EPICS Home

Experimental Physics and Industrial Control System


 
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  <20102011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  2025  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  <20102011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  2025 
<== Date ==> <== Thread ==>
Subject: Re: VxWorks and Radius Authentication
From: Ralph Lange <[email protected]>
To: Stephen Lewis <[email protected]>
Cc: EPICS Tech Talk <[email protected]>
Date: Thu, 05 Aug 2010 16:33:02 -0400
For the conserver-server, connecting to the soft IOC under procServ is exactly the same as connecting to a VME IOC connected to a terminal server - it opens a telnet connection to a port on the remote host.

If procServ only provides access from localhost, there are two options:
1. The conserver-server connects opening a ssh connection to the softIOC host using a key that is configured to call "telnet localhost nnnn" to connect it to the softIOC. (Or explicitly calling "telnet localhost nnnn" on the other side.)
2. The softIOC host runs a conserver-server locally, which can simply run telnet to get to the softIOC.

conserver supports configurations with multiple conserver-servers.
Its client (called console) only needs the IP of one of the conserver-servers. When console connects, the conserver-server redirects it to the instance that actually hosts the connection the clients wants to get to.

So, on any client machine, typing "console <ioc-name>" connects you to that IOC's console, no matter which conserver-server hosts the connection, no matter if it is a soft IOC or a VME box.

The main advantages of putting conserver on top are:
- One way to connect to softIOCs and VME IOCs, no configuration on the client machine (other than the IP of one conserver-server)
- Authentication / Authorization: password-based auth, allows specifying user groups with different access rights on different consoles
- One way of logging all console output (with timestamps) to file or into the syslog protocol
- Replay buffer that can show the console activity before you connect
- Only one user at a time has write access, all others are read-only, but users with matching authorization may take over a console

Ralph


05.08.2010 15:26, Stephen Lewis wrote:
How does conserver fit it with procServ? ÂSeems like it is harder to use and very centralized. ÂI use procServ and have a simple shell script that looks up the telnet host/port in a table by IOC name.

On 5 Aug 2010, at 12:11 , Ralph Lange wrote:

http://conserver.com/

References:
VxWorks and Radius Authentication Gary Carr
Re: VxWorks and Radius Authentication Ralph Lange
Navigate by Date:
Prev: Re: How do I install to $prefix/EPICS/bin, $prefix/EPICS/lib etc.? Andrew Johnson
Next: Re: How do I install to $prefix/EPICS/bin, $prefix/EPICS/lib etc.? Ralph Lange
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  <20102011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  2025 
Navigate by Thread:
Prev: Re: VxWorks and Radius Authentication Eric Norum
Next: Theweb site for the EPICS October meeting is now open. http://www.bnl.gov/epics/ Dalesio, Leo
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  <20102011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  2025