Terri Lahey EPICS Collaboration Meeting June 2006 15 June 2006 LCLS Network & Support Planning Terri Lahey.

Slides:



Advertisements
Similar presentations
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Advertisements

Chapter 3: Planning a Network Upgrade
The Enterprise Guide to Video Conferencing Created using iThoughts [...] [...]
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Module CSY3021 Network Planning and Programming RD-CSY /09 1.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Guide to Network Defense and Countermeasures Third Edition
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Network Move & Upgrade 2008/2009: September 2008 Les Cottrell SLAC for SCCS core services network group (Antonio Ceseracciu, Jared Greeno,Yee Ting Li,
Wi-Fi Structures.
Terri Lahey LCLS Facility Advisory Committee 20 April 2006 LCLS Network Security Terri Lahey.
Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
M2M Gateway Features Jari Lahti, CTO
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.
CHAPTER Introduction to LANs. MODULE Purpose and Use of a Network.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Mr. Mark Welton.  Three-tiered Architecture  Collapsed core – no distribution  Collapsed core – no distribution or access.
And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.
VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.
Computer communication
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
A New Production Environment for LCLS Controls System Ernest and Jingchen.
Windows 7 Firewall.
1 Prepared by: Les Cottrell SLAC, for SLAC Network & Telecommunications groups Presented to Kimberley Clarke March 8 th 2011 SLAC’s Networks.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.
FireProof. The Challenge Firewall - the challenge Network security devices Critical gateway to your network Constant service The Challenge.
T. Lahey, M. de Salvo, SCCS networking Undulator Accelerator Network Status 1/22/08 1 LCLS Undulator Undulator Network.
Terri Lahey Control System Cyber-Security Workshop October 14, SLAC Controls Security Overview Introduction SLAC has multiple.
Online Software 8-July-98 Commissioning Working Group DØ Workshop S. Fuess Objective: Define for you, the customers of the Online system, the products.
Database as a networked server DB at the centre of the network Network Access Map for DB environment Tracking of tools and apps Remove unnecessary network.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.
Jefferson Lab Report Karen S. White 11/14/00. Overview  Status of Jefferson Lab Control System  Work In Progress  Transitioning to Operations.
Network and Computer Security in the Fermilab Accelerator Control System Timothy E. Zingelman Control System Cyber-Security Workshop (CS)2/HEP Knoxville,
R. Krempaska, October, 2013 Wir schaffen Wissen – heute für morgen Controls Security at PSI Current Status R. Krempaska, A. Bertrand, C. Higgs, R. Kapeller,
.  Hubs send data from one computer to all other computers on the network. They are low-cost and low-function and typically operate at Layer 1 of the.
Networking Components Quick Guide. Hubs Device that splits a network connection into multiple computers Data is transmitted to all devices attached Computers.
LO2 Understand the key components used in networking.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Planning a Network Upgrade Working at a Small-to-Medium Business or.
City of Hyattsville City Council IT Briefing October 19, 2015 dataprise.com | #ITinRealLife.
Server Administration, Server Management and Networking Alokes Chattopadhyay.
MTA Network Fundamental Cram Sesion
Chapter 7. Identifying Assets and Activities to Be Protected
CompTIA Security+ Study Guide (SY0-401)
Contents Software components All users in one location:
Virtual Private Networks
Critical Security Controls
Welcome! Thank you for joining us. We’ll get started in a few minutes.
1. 2 VIRTUAL MACHINES By: Satya Prasanna Mallick Reg.No
CompTIA Security+ Study Guide (SY0-401)
Computer Technology Notes #4
Unit 27: Network Operating Systems
Professional Network Services
Designing IIS Security (IIS – Internet Information Service)
Introduction to Networking Security
Presentation transcript:

Terri Lahey EPICS Collaboration Meeting June June 2006 LCLS Network & Support Planning Terri Lahey

EPICS Collaboration Meeting June June 2006 Outline Goal: build production hosts, workstations, & networks Engineering Teams Apply experience and new architectures Integrated Security at SLAC Servers & desktops Network Plans Ethernet Architecture What’s Next?

