Experimental Physics and
Industrial Control System

Hi Ralph,
As Miroslav pointed out, depending on a central server adds latency and
a single point of failure. On the other hand managing access security
rules in a central spot is certainly beneficial. At FRIB we are
currently maintaining our ACF files in a central Git repo that gets
replicated onto each IOC machine's local disk (Puppet takes care of that
for us). IOCs point to one of the files in this directory (e.g. RF.acf).

If our rules files become more complex in the future we might need to
consider generating them using some tool that comes with a decent
template engine. Since we are already using Puppet for managing our
configuration files/IOCs this might be the way to go for the future.
Using an appropriate Hiera data backend, Puppet could pull data from any
data source (e.g. YAML files, SQL, LDAP,...). Maybe you have a similar
configuration-management tool you can leverage?

-Martin

-- 
Martin Konrad
High Performance Controls Team Leader
Facility for Rare Isotope Beams
Michigan State University
640 South Shaw Lane
East Lansing, MI 48824-1321, USA
Tel. 517-908-7253
Email: [email protected]

Replies:

Re: Other Access Security implementations? Andrew Johnson

References:

Other Access Security implementations? Ralph Lange

Navigate by Date:

Prev: RE: PMAC asyn autoconnect issue Mark Rivers

Next: Re: Other Access Security implementations? Andrew Johnson

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <2018>  2019  2020  2021  2022  2023  2024 

Navigate by Thread:

Prev: Re: Other Access Security implementations? Miroslav Pavleski

Next: Re: Other Access Security implementations? Andrew Johnson

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  <2018>  2019  2020  2021  2022  2023  2024