Experimental Physics and
Industrial Control System

Similarly, a CA client writes PVs to a TEXT file,
a graph, and also to a formatted HTML file.
The WWW browser picks up that stuff and delivers them.
    http://usaxs.aps.anl.gov/livedata

Works like a charm. For remote observation only.

Pete Jemian

Richard Farnsworth wrote:

Elder describes a similar technique to what we used to implement our
Facility status monitor. Roughly speaking, we dropped the PV's in a mySQL
database via Channel access - and pick them up on the other side, so to
speak, with a Web based application.

You can see it here
http://vbl.synchrotron.vic.gov.au/fsm/

Richard Farnsworth
The Australian Synchrotron Project
Major Projects Victoria
800 Blackburn Road
Clayton VIC 3168
Phone Number: +613 8540 4118
fax: +613 8540 4200
web: www.synchrotron.vic.gov.au
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Elder Matias
Sent: 16 June 2007 6:11 AM
To: [email protected]
Subject: RE: EPICS channels via the Internet

A completely different approach is to have a web based user interface
and not send any ca traffic over the internet.  This method allows you
to manage the remote access in a secure way.  We did just this with our
RBA software at the CLS.  There was a talk at the last EPICS meeting.
If you are interested let me know and I can send you more details.

We are also working on interfacing some of the data analysis packages to
plug into the remote access system using web services.

Elder

------------------------------------------------------

Message: 1
Date: Tue, 12 Jun 2007 15:27:41 -0600
From: "Jeff Hill" <[email protected]>
Subject: RE: EPICS channels via the Internet
To: "'Doug Sheffer'" <[email protected]>, <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain;    charset="us-ascii"

Another option would be to punch a hole in your firewall for the
HostIP/portsTCP/portsUDP of a CA gateway (CA proxy) running in read only
mode.
I suppose that new capabilities to run the CA client library in a "TCP
only mode" where all CA name resolution is forwarded through a TCP
circuit connecting to a specified IP address and port might be very
useful in select situations. That would allow SSH tunneling through a
firewall to a CA gateway (CA proxy). That feature isn't currently
implemented, but doesn't sound like it would be inordinately difficult
to implement, so if there is interest it could be placed on the list.

Jeff

-----Original Message-----
From: [email protected]
[mailto:[email protected]]
On Behalf Of Doug Sheffer
Sent: Friday, June 08, 2007 4:05 PM
To: [email protected]
Subject: Re: EPICS channels via the Internet

Hello all!

I will certainly take a look at NX then, as well.  As far as IOCs and
the network setup, I'm not too sure.  To be honest, I am fairly new to
the world of EPICS, and this is the first time I've had to worry about
the networking side of things.

As far as the netcat utility, I have actually used it and found it quite
useful in the past.  Yesterday my searches led me to a website with a
few netcat commands for forwarding UDP over TCP, but unfortunately I
didn't have any luck with them.  Perhaps I'll have to try again.

Thank you for your suggestions!
Doug Sheffer

On 6/8/07, Emmanuel Mayssat <[email protected]> wrote:

I do something very similar but with a nx server/client architecture.
Have a look at freenx and nxclient (nomachine.com) The idea is that you do not forward the PV directly, but a display with the values of the PV. The nx protocol is TCP based, use ssl encryption (over ssh), and use compression.
With a gateway over the internet, you will probably lose most of your UDP datagrams anyway, plus there is the network latency, etc.

I heard that a secure epics gateway is being developed though.
How far are you from the IOCs ?

--
Emmanuel Mayssat

On Fri, 2007-06-08 at 15:09 -0400, J. Lewis Muir wrote:

Doug Sheffer wrote:

Hello!

I was wondering if anyone has experimented and had good luck with accessing real-time EPICS channel data over the Internet. Is this, by any chance, something that is possible with the EPICS

gateway?

Since allowing access over the Internet in any way would inevitably be a large security risk, we would like to be able to use SSH tunneling to secure the connection and to monitor who is doing what with the system. Unfortunately, SSH seems unsuitable because it only supports tunneling on TCP ports, while EPICS uses

both TCP and UDP.

Has anyone done anything similar, or got any ideas/suggestions on how to go about doing it securely?

Your help is much appreciated.
Doug Sheffer

You could use a VPN. It depends on what you want to do. Or maybe you

have constraints that make this not an option?

-lewis

References:

RE: EPICS channels via the Internet Richard Farnsworth

Re: EPICS channels via the Internet Pete R. Jemian

Navigate by Date:

Prev: Re: EPICS channels via the Internet Pete R. Jemian

Next: Re: VXI11 ASYN problem on VxWorks Matthew Pearson

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  <2007>  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 

Navigate by Thread:

Prev: Re: EPICS channels via the Internet Pete R. Jemian

Next: RE: EPICS channels via the Internet Purcell, J. David

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  <2007>  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024