ICALEPCS2017 - Table of Session: THBPA (IT Infrastructure for Control Systems)

Paper	Title	Page
THBPA01	Cyber Threats, the World Is No Longer What We Knew…	1137
	S. Perez CEA, Arpajon, France
	Security policies are becoming hard to apply as instruments are smarter than ever. Every oscilloscope gets its own stick with a Windows tag, everybody would like to control his huge installation through the air, IOT is on every lips' Stuxnet, the recent Ed. Snowden revelations have shown that cyber threat on SCADAs cannot be only played in James Bond movies. This paper aims to give simple advises in order to protect and make our installations more and more secure. How to write security files? What are the main precautions we have to take care of? Where are the vulnerabilities of my installation? Cyber security is everyone's matter, not only the cyber staff's!
	Slides THBPA01 [9.135 MB]
DOI •	reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA01
Export •	reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA02	Securing Light Source SCADA Systems	1142
	L. Mekinda, V. Bondar, S. Brockhauser, C. Danilevski, W. Ehsan, S.G. Esenov, H. Fangohr, G. Flucke, G. Giovanetti, S. Hauf, D.G. Hickin, A. Klimovskaia, L.G. Maia, T. Michelat, A. Muennich, A. Parenti, H. Santos, K. Weger, C. Xu XFEL. EU, Schenefeld, Germany
	Funding: European X-Ray Free-Electron Laser Facility GmbH Cyber security aspects are often not thoroughly addressed in the design of light source SCADA system. In general the focus remains on building a reliable and fully-functional ecosystem. The underlying assumption is that a SCADA infrastructure is a closed ecosystem of sufficiently complex technologies to provide some security through trust and obscurity. However, considering the number of internal users, engineers, visiting scientists, students going in and out light source facilities cyber security threats can no longer be minored. At the European XFEL, we envision a comprehensive security layer for the entire SCADA infrastructure. There, Karabo [1], the control, data acquisition and analysis software shall implement these security paradigms known in IT but not applicable off-the-shelf to the FEL context. The challenges are considerable: (i) securing access to photon science hardware that has not been designed with security in mind; (ii) granting limited fine-grained permissions to external users; (iii) truly securing Control and Data acquisition APIs while preserving performance. Only tailored solution strategies, as presented in this paper, can fulfill these requirements. [1] Heisen et al (2013) "Karabo: An Integrated Software Framework Combining Control, Data Management, and Scientific Computing Tasks". Proc. of 14th ICALEPCS 2013, Melbourne, Australia (p. FRCOAAB02)
	Slides THBPA02 [1.679 MB]
DOI •	reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA02
Export •	reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA03	The Back-End Computer System for the Medipix Based PI-MEGA X-Ray Camera	1149
	H.D. de Almeida, D. P. Magalhaes, M.A.L. Moraespresenter, J.M. Polli LNLS, Campinas, Brazil
	The Brazilian Synchrotron, in partnership with BrPhotonics, is designing and developing pi-mega, a new X-Ray camera using Medipix chips, with the goal of building very large and fast cameras to supply Sirius' new demands. This work describes the design and testing of the back end computer system that will receive, process and store images. The back end system will use RDMA over Ethernet technology and must be able to process data at a rate ranging from 50 Gbps to 100 Gbps per pi-mega element. Multiple pi-mega elements may be combined to produce a large camera. Initial applications include tomographic reconstruction and coherent diffraction imaging techniques.
	Slides THBPA03 [1.918 MB]
DOI •	reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA03
Export •	reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA04	Orchestrating MeerKAT's Distributed Science Data Processing Pipelines	1152
	A.F. Joubert, B. Merry SKA South Africa, National Research Foundation of South Africa, Cape Town, South Africa
	The 64-antenna MeerKAT radio telescope is a precursor to the Square Kilometre Array. The telescope's correlator beamformer streams data at 600 Gb/s to the science data processing pipeline that must consume it in real time. This requires significant compute resources, which are provided by a cluster of heterogeneous hardware nodes. Effective utilisation of the available resources is a critical design goal, made more challenging by requiring multiple, highly configurable pipelines. We initially used a static allocation of processes to hardware nodes, but this approach is insufficient as the project scales up. We describe recent improvements to our distributed container deployment, using Apache Mesos for orchestration. We also discuss how issues like non-uniform memory access (NUMA), network partitions, and fractional allocation of graphical processing units (GPUs) are addressed using a custom scheduler for Mesos.
	Slides THBPA04 [8.485 MB]
DOI •	reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA04
Export •	reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA05	IT Infrastructure Tips and Tricks for Control System and PLC	1158
	M. Ostoja-Gajewski Solaris National Synchrotron Radiation Centre, Jagiellonian University, Kraków, Poland
	The network infrastructure in Solaris (National Synchrotron Radiation Center, Kraków) is carrying traffic between around 900 of physical devices and dedicated virtual machines running Tango control system. The Machine Protection System based on PLCs is also interconnected by network infrastructure. We have performed an extensive measurements of traffic flows and analysis of traffic patterns that revealed congestion of aggregated traffic from high speed acquisition devices. We have also applied the flow based anomaly detection systems that give an interesting low level view on Tango control system traffic flows. All issues were successfully addressed, thanks to proper analysis of traffic nature. This paper presents the essential techniques and tools for network traffic patterns analysis, tips and tricks for improvements and real-time data examples.
	Slides THBPA05 [3.026 MB]
DOI •	reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA05
Export •	reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA06	Configuration Management for the Integrated Control System Software of ELI-ALPS	1162
	L. Schrettner, B. Bagó, B. Erdohelyi, T.M. Gaizer, A. Heidrich, G. Nyiri ELI-ALPS, Szeged, Hungary
	ELI-ALPS (Extreme Light Infrastructure - Attosecond Light Pulse Source) is a new Research Infrastructure under implementation in Hungary. The infrastructure will consist of various systems (laser sources, beam transport, secondary sources, end stations) built on top of common subsystems (HVAC, cooling water, vibration monitoring, vacuum system, etc.), yielding a heterogeneous environment. To support the full control software development lifecycle for this complex infrastructure a flexible hierarchical configuration model has been defined, and a supporting toolset has been developed for its management. The configuration model is comprehensive as it covers all relevant aspects of the entire controlled system, the control software components and all the necessary connections between them. Furthermore, it supports the generation of virtual environments that approximate the hardware environment for software testing purposes. The toolset covers configuration functions such as storage, version control, GUI editing and queries. The model and tools presented in our paper are not specific to ELI-ALPS or to the ELI community, they may be useful for other research institutions as well.
	Slides THBPA06 [2.775 MB]
DOI •	reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA06
Export •	reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