Terri Lahey EPICS Collaboration Meeting June June 2006 Engineering Teams Scientific Computing & Computing Services (SCCS) network and security: Gary Buhrmaster et. al., Antonio Ceseracciu, Charles Granieri, Fred Hooker LCLS: Mark Crane, Mike DiSalvo, Doug Murray Controls & Power Engineering (CPE): Ken Brobeck, Jim Knopf, Terri Lahey, Jingchen Zhou

Terri Lahey EPICS Collaboration Meeting June June 2006 Apply Experience from PEP and Implement New Architectures Protect accelerator components and access to the control system Control number of connections Control who connects Meet Users needs Physicists, operators, engineers need access to control system and components so they can do their job Implement Security for the networks and hosts on the network

Terri Lahey EPICS Collaboration Meeting June June 2006 Commission LCLS Injector from MCC control room Physicists, Engineers & Operators will use: EPICS Matlab existing HLAs (SLC)

Terri Lahey EPICS Collaboration Meeting June June 2006 Use SCCS services where possible Security: Work with SCCS security team to help us run 24x7 SCCS security coordinates SLAC-wide security identify model and DOE/Office of Science requirements Interfaces with DOE/Office of Science Scan networks in a scheduled manner (production very controlled) Participate in Computing Security Committee Network Design and Physical Layer SLAC standards to achieve more reliable networks Central Management with strong liaison to Controls Current Equipment/Design Knowledge SCCS manages Oracle, web servers. Servers reside at MCC Use AFS for CVS repository, development, & main web server (mirror to MCC). Use SCCS central tools when possible: console log management, authentication

Terri Lahey EPICS Collaboration Meeting June June 2006 Production Servers & Workstations Manage production servers to run standalone Use SCCS-supported versions of operating systems, packages & applications where possible Patch operating systems and update to new versions Automate maintenance of production hosts Reduce maintenance load and improve security by using taylor where possible Centralized Log server & security monitoring Use existing accelerator production servers where possible (e.g. NFS,elog, ARTEMIS bug tracking, ORACLE, DNS, IP Services)

Terri Lahey EPICS Collaboration Meeting June June 2006 Networks SCCS Networking configures the network switches and routers & manages the physical layer. Controls Software coordinates control system and user needs, and works closely with SCCS. Production accelerator network is controlled and protected. Greater attention to security by both SCCS and Controls Run accelerator disconnected from the rest of SLAC; For use if there is a security problem at SLAC. Isolation of Wireless network: Wireless and Accelerator switches are never combined. Wireless is visitornet that resides outside SLAC firewall. Users tunnel into SLAC the same way they tunnel from internet: ssh, citrix, vpn

Terri Lahey EPICS Collaboration Meeting June June 2006 Networks (cont’d) CISCO switches and routers Patch network firmware and upgrade versions. Plan for and upgrade hardware components to avoid end- of-life Implement Redundancy in core switches and routers, for reliability. Use hot spares for device switches, but increased use of VLANs will likely require some configuration. SLAC-wide Network monitoring systems send alarms: components go offline (e.g.. power outage or failure) ports get disabled due to too many collisions Enhance network monitoring

Terri Lahey EPICS Collaboration Meeting June June 2006 Technology Choices Cisco switches - gigabit: Device switches: 3750 (single and stacks) Core: pair of 6509 (720Gbps bidirectional backplane) supporting uplinks and servers MCC control room workstations, printers: 4506 Wireless: 3750 (10/100) public switch Linux & RTEMS RHEL3 or RHEL4 DELL SUN Ray Thin Clients & some Linux workstations DIGI Terminal Servers

Terri Lahey EPICS Collaboration Meeting June June 2006 Network Architecture Production accelerator network is isolated: Protect IOCs that often require insecure services like telnet/rsh or have less secure tcp/ip stacks Control access to accelerator components so that systems do not get overloaded Use private addresses Multiple VLANs to separate traffic Ports disabled by default 1gigabit to the end devices. Currently 1gigabit uplinks to MCC DMZ is only access to private network (login servers, web servers, PV gateways). MCC and SLC-aware IOC uses PEP proxy server have tested with PEP running 9 SLC-aware IOCs for injector more testing to confirm that PEP & LCLS will not impact each other. path to SCCS data silos & other required sevices

Terri Lahey EPICS Collaboration Meeting June June 2006

Terri Lahey EPICS Collaboration Meeting June June 2006 Current Work Building Production Infrastructure for Injector Commissioning Jan 2007 Installing network infrastructure in S20 & MCC Additional tests of SLC-aware IOC and improving monitoring of traffic to avoid interference between PEP & LCLS programs Review and implement network VLANs Testing RHEL4 and working on production hosts Ordered SUN Ray & will test during this PEP run Integration with all LCLS subsystems

Terri Lahey EPICS Collaboration Meeting June June 2006 Conclusion Would like to hear your experiences: RHEL4, EPICS traffic, any isolated networks, archive data storage/management What worked well & what did not?

Terri Lahey EPICS Collaboration Meeting June June 2006 Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.