• Created by Unknown User (blee), last modified on Dec 11, 2006

Overview

There are a number of areas in which LAT operations after integration with the bus will differ from operations to date. This page attempts to define these differences and identify the necessary modifications to deal with them. Work items outstanding are highlighted in red.

SASS I&T LAN

All computers with direct access to the observatory must be connected to the SASS I&T LAN, a restricted network segment within the FOF. No inbound access to this network is permitted. The "SSKI" rack was developed as a bridge between the existing MCR network and the I&T LAN. It contains a Nokia IP380 VPN/firewall appliance configured with the following interfaces:

  • MCR "private" network (lat-dmzXX, lat-licosXX, etc.)
  • MCR "public" network (lat-hobbitXX, lat-orcXX, etc.)
  • ASU "relay" network (path through which the above two LAN segments are VPN'd back to SLAC)
  • SASS/LAT network (lat-sskidXX, details below)

This last network is the pathway to the SASS I&T LAN. It is configured as a "DMZ" from the point of view of both SLAC and SASS, in the sense that the lat-sskidXX servers are accessible for outbound connections and established traffic on specific ports from both the MCR private network on the SLAC side, and the LAT workstations on the I&T LAN on the SASS side. However, the lat-sskidXX servers themselves cannot initiate connections towards hosts on either network.

The lat-sskidXX servers (in particular lat-sskid01) act as endpoints for SSH tunnels that provide connectivity back to specific ports on the MCR bastion host. These tunnels are initiated by the /etc/init.d/sski-tunnel startup script on lat-dmz01, in much the same way that the SSH tunnels from SLAC to the MCR are initiated by the /etc/init.d/lattunnel startup script on glastlnx06. Each forwarded port is open across the SASS firewall for connections from the LAT I&T workstations (lat-sskiw01/02) to the "DMZ" servers (lat-sskid01/02). The follwing ports are forwarded:

  • 3306/TCP (Elogbook database)
  • 5432/TCP (Trending database)
  • 8205/TCP (FMX master on glastlnx06)
  • 8206/TCP (FMX slave on lat-dmz01)
  • 8208/TCP (MOOT master on glastlnx06)
  • 8209/TCP (MOOT slave on lat-dmz01)
  • 40000/TCP (FASTCopy daemon on lat-dmz01)

Software Updates

A root cron job on lat-sskiw01 and lat-sskiw02 periodically executes a FASTCopy command to retrieve new RPM's from lat-dmz01:/nfs/online/rpms. This job runs every 10 minues, and will copy over any files added or modified in the last 2 days.

Database access

For Elogbook, trending, FMX, and MOOT access, lat-sskiw01/02 are configured to connect to the proper ports on lat-sskid01, which are transparently forwarded to lat-dmz01.

Science (VC08) data delivery

SASS has configured the PTP in the SCIT rack to automatically store SSR dump data to an SMB shared drive on a Windows file server. The lat-sskid02 machine is configured to Samba-mount this drive as /mnt/sass, and a cron job periodically FASTCopy's any files matching the pattern /mnt/sass/VCID8/VCDU_* to lat-dmz01:/nfs/online/isoc/Incoming/VCDU/VCID8/. Two items adduce to this data path:

  • The transfer cron script has been updated so that it watches new files until their size does not change over a one-minute period before transferring them to lat-dmz01. This portion of the transfer has been demonstrated with VC8 files from the SASS file server.
  • A Vcdu2Pkt.sh script has been developed and placed on lat-dmz01 to perform the packet extraction and deliver the resulting files to /gnfs/data/stage, where the Pkt2Isoc_Process.py and Pkt2Lsf_Process.py scripts can operate on them as usual. This script is in place, but the crontab entry to run it on lat-dmz01 is currently commented out.

Housekeeping/Diagnostic/Alert (VC00/01/03/10) data delivery

Both lat-sskiw01 and lat-sskiw02 are configured to connect to the PTP in the SCIT rack for real-time telemetry. Either (or both) machines can run the VSC proxies to retrieve and record LAT and (redacted) spacecraft packets. The PktMove_Process.py script has been updated with an additional command-line option to cause it to call a script named fcopy_atomic.sh to perform the move of the recorded .pkt files from lat-sskiw012:/gnfs/data/stage to lat-dzm01:/gnfs/data/stage, where Pkt2Isoc_Process.py operates on them as usual. This path has been demonstrated all the way to SLAC with redacted telemetry packets from the spacecraft on 12/7/2006.

Acquisition-directory delivery

This data path has been modified on both lat-sskiw01 and lat-dmz01, by dividing the functionality of the existing Runs_Export.sh script into two parts:

  • Runs_Export_SASS.sh is now in place on lat-sskiw01, and packages the run directories into tarballs and delivers them to lat-dmz01:/gnfs/data/LICOS.
  • Runs_Export.sh on lat-dmz01 has been so that it will continue to package and ship run directories in /gnfs/data/LICOS, and will in addition ship run-directory tarballs found there.
  • This path has been demonstrated with dummy run directories all the way back to SLAC on 12/7/2006.

Time Synchronization

Both lat-sskiw machines have been updated to point to the NTP time server 10.33.44.1. After SASS corrected the configuration of one of their routers, both workstations synchronized from this server on 12/7/2006. Additionally, the local time zone of the two workstations was set to MST/Arizona.

  • No labels