Dirk Zimoch, EPICS Collaboration Meeting October 20081 SLS Beamline Networks and Data Storage.

Slides:

Advertisements

Similar presentations

Company Equipment Upgrade Proposal. The Current Situation  It has been five years since Alt-F4 Inc. has upgraded any of it’s equipment.  200 Computers.

Advertisements

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

Dirk Zimoch, EPICS Collaboration Meeting, Vancouver 2009 PSI-XFEL Challenges and Developments.

Duke Atlas Tier 3 Site Doug Benjamin (Duke University)

Accelerate Your Business RP IaaS (Infrastructure as a Service) IaaS.

Scale-out Central Store. Conventional Storage Verses Scale Out Clustered Storage Conventional Storage Scale Out Clustered Storage Faster……………………………………………….

Computing Resources Joachim Wagner Overview CNGL Cluster MT Group Cluster School Cluster Desktop PCs.

VMware Infrastructure Alex Dementsov Tao Yang Clarkson University Feb 28, 2007.

Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.

Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.

Deployment Options Frank Bergmann

SECURING AND LEVERAGING THE POWER OF VIRTUAL SERVERS AND DESKTOPS Conrado Wang Cheng Niemeyer Information Security Officer, Sacred Heart University.

Campus Networking Best Practices Session 2: Layer 3 Dale Smith University of Oregon & NSRC

Back Up and Recovery Sue Kayton February 2013.

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

Terri Lahey EPICS Collaboration Meeting June June 2006 LCLS Network & Support Planning Terri Lahey.

Computerized Networking of HIV Providers Networking Fundamentals Presented by: Tom Lang – LCG Technologies Corp. May 8, 2003.

CNT-150VT. Question #1 Your name Question #2 Your computer number ##

COEN 252 Computer Forensics

Amedeo Perazzo Online Computing November 12 th, Computing Resources for DAQ & Online Amedeo Perazzo Photon Controls.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Introduction to Networking. Key Terms packet  envelope of data sent between computers server  provides services to the network client  requests actions.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

IT Security for the LHCb experiment 3rd Control System Cyber-Security Workshop (CS)2/HEP ICALEPCS – Grenoble Enrico Bonaccorsi, (CERN)

Dirk Zimoch, Pikett Training Channel Access Gateway.

Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT THE PAUL SCHERRER INSTITUTE Swiss Light Source (SLS) Particle accelerator.

Dec 8-10, 2004EPICS Collaboration Meeting – Tokai, Japan MicroIOC: A Simple Robust Platform for Integrating Devices Mark Pleško

Hotfoot HPC Cluster March 31, Topics Overview Execute Nodes Manager/Submit Nodes NFS Server Storage Networking Performance.

Introduction to U.S. ATLAS Facilities Rich Baker Brookhaven National Lab.

INDIACMS-TIFR Tier 2 Grid Status Report I IndiaCMS Meeting, April 05-06, 2007.

Sandor Acs 05/07/

Dirk Zimoch, EPICS Collaboration Meeting October 2008 PSI Large Research Facilities Status SLS, Proton Facility, PROSCAN, PSI-XFEL.

NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.

21 st October 2002BaBar Computing – Stephen J. Gowdy 1 Of 25 BaBar Computing Stephen J. Gowdy BaBar Computing Coordinator SLAC 21 st October 2002 Second.

Virtualization for the LHCb Online system CHEP Taipei Dedicato a Zio Renato Enrico Bonaccorsi, (CERN)

ITGS Networks. ITGS Networks and components –Server computers normally have a higher specification than regular desktop computers because they must deal.

TATII ITS Network (Fiber ) Portal Server Fourth Avenue Building Database Server Dual Sparc SAN (RAID) 1.2 TB Direct Connection backup_tables raw_data_files.

The DCS lab. Computer infrastructure Peter Chochula.

HEP Computing Status Sheffield University Matt Robinson Paul Hodgson Andrew Beresford.

Local issues Auditing Log Review Physical protection Disaster Recovery Backup Schedules Off-site storage SECURITY.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

Ralph Lange: CA Gateway Update CA Gateway Update Ralph Lange – EPICS Collaboration Meeting March SSRF.

Network and Computer Security in the Fermilab Accelerator Control System Timothy E. Zingelman Control System Cyber-Security Workshop (CS)2/HEP Knoxville,

Macromolecular Crystallography Workshop 2004 Recent developments regarding our Computer Environment, Remote Access and Backup Options.

