EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  <20072008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  <20072008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: RE: EPICS channels via the Internet
From: "Purcell, J. David" <[email protected]>
To: Doug Sheffer <[email protected]>, [email protected]
Date: Mon, 18 Jun 2007 16:35:02 -0400
Doug,
I'm sorry; I should have elaborated a little when I said security
issues.  Our WebCA pages look at the SNS PV gateway.  So, you can see
our pages from any browser equipped with the plug-in and that has been
setup to look at our gateway.  This is read only.

SNS has strict policies on off-site manipulation of PVs.  This means we
would have to figure out how to comply with SNS procedures (notification
of control room, etc) along with securing connections against the
unwanted.  So, we haven't pursued it.

Dave




-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Doug Sheffer
Sent: Monday, June 18, 2007 2:37 PM
To: [email protected]
Subject: Re: EPICS channels via the Internet

Hello all,

In response to Jeff Hill, what you suggested (a TCP-only mode) seems
ideal and is basically what we were looking for. If I'm not the only
one who would find such a feature useful, I would very much appreciate
if it was added to the list.

We are, however, very interested in your other suggestion as well. If
we set up an EPICS gateway server and configured our firewall
correctly, we should be able to get live data over the Internet? We
were not aware this was possible, but would certainly like to give it
a try.

In response to David Purcell, I have in fact experimented with and
developed a couple WebCA applications recently, and that is one of the
reasons I am trying to do this. Can you use your WebCA applications
over the Internet, and not just locally? Is your method, by any
chance, similar to Jeff's suggestion of a public EPICS gateway server?

