1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 <2006> 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 <2006> 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 |
<== Date ==> | <== Thread ==> |
---|
Subject: | RE: TCP/UDP port for CA |
From: | "Jeff Hill" <[email protected]> |
To: | "'Sheng Peng'" <[email protected]>, <[email protected]> |
Cc: | "'Allison, Stephanie'" <[email protected]>, "'Murray, Doug'" <[email protected]>, "EPICS-tech-talk" <[email protected]> |
Date: | Wed, 26 Apr 2006 17:17:19 -0600 |
Of course, the advantage of using a non-standard port might be less likelihood of a test program or IOC making an inadvertent change to your operational system.
Now that firewalls and CA gateways are more common perhaps the risk is lower, but still very possible considering that at many sites users are routinely logged into computers that are behind the firewall.
I think that there would only be benefit if the typical log in state was set up to use the default port, and only a special operator login used the non-default port?
In the future I would like to see EPICS system complexity managed with domains. You might specify the non-default domain of the channel when you create a channel. Domains would be well isolated from each other, but gateways might be used to safely interconnect domains. Domains names instead of port numbers might also be much easier for the user.
So anyways, the number of gateway isolated domains {LINAC, RING, WHATEVER} might be a related issue (because at present if these domains share the same LAN (subnet) they will need to be accessed using unique port numbers).
Jeff
From: Sheng Peng
[mailto:[email protected]]
Hi, |