1 / 7

Remote Access Review

Remote Access Review . Accelerator Controls Brad Cumbia Anthony Cuffe December 1, 2010 . Accelerator Controls. Identify Lab systems in your area that are remotely accessed or will be in the near future - Network Systems (Network Administrators) - Switches - Routers

armina
Download Presentation

Remote Access Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Remote Access Review Accelerator Controls Brad Cumbia Anthony Cuffe December 1, 2010 

  2. Accelerator Controls • Identify Lab systems in your area that are remotely accessed or will be in the near future - Network Systems (Network Administrators) - Switches - Routers - Management systems (Cisco Works, Network Node Manger, etc..) - Accelerator Control Systems (On-Call Personnel and Administrators) - IOCs (On-call and Administrators) - Unix systems (On-call and Administrators) - Windows systems (All users) - Web servers (All users)

  3. Accelerator Controls • Explain how your systems are remotely accessed from - Network Systems - on-site - Access via ssh protocol only (from Linux and Windows) - Authentication control by TACACS+ Server (Cisco ACS) - ACLs for finer access restrictions - Network Systems - off-site - Access via ssh protocol through login.jlab.org and then Accel system - Equivalent to on-site after authenticating

  4. Accelerator Controls Cont. - Accelerator Control Systems - on-site - Access to Unix systems via ssh protocol (terminal) - Access to Unix desktop via NXclient over ssh - Access to Windows systems via rdp protocol - Access to IOCs via dedicated Terminal Servers (ssh only) - Accelerator Control Systems - off-site (through login.jlab.org) - Access to Unix systems (terminal) via ssh protocol w/tcp wrappers - Access to Unix desktop via NXclient tunneled over ssh - Access to Windows systems via rdp protocol tunneled over ssh - Access to IOCs via dedicated Terminal Servers (ssh only) - Access to Web servers via a proxy server tunneled over ssh

  5. Accelerator Controls Cont. - Global Measures - Write Access to IOCs controlled by Channel Access (host and user) - tcp wrappers employed widely to restrict access to systems. - Network level ACLs blocking protocols and restricting access to systems. - Procedures - How to Access Internal Web servers from Off-Site -https://devweb.acc.jlab.org/twiki/bin/view/SWDocs/HowToTunnelWebViaSSH - How to Open A Remote Windows Desktop - https://devweb.acc.jlab.org/twiki/bin/view/SysAdmin/HowToRemoteDesktopWindows - How to Open A Remote Linux Desktop - https://devweb.acc.jlab.org/twiki/bin/view/SysAdmin/HowToRemoteDesktopLinux

  6. Accelerator Controls • Describe future plans or needs for enhancing/upgrading remote access, e.g. changed systems, different controls, access for PDAs, etc. - Extended use of NXclient (Linux Desktop) over RDP (Windows Desktop). - Develop remote access procedures and tools for smart phones and tablet devices. - Stronger ACLs with hardware based firewalls.

  7. Area • Comments

More Related