THBPA —  IT Infrastructure for Control Systems   (12-Oct-17   11:15—12:45)
Chair: R. Mueller, BESSY GmbH, Berlin, Germany
Paper Title Page
THBPA01 Cyber Threats, the World Is No Longer What We Knew… 1137
  • S. Perez
    CEA, Arpajon, France
  Security policies are becoming hard to apply as instruments are smarter than ever. Every oscilloscope gets its own stick with a Windows tag, everybody would like to control his huge installation through the air, IOT is on every lips' Stuxnet, the recent Ed. Snowden revelations have shown that cyber threat on SCADAs cannot be only played in James Bond movies. This paper aims to give simple advises in order to protect and make our installations more and more secure. How to write security files? What are the main precautions we have to take care of? Where are the vulnerabilities of my installation? Cyber security is everyone's matter, not only the cyber staff's!  
slides icon Slides THBPA01 [9.135 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THBPA02 Securing Light Source SCADA Systems 1142
  • L. Mekinda, V. Bondar, S. Brockhauser, C. Danilevski, W. Ehsan, S.G. Esenov, H. Fangohr, G. Flucke, G. Giovanetti, S. Hauf, D.G. Hickin, A. Klimovskaia, L.G. Maia, T. Michelat, A. Muennich, A. Parenti, H. Santos, K. Weger, C. Xu
    XFEL. EU, Schenefeld, Germany
  Funding: European X-Ray Free-Electron Laser Facility GmbH
Cyber security aspects are often not thoroughly addressed in the design of light source SCADA system. In general the focus remains on building a reliable and fully-functional ecosystem. The underlying assumption is that a SCADA infrastructure is a closed ecosystem of sufficiently complex technologies to provide some security through trust and obscurity. However, considering the number of internal users, engineers, visiting scientists, students going in and out light source facilities cyber security threats can no longer be minored. At the European XFEL, we envision a comprehensive security layer for the entire SCADA infrastructure. There, Karabo [1], the control, data acquisition and analysis software shall implement these security paradigms known in IT but not applicable off-the-shelf to the FEL context. The challenges are considerable: (i) securing access to photon science hardware that has not been designed with security in mind; (ii) granting limited fine-grained permissions to external users; (iii) truly securing Control and Data acquisition APIs while preserving performance. Only tailored solution strategies, as presented in this paper, can fulfill these requirements.
[1] Heisen et al (2013) "Karabo: An Integrated Software Framework Combining Control, Data Management, and Scientific Computing Tasks". Proc. of 14th ICALEPCS 2013, Melbourne, Australia (p. FRCOAAB02)
slides icon Slides THBPA02 [1.679 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THBPA03 The Back-End Computer System for the Medipix Based PI-MEGA X-Ray Camera 1149
  • H.D. de Almeida, D. P. Magalhaes, M.A.L. Moraespresenter, J.M. Polli
    LNLS, Campinas, Brazil
  The Brazilian Synchrotron, in partnership with BrPhotonics, is designing and developing pi-mega, a new X-Ray camera using Medipix chips, with the goal of building very large and fast cameras to supply Sirius' new demands. This work describes the design and testing of the back end computer system that will receive, process and store images. The back end system will use RDMA over Ethernet technology and must be able to process data at a rate ranging from 50 Gbps to 100 Gbps per pi-mega element. Multiple pi-mega elements may be combined to produce a large camera. Initial applications include tomographic reconstruction and coherent diffraction imaging techniques.  
slides icon Slides THBPA03 [1.918 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THBPA04 Orchestrating MeerKAT's Distributed Science Data Processing Pipelines 1152
  • A.F. Joubert, B. Merry
    SKA South Africa, National Research Foundation of South Africa, Cape Town, South Africa
  The 64-antenna MeerKAT radio telescope is a precursor to the Square Kilometre Array. The telescope's correlator beamformer streams data at 600 Gb/s to the science data processing pipeline that must consume it in real time. This requires significant compute resources, which are provided by a cluster of heterogeneous hardware nodes. Effective utilisation of the available resources is a critical design goal, made more challenging by requiring multiple, highly configurable pipelines. We initially used a static allocation of processes to hardware nodes, but this approach is insufficient as the project scales up. We describe recent improvements to our distributed container deployment, using Apache Mesos for orchestration. We also discuss how issues like non-uniform memory access (NUMA), network partitions, and fractional allocation of graphical processing units (GPUs) are addressed using a custom scheduler for Mesos.  
slides icon Slides THBPA04 [8.485 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THBPA05 IT Infrastructure Tips and Tricks for Control System and PLC 1158
  • M. Ostoja-Gajewski
    Solaris National Synchrotron Radiation Centre, Jagiellonian University, Kraków, Poland
  The network infrastructure in Solaris (National Synchrotron Radiation Center, Kraków) is carrying traffic between around 900 of physical devices and dedicated virtual machines running Tango control system. The Machine Protection System based on PLCs is also interconnected by network infrastructure. We have performed an extensive measurements of traffic flows and analysis of traffic patterns that revealed congestion of aggregated traffic from high speed acquisition devices. We have also applied the flow based anomaly detection systems that give an interesting low level view on Tango control system traffic flows. All issues were successfully addressed, thanks to proper analysis of traffic nature. This paper presents the essential techniques and tools for network traffic patterns analysis, tips and tricks for improvements and real-time data examples.  
slides icon Slides THBPA05 [3.026 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)  
THBPA06 Configuration Management for the Integrated Control System Software of ELI-ALPS 1162
  • L. Schrettner, B. Bagó, B. Erdohelyi, T.M. Gaizer, A. Heidrich, G. Nyiri
    ELI-ALPS, Szeged, Hungary
  ELI-ALPS (Extreme Light Infrastructure - Attosecond Light Pulse Source) is a new Research Infrastructure under implementation in Hungary. The infrastructure will consist of various systems (laser sources, beam transport, secondary sources, end stations) built on top of common subsystems (HVAC, cooling water, vibration monitoring, vacuum system, etc.), yielding a heterogeneous environment. To support the full control software development lifecycle for this complex infrastructure a flexible hierarchical configuration model has been defined, and a supporting toolset has been developed for its management. The configuration model is comprehensive as it covers all relevant aspects of the entire controlled system, the control software components and all the necessary connections between them. Furthermore, it supports the generation of virtual environments that approximate the hardware environment for software testing purposes. The toolset covers configuration functions such as storage, version control, GUI editing and queries. The model and tools presented in our paper are not specific to ELI-ALPS or to the ELI community, they may be useful for other research institutions as well.  
slides icon Slides THBPA06 [2.775 MB]  
DOI • reference for this paper ※  
Export • reference for this paper using ※ BibTeX, ※ LaTeX, ※ Text/Word, ※ RIS, ※ EndNote (xml)