remote operation of light source beamlines with (free)nx zhijian yin, peter siddons, nsls, bnl...
TRANSCRIPT
![Page 1: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/1.jpg)
Remote Operation of Light Source
Beamlines with (Free)NX
Zhijian Yin, Peter Siddons, NSLS, BNL
Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity Requirements at BNL Remote Operation with NX, ssh Tunneling Live Demo Concluding Remarks
![Page 2: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/2.jpg)
Controls at NSLS facility Beamlines:
Light Source Beamlines
![Page 3: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/3.jpg)
Controls at NSLS facility Beamlines:
A Typical Beamline Layout
![Page 4: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/4.jpg)
Controls at NSLS Facility Beamlines:
Typical Network Configurations
EPICS based, VME IOC for motor/scaler/ADC etc. Linux workstation, running EPICS clients Dual NIC cards:
eth0: to internet
eth1: private network for instrumentation
VME EPICS IOC
eth0: BNL network130.199.192.x
eth1: 172.16.1.x
![Page 5: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/5.jpg)
What is NX, freeNX
X is a network protocol, X remote display, “ssh -XC”can be used for remote monitoring/operation
Issues:
too much round trip traffic, network latency
long distance, unresponsive To achieve fast response the NX way:
Efficient compression
Proxy server and cache-files to reduce round trip x-traffic
![Page 6: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/6.jpg)
What is NX, freeNX: Continued
Products at Nomachine.com:Servers – Personal server (2 connections) free
- Business server $$$Client – closed source, but freely downloadable
Windows, Linux, MacNoMachine.com provides support
Nomachine.com GPLed the core library FreeNX: based on the core library, a suite of shell scripts to
make a GPLed NX server. Clients is in the works.
FreeNX server works with NoMachine clients
![Page 7: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/7.jpg)
What is NX, freeNX: Procedures
Setup freeNX server, download packages (rpm, deb, etc.)
Download NX clients from
NoMachine.com Configure NX client
![Page 8: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/8.jpg)
What is NX, freeNX:
Remote Desktop Screen
![Page 9: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/9.jpg)
Cybersecurity Requirements at BNL:
Perimeter Defense
![Page 10: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/10.jpg)
Cybersecurity Requirements at BNL:
Ways for Remote Access
Employees: VPN, ssh gateway Users: ssh gateway only Outside of BNL:
ssh to ssh gateway (linux server)
ssh from ssh gateway to the beamline machine
![Page 11: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/11.jpg)
Remote Operations With NX:
Through Ssh Gateway: Ssh Tunneling
Ssh tunneling
Procedures: Unix: ssh -L localport:remotehost:ssh_port#
username@ssh_gateway Windows: Putty, similar configuration
Now to ssh to the remote host can be achieved by
ssh localhost -p localport -l username With ssh tunneling, configure nxclient to use localhost
![Page 12: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/12.jpg)
Remote Operations with NX:
Putting It Together
First set up ssh tunnel: Example:
ssh -L 3322:lsx21pc.nsls.bnl.gov:22 [email protected](leave the terminal open)
Windows: configure Putty or other ssh clients Next configure NoMachine Client, to use host “localhost”
and port 3322
![Page 13: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/13.jpg)
Remote Operations with NX:
Putting together
Create ssh tunnel:remote host port 22 map to localhost: 3322through ssh gateway,ssh -L 3322:lsx21pc.nsls.bnl.gov:22 [email protected]
Leave the terminal open Configure NoMachine NX client
localhost port 3322
![Page 14: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/14.jpg)
Remote Operations with NX:
Live Demo
Remote login to my office, or a beamline Checking with webcam locally connected (private network) Move some motors, check scalers Run some other applications
![Page 15: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/15.jpg)
Concluding Remarks
Secure (all traffic through ssh) Fast response Generic solution: Configure, no programming Open source server, free downloadable multi-platform clients (Windows,
Mac, Linux) Almost all x-windows programs run fine Problems:
application specific fonts: set up font servers
use blank screensaver (to reduce resource usage) Linux hosts: straight forward
Other Unix flavors: setup a Linux server, as a “stepping stone”
![Page 16: Remote Operation of Light Source Beamlines with (Free)NX Zhijian Yin, Peter Siddons, NSLS, BNL Controls at NSLS Facility Beamlines What Is NX, FreeNX Cybersecurity](https://reader034.vdocument.in/reader034/viewer/2022051516/56649ec05503460f94bcbac0/html5/thumbnails/16.jpg)
Acknowledgement
Developers at Nomachine.com FreeNX package developers/maintainers BNL colleagues for testing and feedback