EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <20202021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <20202021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Re: Mirror Control Room
From: "Konrad, Martin via Tech-talk" <tech-talk at aps.anl.gov>
To: "elio at ugr.es" <elio at ugr.es>, "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov>
Date: Thu, 28 May 2020 16:04:43 +0000 
Hi Elio,
I would suggest to use a VPN tunnel between the facilities with a CA
gateway at each end. Workstations in the "mirror" facility would connect
to their local gateway which in turn would open a connection to the
gateway at the primary facility. The gateway at the primary facility
would find IOCs by broadcasting search requests. It would limit access
to reads for requests coming over the VPN tunnel. Thanks to the fact
that both facilities can use their own broadcast domains as well as the
ability of the gateways to share CA connections between multiple clients
I would expect this to be reasonably efficient. In my experience an
average control-room workstation connects to a few thousand channels
which shouldn't be a big deal even for a control room with many work
stations. Running an off-site archiver however would be a different
story, though, since it might easily keep millions of channels open at
any time. At FRIB the archiver connects to ~7 channels per record.

Depending on your security requirements you might not trust the gateway
enough for a setup like this. If that's the case, you might want to
consider putting an industrial firewall in between (a device that has
been designed for security). You would need to find one that can use a
rule set that lets CA search and read requests pass but blocks/drops
write requests.

I would suggest you try setting this up in a few VMs to get a feeling
for the tools and their performance.

Cheers,

Martin

P.S.: Do you only need to see operator interfaces or do you also need
read access to alarm servers/archivers from your "mirror" control room?

-- 
Martin Konrad
Facility for Rare Isotope Beams
Michigan State University
640 South Shaw Lane
East Lansing, MI 48824-1321, USA
Tel. 517-908-7253
Email: konrad at frib.msu.edu
Navigate by Date:
Prev: Re: Strange problem with areaDetector driver Hu, Yong via Tech-talk
Next: Re: Mirror Control Room Ralph Lange via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <20202021  2022  2023  2024 
Navigate by Thread:
Prev: Re: Mirror Control Room Jemian, Pete R. via Tech-talk
Next: SoftIOC and Labview Mostafa, Jalal (IPE) via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  <20202021  2022  2023  2024 
ANJ, 29 May 2020 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·