There are a number of areas in which LAT operations after integration with the bus will differ from operations to date. This page attempts to define these differences and identify the necessary modifications to deal with them. Work items outstanding are highlighted in red.
All computers with direct access to the observatory must be connected to the SASS I&T LAN, a restricted network segment within the FOF. No inbound access to this network is permitted. The "SSKI" rack was developed as a bridge between the existing MCR network and the I&T LAN. It contains a Nokia IP380 VPN/firewall appliance configured with the following interfaces:
This last network is the pathway to the SASS I&T LAN. It is configured as a "DMZ" from the point of view of both SLAC and SASS, in the sense that the lat-sskidXX servers are accessible for outbound connections and established traffic on specific ports from both the MCR private network on the SLAC side, and the LAT workstations on the I&T LAN on the SASS side. However, the lat-sskidXX servers themselves cannot initiate connections towards hosts on either network.
The lat-sskidXX servers (in particular lat-sskid01) act as endpoints for SSH tunnels that provide connectivity back to specific ports on the MCR bastion host. These tunnels are initiated by the /etc/init.d/sski-tunnel startup script on lat-dmz01, in much the same way that the SSH tunnels from SLAC to the MCR are initiated by the /etc/init.d/lattunnel startup script on glastlnx06. Each forwarded port is open across the SASS firewall for connections from the LAT I&T workstations (lat-sskiw01/02) to the "DMZ" servers (lat-sskid01/02). The follwing ports are forwarded:
A root cron job on lat-sskiw01 and lat-sskiw02 periodically executes a FASTCopy command to retrieve new RPM's from lat-dmz01:/nfs/online/rpms. This job runs every 10 minues, and will copy over any files added or modified in the last 2 days.
For Elogbook, trending, FMX, and MOOT access, lat-sskiw01/02 are configured to connect to the proper ports on lat-sskid01, which are transparently forwarded to lat-dmz01.
SASS has configured the PTP in the SCIT rack to automatically store SSR dump data to an SMB shared drive on a Windows file server. The lat-sskid02 machine is configured to Samba-mount this drive as /mnt/sass, and a cron job periodically FASTCopy's any files matching the pattern /mnt/sass/VCID8/VCDU_* to lat-dmz01:/nfs/online/isoc/Incoming/VCDU/VCID8/. Two items adduce to this data path:
Both lat-sskiw01 and lat-sskiw02 are configured to connect to the PTP in the SCIT rack for real-time telemetry. Either (or both) machines can run the VSC proxies to retrieve and record LAT and (redacted) spacecraft packets. The PktMove_Process.py script has been updated with an additional command-line option to cause it to call a script named fcopy_atomic.sh to perform the move of the recorded .pkt files from lat-sskiw012:/gnfs/data/stage to lat-dzm01:/gnfs/data/stage, where Pkt2Isoc_Process.py operates on them as usual. This path has been demonstrated all the way to SLAC with redacted telemetry packets from the spacecraft on 12/7/2006.
This data path has been modified on both lat-sskiw01 and lat-dmz01, by dividing the functionality of the existing Runs_Export.sh script into two parts:
Both lat-sskiw machines have been updated to point to the NTP time server 10.33.44.1. After SASS corrected the configuration of one of their routers, both workstations synchronized from this server on 12/7/2006. Additionally, the local time zone of the two workstations was set to MST/Arizona.