Remote Operation of Light Source
Beamlines with (Free)NX
Zhijian Yin, Peter Siddons, NSLS, BNL
Controls at NSLS Facility Beamlines
z What Is NX,
NX FreeNX
z
z
Cybersecurity Requirements at BNL
z
Remote Operation with NX, ssh Tunneling
z
Live Demo
z
Concluding Remarks
C t l att NSLS f
Controls
facility
ilit B
Beamlines:
li
g Source Beamlines
Light
C t l att NSLS f
Controls
facility
ilit B
Beamlines:
li
yp
Beamline Layout
y
A Typical
C t l att NSLS F
Controls
Facility
ilit B
Beamlines:
li
yp
Network Configurations
g
Typical
z
EPICS based, VME IOC for motor/scaler/ADC etc.
Linux workstation, running EPICS clients
z
Dual NIC cards:
z
eth0: to internet
eth1: private network for instrumentation
VME EPICS IOC
eth0: BNL network
130.199.192.x
eth1: 172
172.16.1.x
16 1 x
What is NX, freeNX
z
z
z
X is a network protocol, X remote display, “ssh -XC”
can be
b used
d ffor remote
t monitoring/operation
it i /
ti
Issues:
−
too much round trip traffic, network latency
−
long
g distance, unresponsive
p
To achieve fast response the NX way:
−
Efficient compression
−
Proxy server and cache-files to reduce round trip x-traffic
What is NX, freeNX: Continued
z
Products at Nomachine.com:
S
Servers
– Personal
P
l server (2 connections)
ti
) ffree
- Business server $$$
Client – closed source,
source but freely downloadable
Windows, Linux, Mac
NoMachine.com provides support
Nomachine.com GPLed the core library
z
FreeNX: based on the core library,
y, a suite of shell scripts
p to
z
make a GPLed NX server. Clients is in the works.
FreeNX server works with NoMachine clients
What is NX, freeNX: Procedures
z
z
Setup freeNX server,
d
download
l d packages
k
((rpm,
deb, etc.)
Download NX clients from
NoMachine.com
z
Configure NX client
Wh t is
What
i NX,
NX freeNX:
f
NX
p Screen
Remote Desktop
C b
Cybersecurity
it R
Requirements
i
t att BNL
BNL:
Perimeter Defense
C b
Cybersecurity
it R
Requirements
i
t att BNL
BNL:
y for Remote Access
Ways
z
Employees: VPN, ssh gateway
Users: ssh gateway only
z
Outside of BNL:
z
−
ssh to ssh gateway (linux server)
−
ssh from ssh gateway to the beamline machine
R
Remote
t O
Operations
ti
With NX
NX:
g Ssh Gateway:
y Ssh Tunneling
g
Through
z
z
z
Ssh tunneling
Procedures:
−
Unix: ssh -L localport:remotehost:ssh_port#
username@ssh_gateway
−
Windows: Putty, similar configuration
Now to ssh to the remote host can be achieved by
ssh localhost -p localport -l username
z
Wi h ssh
With
h tunneling,
li
configure
fi
nxclient
li
to use llocalhost
lh
R
Remote
t O
Operations
ti
with
ith NX
NX:
g It Together
g
Putting
z
First set up ssh tunnel:
− Example:
E
l
ssh -L 3322:lsx21pc.nsls.bnl.gov:22 [email protected]
(leave the terminal open)
−
z
Windows: configure Putty or other ssh clients
Next configure
g
NoMachine Client,, to use host “localhost”
and port 3322
R
Remote
t O
Operations
ti
with
ith NX
NX:
g together
g
Putting
z
Create ssh tunnel:
remote host p
port 22 map
p to localhost: 3322
through ssh gateway,
ssh -L 3322:lsx21pc.nsls.bnl.gov:22
[email protected]
z
Leave the terminal open
z
Configure
g
NoMachine NX client
localhost port 3322
R
Remote
t O
Operations
ti
with
ith NX
NX:
Live Demo
z
Remote login to my office, or a beamline
Checking with webcam locally connected (private network)
z
Move some motors, check scalers
z
Run some other applications
z
Concluding Remarks
z
Secure (all traffic through ssh)
F t response
Fast
z
Generic solution: Configure, no programming
z
O
Open
source server, free
f
downloadable
d
l d bl multi-platform
lti l tf
clients
li t (Wi
(Windows,
d
z
Mac, Linux)
z
Al
Almost
t allll x-windows
i d
programs run fi
fine
z
Problems:
z
−
application
li ti specific
ifi ffonts:
t
sett up font
f t servers
−
use blank screensaver (to reduce resource usage)
Lin hosts:
Linux
hosts straight forward
for ard
Other Unix flavors: setup a Linux server, as a “stepping stone”
Acknowledgement
z
Developers at Nomachine.com
F NX package
FreeNX
k
developers/maintainers
d
l
/ i t i
z
BNL colleagues for testing and feedback
z