Paper

Title

Page

Cyber Threats, the World Is No Longer What We Knew…

1137

S. Perez
CEA, Arpajon, France

Security policies are becoming hard to apply as instruments are smarter than ever. Every oscilloscope gets its own stick with a Windows tag, everybody would like to control his huge installation through the air, IOT is on every lips' Stuxnet, the recent Ed. Snowden revelations have shown that cyber threat on SCADAs cannot be only played in James Bond movies. This paper aims to give simple advises in order to protect and make our installations more and more secure. How to write security files? What are the main precautions we have to take care of? Where are the vulnerabilities of my installation? Cyber security is everyone's matter, not only the cyber staff's!

Slides THBPA01 [9.135 MB]

DOI •

reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA01

Export •

reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA02

Securing Light Source SCADA Systems

1142

L. Mekinda, V. Bondar, S. Brockhauser, C. Danilevski, W. Ehsan, S.G. Esenov, H. Fangohr, G. Flucke, G. Giovanetti, S. Hauf, D.G. Hickin, A. Klimovskaia, L.G. Maia, T. Michelat, A. Muennich, A. Parenti, H. Santos, K. Weger, C. Xu
XFEL. EU, Schenefeld, Germany

Funding: European X-Ray Free-Electron Laser Facility GmbH
Cyber security aspects are often not thoroughly addressed in the design of light source SCADA system. In general the focus remains on building a reliable and fully-functional ecosystem. The underlying assumption is that a SCADA infrastructure is a closed ecosystem of sufficiently complex technologies to provide some security through trust and obscurity. However, considering the number of internal users, engineers, visiting scientists, students going in and out light source facilities cyber security threats can no longer be minored. At the European XFEL, we envision a comprehensive security layer for the entire SCADA infrastructure. There, Karabo [1], the control, data acquisition and analysis software shall implement these security paradigms known in IT but not applicable off-the-shelf to the FEL context. The challenges are considerable: (i) securing access to photon science hardware that has not been designed with security in mind; (ii) granting limited fine-grained permissions to external users; (iii) truly securing Control and Data acquisition APIs while preserving performance. Only tailored solution strategies, as presented in this paper, can fulfill these requirements.
[1] Heisen et al (2013) "Karabo: An Integrated Software Framework Combining Control, Data Management, and Scientific Computing Tasks". Proc. of 14th ICALEPCS 2013, Melbourne, Australia (p. FRCOAAB02)

