SLS Beamline Networks and Data Storage 1 Dirk Zimoch, EPICS Collaboration Meeting October 2008
SLS Beamline Networks Old Network Layout (last year)PSI network SLS Accelerator Beamlines 2 Gat e wa y Dirk Zimoch, EPICS Collaboration Meeting October 2008
SLS Beamline Networks The Problem ■ Common beamline network is not safe ► Badly programmed CA clients can flood the network with broadcasts ► Users may accidently write to records of other beamlines ► Viruses etc may spread over all beamlines ► Industrial users want their data safe and protected ■ Separate beamline networks need safe communication 3 ► Access to machine and other beamlines ► Access from outside (e. g. offices) ► Internet access from beamline Dirk Zimoch, EPICS Collaboration Meeting October 2008
SLS Beamline Networks New Network Layout (now) PSI network Firewall Switch SLS Accelerator Ga t e wa y Beamline 1 4 Gat e way Beamline 2 Dirk Zimoch, EPICS Collaboration Meeting October 2008
SLS Beamline Networks Channel Access Gateway Setup ■ All gateways connect to central accelerator network ► Assumption: Beamline to beamline traffic is low ► Central services in accelerator network (e. g. archiver) ■ All gateways are bi-directional ► Full write access from accelerator ► Limited write access from beamlines to machine (We trust the accelerator but not the beamlines) ► No write access from beamline to beamline ► Take care to prevent loops ■ Access from outside world is read-only 5 Dirk Zimoch, EPICS Collaboration Meeting October 2008
SLS Beamline Networks Beamline Network Firewall Beamline hutch IOC Login gateway CA gateway PSI network Firewall blocks incoming traffic except ssh to login gateway. Accelerator IOC Bootserver Softioc User Laptop Console Fileserver Detector 6 vm. Ware Compute node Fileserver GPFS Dirk Zimoch, EPICS Collaboration Meeting October 2008
SLS Beamline Networks Safety Measures ■ Firewall allows ssh from outside only to login gateway ► Other machines with less strict security cannot compromise system ► Login gateway has list of trusted users (PAM) ● Beamline scientists ● Beamline supporters ● People doing on-call service ● No external beamline users ■ Servers are located in server room, not at the beamline 7 ► No physical access Dirk Zimoch, EPICS Collaboration Meeting October 2008
SLS Beamline Networks Vm. Ware Server System ■ HP blade system ■ 16 blades per enclosure ► Dual core Opteron 2. 4 GHz ► 2 GB RAM ■ 2 network connections ► Accelerator ► 16 beamlines via VLAN ■ Vm. Ware for virtual machines 8 ► 256 MB per virtual machine Dirk Zimoch, EPICS Collaboration Meeting October 2008
SLS Beamline Networks Beamline Storage 2 x 4 Gbit/sec Fibre Channel controller 0 controller 1 500 GB SATA RAID 6 9 ■ ■ ■ Up to 30 TB netto 400 MB/sec from one host 600 -700 MB/sec total Up to 4 disk arrays per beamline Dirk Zimoch, EPICS Collaboration Meeting October 2008
SLS Beamline Networks Data safety ■ Double redundancy with RAID 6 ■ Individual LDAP accounts for users ► No access to data of other users ► Automated account generation ■ No long term storage ► 30 TB is just enough for one month ► No backup 10 Dirk Zimoch, EPICS Collaboration Meeting October 2008
Скачать презентацию SLS Beamline Networks and Data Storage 1 Dirk
bf14d3ea45fc74c14bbfc6e5a15a046c.ppt