DCS Remote Access and Access Control Peter Chochula Peter Chochula General Remarks • The Remote Access mechanism was explained in previous workshops and presented during.
Download ReportTranscript DCS Remote Access and Access Control Peter Chochula Peter Chochula General Remarks • The Remote Access mechanism was explained in previous workshops and presented during.
DCS Remote Access and Access Control Peter Chochula Peter Chochula General Remarks • The Remote Access mechanism was explained in previous workshops and presented during the DCS review • The remote access mechanism follows the CNIC architecture and is based on Windows Terminal Server (WTS) and PVSS remote UI • Performance was studied and results were presented during the review – There are no known showstoppers • Real DCS WTSs are operational Peter Chochula Accessing the DCS from the ACR • Original concept was based on common terminal service for all detectors Peter Chochula DCS Access via WTS ACR RDP RDP RDP + simple layout – single entry point + easy management RDP CR3 - WTS becomes a critical component - Risk of WTS overload WTS PVSS PVSS ON ON PVSS Detector 1 Peter Chochula PVSS ON PVSS WN Detector 1 PVSS WN Detector 1 WN • WTS in the described concept becomes a critical component • In the DCS architecture we planned for 1 Operator Node per detector – The ON will be hosting the terminal service, each detector will therefore handle its own load – The detector ONs were already ordered and will be installed latest in April Peter Chochula DCS Access pushing the terminal services to operator nodes ACR - multiple entry points RDP RDP RDP RDP CR3 + WTS load is distributed across the network + Server system on ONs provides enhanced flexibility in expert mode ON - WTS ON - WTS PVSS Detector 1 Peter Chochula ON - WTS PVSS WN Detector 1 PVSS WN Detector 1 WN Remote access to the DCS from the GPN • The ACR is separated from the GPN • Remote access from the GPN is provided via a separate WTS cluster – This cluster allows access from outside of CERN – Wireless connections from the pit to the DCS are routed via the same cluster • (foreign laptops are always considered as risky devices and will not have direct access to the DCS) Peter Chochula Remote access to the DCS network ACR GPN RDP RDP RDP Remote RDP RDP CR3 WTS cluster PVSS PVSS ON - WTS ON - WTS PVSS Detector 1 Peter Chochula ON - WTS PVSS WN Detector 1 PVSS WN Detector 1 WN • The WTS will be configured by the ACC • Detector teams are expected to provide the panels for the remote UI manager – The detector panels must provide the access control implemented via FW tools Peter Chochula PVSSII Access Control • PVSSII access control provides complex tool sfor access control • JCOP FW provides guidelines and tools for implementing an uniform access control mechanism • JCOP PVSS access model is described in the advanced course • FW access control component is available for download (part of the framework) • To be done: – Integration with central authentication service Peter Chochula