Presentation is loading. Please wait.

Presentation is loading. Please wait.

Accelerator Controls Brad Cumbia Anthony Cuffe December 1, 2010 Remote Access Review.

Similar presentations


Presentation on theme: "Accelerator Controls Brad Cumbia Anthony Cuffe December 1, 2010 Remote Access Review."— Presentation transcript:

1 Accelerator Controls Brad Cumbia Anthony Cuffe December 1, 2010 Remote Access Review

2 Accelerator Controls Identify Lab systems in your area that are remotely accessed or will be in the near future - Network Systems (Network Administrators) - Switches - Routers - Management systems (Cisco Works, Network Node Manger, etc..) - Accelerator Control Systems (On-Call Personnel and Administrators) - IOCs (On-call and Administrators) - Unix systems (On-call and Administrators) - Windows systems (All users) - Web servers (All users)

3 Accelerator Controls Explain how your systems are remotely accessed from - Network Systems - on-site - Access via ssh protocol only (from Linux and Windows) - Authentication control by TACACS+ Server (Cisco ACS) - ACLs for finer access restrictions - Network Systems - off-site - Access via ssh protocol through login.jlab.org and then Accel system - Equivalent to on-site after authenticating

4 Accelerator Controls Cont. - Accelerator Control Systems - on-site - Access to Unix systems via ssh protocol (terminal) - Access to Unix desktop via NXclient over ssh - Access to Windows systems via rdp protocol - Access to IOCs via dedicated Terminal Servers (ssh only) - Accelerator Control Systems - off-site (through login.jlab.org) - Access to Unix systems (terminal) via ssh protocol w/tcp wrappers - Access to Unix desktop via NXclient tunneled over ssh - Access to Windows systems via rdp protocol tunneled over ssh - Access to IOCs via dedicated Terminal Servers (ssh only) - Access to Web servers via a proxy server tunneled over ssh

5 Accelerator Controls Cont. - Global Measures - Write Access to IOCs controlled by Channel Access (host and user) - tcp wrappers employed widely to restrict access to systems. - Network level ACLs blocking protocols and restricting access to systems. - Procedures - How to Access Internal Web servers from Off-Site -https://devweb.acc.jlab.org/twiki/bin/view/SWDocs/HowToTunnelWebViaSSH - How to Open A Remote Windows Desktop - https://devweb.acc.jlab.org/twiki/bin/view/SysAdmin/HowToRemoteDesktopWi ndows - How to Open A Remote Linux Desktop - https://devweb.acc.jlab.org/twiki/bin/view/SysAdmin/HowToRemoteDesktopLin ux

6 Accelerator Controls Describe future plans or needs for enhancing/upgrading remote access, e.g. changed systems, different controls, access for PDAs, etc. - Extended use of NXclient (Linux Desktop) over RDP (Windows Desktop). - Develop remote access procedures and tools for smart phones and tablet devices. - Stronger ACLs with hardware based firewalls.

7 Area Comments


Download ppt "Accelerator Controls Brad Cumbia Anthony Cuffe December 1, 2010 Remote Access Review."

Similar presentations


Ads by Google