Another option would be to punch a hole in your firewall for the
HostIP/portsTCP/portsUDP of a CA gateway (CA proxy) running in read only
mode.
I suppose that new capabilities to run the CA client library in a "TCP only
mode" where all CA name resolution is forwarded through a TCP circuit
connecting to a specified IP address and port might be very useful in select
situations. That would allow SSH tunneling through a firewall to a CA
gateway (CA proxy). That feature isn't currently implemented, but doesn't
sound like it would be inordinately difficult to implement, so if there is
interest it could be placed on the list.
Jeff
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Doug Sheffer
Sent: Friday, June 08, 2007 4:05 PM
To: [email protected]
Subject: Re: EPICS channels via the Internet
Hello all!
I will certainly take a look at NX then, as well. As far as IOCs and
the network setup, I'm not too sure. To be honest, I am fairly new to
the world of EPICS, and this is the first time I've had to worry about
the networking side of things.
As far as the netcat utility, I have actually used it and found it
quite useful in the past. Yesterday my searches led me to a website
with a few netcat commands for forwarding UDP over TCP, but
unfortunately I didn't have any luck with them. Perhaps I'll have to
try again.
Thank you for your suggestions!
Doug Sheffer
On 6/8/07, Emmanuel Mayssat <[email protected]> wrote:
> I do something very similar but with a nx server/client architecture.
> Have a look at freenx and nxclient (nomachine.com)
> The idea is that you do not forward the PV directly, but a display with
> the values of the PV. The nx protocol is TCP based, use ssl encryption
> (over ssh), and use compression.
> With a gateway over the internet, you will probably lose most of your
> UDP datagrams anyway, plus there is the network latency, etc.
>
> I heard that a secure epics gateway is being developed though.
> How far are you from the IOCs ?
>
> --
> Emmanuel Mayssat
>
>
>
> On Fri, 2007-06-08 at 15:09 -0400, J. Lewis Muir wrote:
> > Doug Sheffer wrote:
> > > Hello!
> > >
> > > I was wondering if anyone has experimented and had good luck with
> > > accessing real-time EPICS channel data over the Internet. Is this, by
> > > any chance, something that is possible with the EPICS gateway?
> > >
> > > Since allowing access over the Internet in any way would inevitably be
> > > a large security risk, we would like to be able to use SSH tunneling
> > > to secure the connection and to monitor who is doing what with the
> > > system. Unfortunately, SSH seems unsuitable because it only supports
> > > tunneling on TCP ports, while EPICS uses both TCP and UDP.
> > >
> > > Has anyone done anything similar, or got any ideas/suggestions on how
> > > to go about doing it securely?
> > >
> > > Your help is much appreciated.
> > > Doug Sheffer
> >
> > You could use a VPN. It depends on what you want to do. Or maybe you
> > have constraints that make this not an option?
> >
> > -lewis
> >
>
>
- References:
- EPICS channels via the Internet Doug Sheffer
- Re: EPICS channels via the Internet J. Lewis Muir
- Re: EPICS channels via the Internet Emmanuel Mayssat
- Re: EPICS channels via the Internet Doug Sheffer
- Navigate by Date:
- Prev:
Re: Automatically generate iocsh registrar code? Andrew Johnson
- Next:
Basic Question regarding input links Mathias Steiner
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
<2007>
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: EPICS channels via the Internet Doug Sheffer
- Next:
RE: EPICS channels via the Internet Hammonds, John P.
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
<2007>
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|