Experimental Physics and
Industrial Control System

In response to Jeff Hill, what you suggested (a TCP-only mode) seems
ideal and is basically what we were looking for. If I'm not the only
one who would find such a feature useful, I would very much appreciate
if it was added to the list.

We are, however, very interested in your other suggestion as well. If
we set up an EPICS gateway server and configured our firewall
correctly, we should be able to get live data over the Internet? We
were not aware this was possible, but would certainly like to give it
a try.

In response to David Purcell, I have in fact experimented with and
developed a couple WebCA applications recently, and that is one of the
reasons I am trying to do this. Can you use your WebCA applications
over the Internet, and not just locally? Is your method, by any
chance, similar to Jeff's suggestion of a public EPICS gateway server?

Thank you for all of your help!
Doug Sheffer

At SNS we have been using implementations similar to Pete's in some
areas.  http://neutrons.ornl.gov/diagnostics/channel13/Ch0.html is an
example of one of our web pages based on CA clients producing HTML and
XML.

http://public.ornl.gov/diagnostics/RCCS/RCCS_Status.cfm uses a similar
approach to Richard's in that PVs are stored in Oracle and the web page
pulls from there.  We do this quite a bit to simulate control room EDM
pages.

Both of these are read only and we use this when high update rates
aren't required.

We are also working on web pages that take advantage of WebCA.  This is
the web browser plug-in developed by Matej Sekoranja.  If you can get
around the security issues, the plug-in allows javascript read and write
access to process variables.  I've been using the plug-in to create web
pages accessing our gateway.  Info on WebCA is available at
http://webca.cosylab.com  A talk done here by Tom Pelia can give you
more detailed picture of what WebCA is:
http://users.cosylab.com/~msekoranja/webca/WebCA.pdf.  Another, recently
done by Matej at the EPICS meeting is also available
ftp://ftp.desy.de/pub/EPICS/meeting-2007/CA_Client_Library.pdf

SNS also has folks working on using PHP EPICS.  These web pages are
similar to WebCA but work server side versus client side.

If you need any more info, feel free to let me know.
Dave Purcell.

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Pete R. Jemian
Sent: Sunday, June 17, 2007 7:47 PM
To: tech-talk
Subject: Re: EPICS channels via the Internet

Similarly, a CA client writes PVs to a TEXT file,
a graph, and also to a formatted HTML file.
The WWW browser picks up that stuff and delivers them.
        http://usaxs.aps.anl.gov/livedata

Works like a charm. For remote observation only.