Slides THBPA02 [1.679 MB]

DOI •

reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA02

Export •

reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA03

The Back-End Computer System for the Medipix Based PI-MEGA X-Ray Camera

1149

H.D. de Almeida, D. P. Magalhaes, M.A.L. Moraespresenter, J.M. Polli
LNLS, Campinas, Brazil

The Brazilian Synchrotron, in partnership with BrPhotonics, is designing and developing pi-mega, a new X-Ray camera using Medipix chips, with the goal of building very large and fast cameras to supply Sirius' new demands. This work describes the design and testing of the back end computer system that will receive, process and store images. The back end system will use RDMA over Ethernet technology and must be able to process data at a rate ranging from 50 Gbps to 100 Gbps per pi-mega element. Multiple pi-mega elements may be combined to produce a large camera. Initial applications include tomographic reconstruction and coherent diffraction imaging techniques.

Slides THBPA03 [1.918 MB]

DOI •

reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA03

Export •

reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA04

Orchestrating MeerKAT's Distributed Science Data Processing Pipelines

1152

A.F. Joubert, B. Merry
SKA South Africa, National Research Foundation of South Africa, Cape Town, South Africa

The 64-antenna MeerKAT radio telescope is a precursor to the Square Kilometre Array. The telescope's correlator beamformer streams data at 600 Gb/s to the science data processing pipeline that must consume it in real time. This requires significant compute resources, which are provided by a cluster of heterogeneous hardware nodes. Effective utilisation of the available resources is a critical design goal, made more challenging by requiring multiple, highly configurable pipelines. We initially used a static allocation of processes to hardware nodes, but this approach is insufficient as the project scales up. We describe recent improvements to our distributed container deployment, using Apache Mesos for orchestration. We also discuss how issues like non-uniform memory access (NUMA), network partitions, and fractional allocation of graphical processing units (GPUs) are addressed using a custom scheduler for Mesos.

Slides THBPA04 [8.485 MB]

DOI •

reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA04

Export •

reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA05

IT Infrastructure Tips and Tricks for Control System and PLC

1158

M. Ostoja-Gajewski
Solaris National Synchrotron Radiation Centre, Jagiellonian University, Kraków, Poland

The network infrastructure in Solaris (National Synchrotron Radiation Center, Kraków) is carrying traffic between around 900 of physical devices and dedicated virtual machines running Tango control system. The Machine Protection System based on PLCs is also interconnected by network infrastructure. We have performed an extensive measurements of traffic flows and analysis of traffic patterns that revealed congestion of aggregated traffic from high speed acquisition devices. We have also applied the flow based anomaly detection systems that give an interesting low level view on Tango control system traffic flows. All issues were successfully addressed, thanks to proper analysis of traffic nature. This paper presents the essential techniques and tools for network traffic patterns analysis, tips and tricks for improvements and real-time data examples.

Slides THBPA05 [3.026 MB]

DOI •

reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA05

Export •

reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)

THBPA06

Configuration Management for the Integrated Control System Software of ELI-ALPS

1162

L. Schrettner, B. Bagó, B. Erdohelyi, T.M. Gaizer, A. Heidrich, G. Nyiri
ELI-ALPS, Szeged, Hungary

ELI-ALPS (Extreme Light Infrastructure - Attosecond Light Pulse Source) is a new Research Infrastructure under implementation in Hungary. The infrastructure will consist of various systems (laser sources, beam transport, secondary sources, end stations) built on top of common subsystems (HVAC, cooling water, vibration monitoring, vacuum system, etc.), yielding a heterogeneous environment. To support the full control software development lifecycle for this complex infrastructure a flexible hierarchical configuration model has been defined, and a supporting toolset has been developed for its management. The configuration model is comprehensive as it covers all relevant aspects of the entire controlled system, the control software components and all the necessary connections between them. Furthermore, it supports the generation of virtual environments that approximate the hardware environment for software testing purposes. The toolset covers configuration functions such as storage, version control, GUI editing and queries. The model and tools presented in our paper are not specific to ELI-ALPS or to the ELI community, they may be useful for other research institutions as well.

Slides THBPA06 [2.775 MB]

DOI •

reference for this paper ※ https://doi.org/10.18429/JACoW-ICALEPCS2017-THBPA06

Export •

reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)