Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter Chochula ALICE DCS Workshop, October 6,2005 DCS Computing policies and rules.

Published byCrystal Cain Modified over 9 years ago

Similar presentations

Presentation on theme: "Peter Chochula ALICE DCS Workshop, October 6,2005 DCS Computing policies and rules."— Presentation transcript:

1 Peter Chochula ALICE DCS Workshop, October 6,2005 DCS Computing policies and rules

2  Proposal for the ALICE implementation of CNIC recommendations was circulated  This talk should trigger the discussion during this workshop  Collected feedback will be implemented in the new version of the document which will be then sent to detector teams for approval

3 DCS Computer Categories  Servers (SE) – provide back-end service and are not directly accessible by the users (the Terminal Server (TS) is the only exception)  Worker Nodes (WN) – perform the DCS tasks.  Operator Nodes (ON) – run the user interface and all software needed to operate the detector DCS. There is one ON per detector  Consoles (CO) – computers used by the operator to interact with the system

4 Adding and removing devices to/from the DCS network  Each detector is responsible for adding and removing their devices (other than PCs) to/from the network (mainframes, PLCs, etc.)  The connection request must be made by a responsible person named by the detector (DR)  The request will be authorized by the DCS responsible  Needed web-based tools are released  No wireless connections are expected on the DCS network (wireless connectivity is available on the General Purpose Network)

5  The detector responsible person must provide following information about each device prior to the connection:  Device name, type, model, MAC address  This data is mandatory for the web-based connection request form  Expected data volumes to be transferred to/from this device and other networked devices which will be accessed  In case of the network abuse (due to wrong configuration, unexpected connections etc.) the DCS responsible is authorized to disconnect the device until the anomaly is solved

6 Purchasing and installation of DCS computers  All DCS computers are purchased, tested and installed (including the network connection and OS configuration) by the DCS team  Windows system is mandatory for all computers running the PVSSII and will be installed using the NICEFC tools  Linux system will be installed on some servers using the LinuxFC tools  Embedded computers and computers part of the FERO might require Linux operating system  Use and installation of such computers requires an approval of the DCS responsible  These computers are under responsibility of the detector team and are considered as part of their FERO sub-system

7 Installation of the applications and drivers  All applications and drivers are installed by the DCS system administrator and detector expert  Standard applications will be deployed using the NiceFC tools  Non standard applications will be installed on detector request  Rules described in the draft document must be followed (long term maintenance, licensing issues, documentation…)

8 Installation of Detector Projects  Detector projects must be first tested in the DCS Lab  Basic tests will include virus scanning, conformity with naming and numbering conventions for critical components (system number, service names, installation paths, software version)  Verified projects will be transferred to the production network via the application gateway  No direct installation fro example from USB sticks or CD-ROMs will be allowed  No application development will be allowed on the production network  Small hot-fixes can be performed, however the project must be backed-up before it is modified

9 Access to the DCS  DCS control actions can be performed only from the ACR  Remote operation is restricted to monitoring  Access to the DCS will be restricted according to user privileges  At operating system level  At PVSSII level – using the framework access mechanisms  The DCS administrator has administrative rights on all devices connected to the DCS network

10 External Internal Remote Access Scheme HTTP, RDP PVSS RDP X11  Authentication against the Terminal Server  Access to an instance of the UI (no Desktop)  Genuine UI controls navigation  JCOP FW handles privileges on the UI  Authentication against the Terminal Server  Access to an instance of the UI (no Desktop)  Separate Desktop access for experts for e.g. PC maintenance  Operator UI never disturbed PVSS, RDP, X11

Download ppt "Peter Chochula ALICE DCS Workshop, October 6,2005 DCS Computing policies and rules."

Similar presentations

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.
Remote access to PVSS projects and security issues DCS computing related issues Peter Chochula.

Remote access to PVSS projects and security issues DCS computing related issues Peter Chochula.
Experiment Control Systems at the LHC An Overview of the System Architecture An Overview of the System Architecture JCOP Framework Overview JCOP Framework.

Experiment Control Systems at the LHC An Overview of the System Architecture An Overview of the System Architecture JCOP Framework Overview JCOP Framework.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Content Overview Update Process Additional Tools.

Content Overview Update Process Additional Tools.
System Center Configuration Manager Push Software By, Teresa Behm.

System Center Configuration Manager Push Software By, Teresa Behm.
Jeff Patton & Doug Whiteley It Service Group IT Roundtable July 15 th, 2009 Thin Clients & Terminal Services.

Jeff Patton & Doug Whiteley It Service Group IT Roundtable July 15 th, 2009 Thin Clients & Terminal Services.
Peter Chochula, January 31, 2006  Motivation for this meeting: Get together experts from different fields See what do we know See what is missing See.

Peter Chochula, January 31, 2006  Motivation for this meeting: Get together experts from different fields See what do we know See what is missing See.
Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.
Information Security Policies and Standards

Information Security Policies and Standards
Software Frameworks for Acquisition and Control European PhD – 2009 Horácio Fernandes.

Software Frameworks for Acquisition and Control European PhD – 2009 Horácio Fernandes.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.

IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
Trend Micro Round Table May 19, 2006. Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.

Trend Micro Round Table May 19, Agenda Introduction – why switch? Timeline for implementation Related policies Trend Micro product descriptions.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Hands-On Microsoft Windows Server 2008 1 Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.
Terminal Services Terminal Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively.

Terminal Services Terminal Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively.
Installing software on personal computer

Installing software on personal computer
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.
Objectives  Understand the purpose of the superuser account  Outline the key features of the Linux desktops  Navigate through the menus  Getting help.

Objectives  Understand the purpose of the superuser account  Outline the key features of the Linux desktops  Navigate through the menus  Getting help.
IGEL UMS Product Marketing Manager October 2011 Florian Spatz Universal Management Suite.

IGEL UMS Product Marketing Manager October 2011 Florian Spatz Universal Management Suite.

Similar presentations

Ads by Google