Sydney Region Servers. Windows 2003 Standard Configuration Able to be supported remotely Antivirus updates managed from server.

Install, configure and test ICT Networks

Portuguese Grid Infrastruture(s) Gonçalo Borges Jornadas LIP 2010 Braga, Janeiro 2010.

R. Krempaska, October, 2013 Wir schaffen Wissen – heute für morgen Controls Security at PSI Current Status R. Krempaska, A. Bertrand, C. Higgs, R. Kapeller,

Computer Security Sample security policy Dr Alexei Vernitski.

Liberty Mutual Group Asset Management Inc. Group Liberty Mutual Group Asset Management Inc. Business Continuity & Securing Your Data Our responsibilities.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

VM Layout. Virtual Machine (Ubuntu Server) VM x.x You can putty into this machine from on campus. Or you can use vSphere to control the hardware.

Open-E Data Storage Software (DSS V6)

VMware ESX and ESXi Module 3.

Cluster Status & Plans —— Gang Qin

Paul Kuipers Nikhef Site Report Paul Kuipers

OCF servers a very brief overview

Information Technology

HP MediaSmart Server.

Computing infrastructure for accelerator controls and security-related aspects BE/CO Day – 22.June.2010 The first part of this talk gives an overview of.

UNIT 19 Data Security 2.

Welcome! Thank you for joining us. We’ll get started in a few minutes.

Accelerator Network Safety at PSI

3.2 Virtualisation.

PPPoE Internet Point to Point Protocol over Ethernet

Design Unit 26 Design a small or home office network

Back Up and Recovery Sue Kayton October 2015.

Presentation transcript:

Dirk Zimoch, EPICS Collaboration Meeting October SLS Beamline Networks and Data Storage

Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 2 PSI network Old Network Layout (last year) SLS Accelerator Gat e way Beamlines

Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 3 The Problem ■ Common beamline network is not safe ► Badly programmed CA clients can flood the network with broadcasts ► Users may accidently write to records of other beamlines ► Viruses etc may spread over all beamlines ► Industrial users want their data safe and protected ■ Separate beamline networks need safe communication ► Access to machine and other beamlines ► Access from outside (e.g. offices) ► Internet access from beamline ► Storage access

Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 4 PSI network New Network Layout (now) SLS Accelerator Beamline 1 Beamline 2 Gat e way Gate way Firewall Switch

Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 5 Channel Access Gateway Setup ■ All gateways connect to central accelerator network ► Assumption: Beamline to beamline traffic is low ► Central services in accelerator network (e.g. archiver) ■ All gateways are bi-directional ► Full write access from accelerator ► Limited write access from beamlines to machine (We trust the accelerator but not the beamlines) ► No write access from beamline to beamline ► Take care to prevent loops ■ Access from outside world is read-only

Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 6 vmWare Beamline Network Console IOC User Laptop Login gateway IOC Bootserver Softioc PSI network Firewall blocks incoming traffic except ssh to login gateway. Firewall CA gateway Accelerator Fileserver Compute node Fileserver GPFS Detector Beamline hutch

Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 7 Safety Measures ■ Firewall allows ssh from outside only to login gateway ► Other machines with less strict security cannot compromise system ► Login gateway has list of trusted users (PAM) ● Beamline scientists ● Beamline supporters ● People doing on-call service ● No external beamline users ■ Servers are located in server room, not at the beamline ► No physical access ► Better cooling ► Uninterruptible power supply

Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 8 VmWare Server System ■ ■ HP blade system ■ ■ 16 blades per enclosure ► Dual core Opteron 2.4 GHz ► 2 GB RAM ■ ■ 2 network connections ► Accelerator ► 16 beamlines via VLAN ■ ■ VmWare for virtual machines ► 256 MB per virtual machine

Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 9 controller 0controller 1controller 0controller 1controller 0controller 1 Beamline Storage ■ ■ Up to 30 TB netto ■ ■ 400 MB/sec from one host ■ ■ MB/sec total controller 0controller GB SATA RAID 6 Up to 4 disk arrays per beamline 2 x 4 Gbit/sec Fibre Channel

Dirk Zimoch, EPICS Collaboration Meeting October 2008 SLS Beamline Networks 10 Data safety ■ Double redundancy with RAID 6 ■ Individual LDAP accounts for users ► No access to data of other users ► Automated account generation ■ No long term storage ► 30 TB is just enough for one month ► No backup ► Users take data home on constantly synchronized external hard disk (Firewire or USB)