Presentation is loading. Please wait.

Presentation is loading. Please wait.

A New Production Environment for LCLS Controls System

Published byMiguel Ángel Ortiz de Zárate Modified over 5 years ago

Similar presentations

Presentation on theme: "A New Production Environment for LCLS Controls System"— Presentation transcript:

1 A New Production Environment for LCLS Controls System
Ernest and Jingchen

2 Migrated to Standalone Production Environment
Why needed? Wide open and vulnerable Dependent on SCCS services Not for production No 24/7 support Beyond our control Standalone? The LCLS controls systems hosted on a secure and private network designed for production CA network (Channel Access network) All the services required by the controls system provided by MCC instead of SCCS The goal: To improve the reliability To improve the security To improve the performance What missing: Transparency

3

4 Services Provided with CA
NFS: file server for applications and data DHCP: bootp for network setting TFTP: loading up the kernel NTP: time synchronization DNS: “phone book” for network NIS: Authentication server for account management (in progress) Matlab License Server A cluster of application servers: daemons, elog, archivers, high level apps and etc. A cluster of OPIs: operational consoles Software packages: required to build controls applications Automated patching system Backup/Restore Network and system monitoring and diagnosis User support etc.

5 lcls-prod02: the Gateway to CA
A public machine on DMZ network Access to CA via lcls-prod02 Access to the public via lcls-prod02 Log in lcls-prod02 From any public node in SLAC, e.g., your office desktop ssh lcls-prod02 kinit if needed

6 More about the Servers on CA
Servers you should remember: lcls-builder: a platform for software build/relase lcls-srv01: a platform to host interactive applications lcls-daemon1: a daemon host All on CA network and served by our services Shared accounts iocegr: a shared account for IOC developers softegr: a shared account for software groups laci: a shared account for daemon management all daemons run under laci. Data from daemons owned by laci. How to get to CA? from lcls-prod02 ssh No password needed if RSA set properly on lcls-prod02, type “ssh-keygen –t rsa”, responds all prompts with Return ask KenB to authorize you for access You are in the world of CA: lclshome, matlab, lclsarch, and etc.

7 OPIs: Operational Consoles on CA
lcls-opi1[-4] On CA network In MCC, formerly called Kiosks lcls-opi5[-x] In sectors All are operations consoles and for production only Log in as physics No more AFS token issue Will be changed to lclsops when LCLS is in production Completely independent of SCCS services No direct access to any public resources: , WEB, your AFS home directory Log in lcls-prod02 if needed for public resources

8 In the CA World … lclshome, matlab, lclsarch, SCP button, and etc.
Software release Developed in public AFS/NFS, CVS repository in AFS Remote cvs $ export $ cvs co <module> $ cvs commit A quick and dirty release if not in CVS $ scp . No push from DMZ to CA for now Public resource access $ ssh WEB: firefox Other applications in AFS Your SLAC $HOME directory in AFS: /afs/slac/u/<group>/<username>

9 bash only tcsh: SLAC default login shell bash: CA default login shell
$HOME/.login $HOME/.cshrc bash: CA default login shell $HOME/.bash_profile $HOME/.bashrc . /usr/local/lcls/epics/setup/epicsReset.bash . /usr/local/lcls/tools/matlab/setup/matlabSetup.bash Shell scripts: #!/bin/bash -norc

10 Some Key Environment Variables
key environment variables defined: LCLS_ROOT=/usr/local/lcls root for software LCLS_DATA=/u1/lcls for data storage EPICS_SETUP=/usr/local/lcls/epics/setup for EPICS setup files MATLABROOT=/usr/local/matlab/matlab75 MATLAB top ORACLE_HOME=/usr/local/lcls/package/oracle/product/10.2.0/client_1 JAVA_HOME=/usr/local/lcls/package/java/jdk1.6.0_02

11 Production Data /u1/lcls Transparent to all nodes on CA as R/W
OPIs IOCs servers Visible to nodes on DMZ as R Only e.g., ssh lcls-prod02 from your office desktop ls /mccfs2/u1/lcls Availability to the public via protocols like http is under study Data buffer Any incremental data at high rate Only reasonable amount of data kept online on CA Old data will be staged over to SCCS for final storage in /nfs/slac/g/lcls Log files trimmed on a regular basis Other type of data kept online as long as needed