Pete Jemian

Richard Farnsworth wrote:
> Elder describes a similar technique to what we used to implement our
> Facility status monitor. Roughly speaking, we dropped the PV's in a
mySQL
> database via Channel access - and pick them up on the other side, so
to
> speak, with a Web based application.
>
> You can see it here
> http://vbl.synchrotron.vic.gov.au/fsm/
>
>
>
> Richard Farnsworth
> The Australian Synchrotron Project
> Major Projects Victoria
> 800 Blackburn Road
> Clayton VIC  3168
> Phone Number: +613 8540 4118
> fax: +613 8540 4200
> web: www.synchrotron.vic.gov.au
>
>
> -----Original Message-----
> From: [email protected]
[mailto:[email protected]]
> On Behalf Of Elder Matias
> Sent: 16 June 2007 6:11 AM
> To: [email protected]
> Subject: RE: EPICS channels via the Internet
>
>
> A completely different approach is to have a web based user interface
> and not send any ca traffic over the internet.  This method allows you
> to manage the remote access in a secure way.  We did just this with
our
> RBA software at the CLS.  There was a talk at the last EPICS meeting.
> If you are interested let me know and I can send you more details.
>
> We are also working on interfacing some of the data analysis packages
to
> plug into the remote access system using web services.
>
> Elder
>
>
> ------------------------------------------------------
>
> Message: 1
> Date: Tue, 12 Jun 2007 15:27:41 -0600
> From: "Jeff Hill" <[email protected]>
> Subject: RE: EPICS channels via the Internet
> To: "'Doug Sheffer'" <[email protected]>, <[email protected]>
> Message-ID: <[email protected]>
> Content-Type: text/plain;     charset="us-ascii"
>
>
> Another option would be to punch a hole in your firewall for the
> HostIP/portsTCP/portsUDP of a CA gateway (CA proxy) running in read
only
> mode.
>
> I suppose that new capabilities to run the CA client library in a "TCP
> only mode" where all CA name resolution is forwarded through a TCP
> circuit connecting to a specified IP address and port might be very
> useful in select situations. That would allow SSH tunneling through a
> firewall to a CA gateway (CA proxy). That feature isn't currently
> implemented, but doesn't sound like it would be inordinately difficult
> to implement, so if there is interest it could be placed on the list.
>
> Jeff
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]
> On Behalf Of Doug Sheffer
> Sent: Friday, June 08, 2007 4:05 PM
> To: [email protected]
> Subject: Re: EPICS channels via the Internet
>
> Hello all!
>
> I will certainly take a look at NX then, as well.  As far as IOCs and
> the network setup, I'm not too sure.  To be honest, I am fairly new to
> the world of EPICS, and this is the first time I've had to worry about
> the networking side of things.
>
> As far as the netcat utility, I have actually used it and found it
quite
> useful in the past.  Yesterday my searches led me to a website with a
> few netcat commands for forwarding UDP over TCP, but unfortunately I
> didn't have any luck with them.  Perhaps I'll have to try again.
>
> Thank you for your suggestions!
> Doug Sheffer
>
>
> On 6/8/07, Emmanuel Mayssat <[email protected]> wrote:
>
>>I do something very similar but with a nx server/client architecture.
>>Have a look at freenx and nxclient (nomachine.com) The idea is that
>>you do not forward the PV directly, but a display with the values of
>>the PV. The nx protocol is TCP based, use ssl encryption (over ssh),
>>and use compression.
>>With a gateway over the internet, you will probably lose most of your
>>UDP datagrams anyway, plus there is the network latency, etc.
>>
>>I heard that a secure epics gateway is being developed though.
>>How far are you from the IOCs ?
>>
>>--
>>Emmanuel Mayssat
>>
>>
>>
>>On Fri, 2007-06-08 at 15:09 -0400, J. Lewis Muir wrote:
>>
>>>Doug Sheffer wrote:
>>>
>>>>Hello!
>>>>
>>>>I was wondering if anyone has experimented and had good luck with
>>>>accessing real-time EPICS channel data over the Internet.  Is
>>>>this, by any chance, something that is possible with the EPICS
>
> gateway?
>
>>>>Since allowing access over the Internet in any way would
>>>>inevitably be a large security risk, we would like to be able to
>>>>use SSH tunneling to secure the connection and to monitor who is
>>>>doing what with the system.  Unfortunately, SSH seems unsuitable
>>>>because it only supports tunneling on TCP ports, while EPICS uses
>
> both TCP and UDP.
>
>>>>Has anyone done anything similar, or got any ideas/suggestions on
>>>>how to go about doing it securely?
>>>>
>>>>Your help is much appreciated.
>>>>Doug Sheffer
>>>
>>>You could use a VPN. It depends on what you want to do. Or maybe you
>
>
>>>have constraints that make this not an option?
>>>
>>>-lewis
>>>
>>
>>
>
>
>
>
>

Replies:

RE: EPICS channels via the Internet Purcell, J. David

References:

RE: EPICS channels via the Internet Richard Farnsworth

Re: EPICS channels via the Internet Pete R. Jemian

RE: EPICS channels via the Internet Purcell, J. David

Navigate by Date:

Prev: RE: EPICS channels via the Internet Purcell, J. David

Next: RE: EPICS channels via the Internet Hammonds, John P.

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  <2007>  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 

Navigate by Thread:

Prev: RE: EPICS channels via the Internet Purcell, J. David

Next: RE: EPICS channels via the Internet Purcell, J. David

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  <2007>  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024