Thank you for all of your help!
Doug Sheffer


On 6/18/07, Purcell, J. David <[email protected]> wrote:
> At SNS we have been using implementations similar to Pete's in some
> areas.  http://neutrons.ornl.gov/diagnostics/channel13/Ch0.html is an
> example of one of our web pages based on CA clients producing HTML and
> XML.
>
> http://public.ornl.gov/diagnostics/RCCS/RCCS_Status.cfm uses a similar
> approach to Richard's in that PVs are stored in Oracle and the web
page
> pulls from there.  We do this quite a bit to simulate control room EDM
> pages.
>
> Both of these are read only and we use this when high update rates
> aren't required.
>
> We are also working on web pages that take advantage of WebCA.  This
is
> the web browser plug-in developed by Matej Sekoranja.  If you can get
> around the security issues, the plug-in allows javascript read and
write
> access to process variables.  I've been using the plug-in to create
web
> pages accessing our gateway.  Info on WebCA is available at
> http://webca.cosylab.com  A talk done here by Tom Pelia can give you
> more detailed picture of what WebCA is:
> http://users.cosylab.com/~msekoranja/webca/WebCA.pdf.  Another,
recently
> done by Matej at the EPICS meeting is also available
> ftp://ftp.desy.de/pub/EPICS/meeting-2007/CA_Client_Library.pdf
>
> SNS also has folks working on using PHP EPICS.  These web pages are
> similar to WebCA but work server side versus client side.
>
> If you need any more info, feel free to let me know.
> Dave Purcell.
>
>
>
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Pete R. Jemian
> Sent: Sunday, June 17, 2007 7:47 PM
> To: tech-talk
> Subject: Re: EPICS channels via the Internet
>
>
> Similarly, a CA client writes PVs to a TEXT file,
> a graph, and also to a formatted HTML file.
> The WWW browser picks up that stuff and delivers them.
>         http://usaxs.aps.anl.gov/livedata
>
> Works like a charm.  For remote observation only.
>
> Pete Jemian
>
> Richard Farnsworth wrote:
> > Elder describes a similar technique to what we used to implement our
> > Facility status monitor. Roughly speaking, we dropped the PV's in a
> mySQL
> > database via Channel access - and pick them up on the other side, so
> to
> > speak, with a Web based application.
> >
> > You can see it here
> > http://vbl.synchrotron.vic.gov.au/fsm/
> >
> >
> >
> > Richard Farnsworth
> > The Australian Synchrotron Project
> > Major Projects Victoria
> > 800 Blackburn Road
> > Clayton VIC  3168
> > Phone Number: +613 8540 4118
> > fax: +613 8540 4200
> > web: www.synchrotron.vic.gov.au
> >
> >
> > -----Original Message-----
> > From: [email protected]
> [mailto:[email protected]]
> > On Behalf Of Elder Matias
> > Sent: 16 June 2007 6:11 AM
> > To: [email protected]
> > Subject: RE: EPICS channels via the Internet
> >
> >
> > A completely different approach is to have a web based user
interface
> > and not send any ca traffic over the internet.  This method allows
you
> > to manage the remote access in a secure way.  We did just this with
> our
> > RBA software at the CLS.  There was a talk at the last EPICS
meeting.
> > If you are interested let me know and I can send you more details.
> >
> > We are also working on interfacing some of the data analysis
packages
> to
> > plug into the remote access system using web services.
> >
> > Elder
> >
> >
> > ------------------------------------------------------
> >
> > Message: 1
> > Date: Tue, 12 Jun 2007 15:27:41 -0600
> > From: "Jeff Hill" <[email protected]>
> > Subject: RE: EPICS channels via the Internet
> > To: "'Doug Sheffer'" <[email protected]>, <[email protected]>
> > Message-ID: <[email protected]>
> > Content-Type: text/plain;     charset="us-ascii"
> >
> >
> > Another option would be to punch a hole in your firewall for the
> > HostIP/portsTCP/portsUDP of a CA gateway (CA proxy) running in read
> only
> > mode.
> >
> > I suppose that new capabilities to run the CA client library in a
"TCP
> > only mode" where all CA name resolution is forwarded through a TCP
> > circuit connecting to a specified IP address and port might be very
> > useful in select situations. That would allow SSH tunneling through
a
> > firewall to a CA gateway (CA proxy). That feature isn't currently
> > implemented, but doesn't sound like it would be inordinately
difficult
> > to implement, so if there is interest it could be placed on the
list.
> >
> > Jeff
> >
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[email protected]]
> > On Behalf Of Doug Sheffer
> > Sent: Friday, June 08, 2007 4:05 PM
> > To: [email protected]
> > Subject: Re: EPICS channels via the Internet
> >
> > Hello all!
> >
> > I will certainly take a look at NX then, as well.  As far as IOCs
and
> > the network setup, I'm not too sure.  To be honest, I am fairly new
to
> > the world of EPICS, and this is the first time I've had to worry
about
> > the networking side of things.
> >
> > As far as the netcat utility, I have actually used it and found it
> quite
> > useful in the past.  Yesterday my searches led me to a website with
a
> > few netcat commands for forwarding UDP over TCP, but unfortunately I
> > didn't have any luck with them.  Perhaps I'll have to try again.
> >
> > Thank you for your suggestions!
> > Doug Sheffer
> >
> >
> > On 6/8/07, Emmanuel Mayssat <[email protected]>
wrote:
> >
> >>I do something very similar but with a nx server/client
architecture.
> >>Have a look at freenx and nxclient (nomachine.com) The idea is that
> >>you do not forward the PV directly, but a display with the values of
> >>the PV. The nx protocol is TCP based, use ssl encryption (over ssh),
> >>and use compression.
> >>With a gateway over the internet, you will probably lose most of
your
> >>UDP datagrams anyway, plus there is the network latency, etc.
> >>
> >>I heard that a secure epics gateway is being developed though.
> >>How far are you from the IOCs ?
> >>
> >>--
> >>Emmanuel Mayssat
> >>
> >>
> >>
> >>On Fri, 2007-06-08 at 15:09 -0400, J. Lewis Muir wrote:
> >>
> >>>Doug Sheffer wrote:
> >>>
> >>>>Hello!
> >>>>
> >>>>I was wondering if anyone has experimented and had good luck with
> >>>>accessing real-time EPICS channel data over the Internet.  Is
> >>>>this, by any chance, something that is possible with the EPICS
> >
> > gateway?
> >
> >>>>Since allowing access over the Internet in any way would
> >>>>inevitably be a large security risk, we would like to be able to
> >>>>use SSH tunneling to secure the connection and to monitor who is
> >>>>doing what with the system.  Unfortunately, SSH seems unsuitable
> >>>>because it only supports tunneling on TCP ports, while EPICS uses
> >
> > both TCP and UDP.
> >
> >>>>Has anyone done anything similar, or got any ideas/suggestions on
> >>>>how to go about doing it securely?
> >>>>
> >>>>Your help is much appreciated.
> >>>>Doug Sheffer
> >>>
> >>>You could use a VPN. It depends on what you want to do. Or maybe
you
> >
> >
> >>>have constraints that make this not an option?
> >>>
> >>>-lewis
> >>>
> >>
> >>
> >
> >
> >
> >
> >
>
>


References:
RE: EPICS channels via the Internet Richard Farnsworth
Re: EPICS channels via the Internet Pete R. Jemian
RE: EPICS channels via the Internet Purcell, J. David
Re: EPICS channels via the Internet Doug Sheffer

Navigate by Date:
Prev: RE: EPICS channels via the Internet Hammonds, John P.
Next: support for Pfeiffer RGA? Schuh, Stephen
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  <20072008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: EPICS channels via the Internet Doug Sheffer
Next: RE: EPICS channels via the Internet Elder Matias
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  <20072008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 10 Nov 2011 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·