12 More about /u1/lcls /u1/lcls/ cmlog/ epics/ matlab/ physics/ tools/
ioc/ data/

13 Application Filesystems
/usr/local/lcls Transparent to all nodes on CA as R/W Not visible to any node on public networks, including DMZ

14 More about /usr/local/lcls
$ ls /usr/local/lcls: epics package physics rtems tools epics: base display hostTop iocTop extensions iocCommon modules setup base, extensions, setup owned by epicsmgr others owned by iocegr rtems: owned by rtemsmgr physics: owned by softegr for high level apps package: owned by softegr packages required to build the applications tools: owned by softegr alh cmlogFwdBro irmis script ChannelWatcher cmlogFwdCliS edm javalib cmdSrv cmlogTools iocLogAndFwdServer matlab

15 Some Examples ChannelWatcher AlarmHandler EDM CMLOG MATLAB iocConsole
config: /usr/local/lcls/tools/ChannelWatcher/config data: /u1/lcls/epics/ioc/data/<ioc> AlarmHandler config: /usr/local/lcls/tools/alh/config/ log: /u1/lcls/tools/alh/log/ EDM screens: /usr/local/lcls/tools/edm/display data: /u1/lcls/tools/edm/data CMLOG data: /u1/lcls/cmlog MATLAB scripts: /usr/local/lcls/tools/matlab data: /u1/lcls/matlab iocConsole config: /usr/local/lcls/epics/iocCommon data: /u1/lcls/epics/ioc/data/<ioc>

16 The Goal Robust Secure Optimized

Download ppt "A New Production Environment for LCLS Controls System"

Similar presentations

SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
EPICS Development Cleanup EPICS only for now Must match with the existing production environment Must not impact the existing production.

EPICS Development Cleanup EPICS only for now Must match with the existing production environment Must not impact the existing production.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.

Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.

Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
R. Lange, M. Giacchini: Monitoring a Control System Using Nagios Monitoring a Control System Using Nagios Ralph Lange, BESSY – Mauro Giacchini, LNL.

R. Lange, M. Giacchini: Monitoring a Control System Using Nagios Monitoring a Control System Using Nagios Ralph Lange, BESSY – Mauro Giacchini, LNL.
Remote access and file transfer Getting files on and off Bio-Linux.

Remote access and file transfer Getting files on and off Bio-Linux.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
A crash course in njit’s Afs

A crash course in njit’s Afs
Terri Lahey EPICS Collaboration Meeting June 2006 15 June 2006 LCLS Network & Support Planning Terri Lahey.

Terri Lahey EPICS Collaboration Meeting June June 2006 LCLS Network & Support Planning Terri Lahey.
UNIX ™ /Linux Overview Unix/IP Preparation Course June 9, 2013 Lusaka, Zambia.

UNIX ™ /Linux Overview Unix/IP Preparation Course June 9, 2013 Lusaka, Zambia.
Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.

Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.
EPICS and EDM Overview 03 October 2008 Matt Boyes EPICS and EDM Overview Lecture 1 Matt Boyes.

EPICS and EDM Overview 03 October 2008 Matt Boyes EPICS and EDM Overview Lecture 1 Matt Boyes.
 Academic   Administrative ◦ Departments  Desktop Services  Networking & Telecommunications  Computer Center ◦ Office of Computer and Information.

 Academic   Administrative ◦ Departments  Desktop Services  Networking & Telecommunications  Computer Center ◦ Office of Computer and Information.
MSc. Miriel Martín Mesa, DIC, UCLV. The idea Installing a High Performance Cluster in the UCLV, using professional servers with open source operating.

MSc. Miriel Martín Mesa, DIC, UCLV. The idea Installing a High Performance Cluster in the UCLV, using professional servers with open source operating.
A New Production Environment for LCLS Controls System Ernest and Jingchen.

A New Production Environment for LCLS Controls System Ernest and Jingchen.
Notes from Installing a Mac G5 Cluster at SLAC Chuck Boeheim SLAC Computing Services.

Notes from Installing a Mac G5 Cluster at SLAC Chuck Boeheim SLAC Computing Services.
CVS Client/Server CVS (GNU CVS) –Open source –Cross-platform Designed as a client/server application Remote access –Client cvs: uses rsh or ssh to establish.

CVS Client/Server CVS (GNU CVS) –Open source –Cross-platform Designed as a client/server application Remote access –Client cvs: uses rsh or ssh to establish.

Similar presentations

Ads by Google