ► Users take data home on constantly synchronized external hard disk (Firewire or USB)
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.