Development of Virtual Private Network for JT-60SA CAD Integration



Similar documents
SSL VPN Technology White Paper

Yealink VCS Network Deployment Solution

VPN over Satellite A comparison of approaches by Richard McKinney and Russell Lambert

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Frequently Asked Questions

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

TRUFFLE Broadband Bonding Network Appliance BBNA6401. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Delphi+ System Requirements

Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere

Aqua Accelerated Protocol (AAP) For Mac User Manual

Deploying in a Distributed Environment

Figure 41-1 IP Filter Rules

Operating Systems and Networks Sample Solution 1

Delphi 2015 SP1-AP1 System Requirements

visionapp Remote Desktop 2010 (vrd 2010)

TRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Understanding the Cisco VPN Client

REMOTE ASSISTANCE SOLUTIONS Private Server

Sage MAS 200 ERP Level 3.71 Version 4.30 Supported Platform Matrix

借 助 广 域 网 优 化 技 术 实 现 高 性 能 数 据 大 集 中. 王 晓 静 Riverbed Technology Regional Sales Manager

How To Install Sedar On A Workstation

Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools

Sage ERP Accpac Online

Sage 300 ERP Online. Mac Resource Guide. (Formerly Sage ERP Accpac Online) Updated June 1, Page 1

we secure YOUR network we secure network security English network security

Cloud-based Fleet Management System Proof of Concept

The Problem with TCP. Overcoming TCP s Drawbacks

TFTP TRIVIAL FILE TRANSFER PROTOCOL OVERVIEW OF TFTP, A VERY SIMPLE FILE TRANSFER PROTOCOL FOR SIMPLE AND CONSTRAINED DEVICES

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

This section provides a summary of using network location profiles to identify network connection types. Details include:

Network Configuration Settings

Chapter 5. Data Communication And Internet Technology

Configuring Global Protect SSL VPN with a user-defined port

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Ignify ecommerce. Item Requirements Notes

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

Server Installation Procedure - Load Balanced Environment

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Release Version 4.1 The 2X Software Server Based Computing Guide

Zeroshell: VPN Host-to-Lan

Configuring a Lan-to-Lan VPN with Overlapping Subnets with Juniper NetScreen/ISG/SSG Products

Introduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console

Connecting an Android to a FortiGate with SSL VPN

Chapter 6 Virtual Private Networking

Multi-site Best Practices

Cornerstones of Security

Performance of VMware vcenter (VC) Operations in a ROBO Environment TECHNICAL WHITE PAPER

Application Performance Analysis and Troubleshooting

CTI Installation Manual Version 1.0

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

NETASQ SSO Agent Installation and deployment

MS-50292: Administering and Maintaining Windows 7. Course Objectives. Required Exam(s) Price. Duration. Methods of Delivery.

SMALL BUSINESS OUTSOURCING

Windows Remote Access

Delivering SharePoint Solutions with Citrix Application Delivery Infrastructure

Quick Guide of HiDDNS Settings (with UPnP)

Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU

GoToMyPC Corporate Advanced Firewall Support Features

GLOBAL SERVER LOAD BALANCING WITH SERVERIRON

Chapter 4 Firewall Protection and Content Filtering

Quick Guide of DDNS Settings

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T PIN6 T PIN7 R+ PIN8 R-

Setting Up Scan to SMB on TaskALFA series MFP s.

GR2000: a Gigabit Router for a Guaranteed Network

ipad Installation and Setup

WAN Traffic Management with PowerLink Pro100

idatafax Troubleshooting

Setting up VPN Access for Remote Diagnostics Support

Data Networks Summer 2007 Homework #3

Technical Notes TN 1 - ETG FactoryCast Gateway TSX ETG 3021 / 3022 modules. How to Setup a GPRS Connection?

Release Version 3 The 2X Software Server Based Computing Guide

KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE. (Updated April 14, 2008)

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

freesshd SFTP Server on Windows

Citrix Application Streaming. Universal Application Packaging and Delivery Breaking Away from Traditional IT

Using GlobeCast Content Exchange over BGAN

Application Note. Windows 2000/XP TCP Tuning for High Bandwidth Networks. mguard smart mguard PCI mguard blade

Accelerating File Transfers Increase File Transfer Speeds in Poorly-Performing Networks

1 PC to WX64 direction connection with crossover cable or hub/switch

Infinity Web Viewer Reference Guide

Device LinkUP + Desktop LP Guide RDP

Secured Voice over VPN Tunnel and QoS. Feature Paper

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

Radware s Multi-homing Solutions

Canon WFT-E1 (A) Wireless File Transmitter. Network Support Guide

Chapter 8 Router and Network Management

Installation and Connection Guide to the simulation environment GLOBAL VISION

CenturyLink Cloud Configuration

Fact Sheet Intellectual Property rules within the Fusion for Energy contractual framework

Transcription:

J. Plasma Fusion Res. SERIES, Vol. 9 (2010) Development of Virtual Private Network for JT-60SA CAD Integration T. Oshima 1, T. Fujita 1, M. Seki 1, H. Kawashima 2, K. Hoshino 2, K. Shibanuma 2, M. Verrecchia 3, and B. Teuchner 3 1 Project Team of the Satellite Tokamak Programme and 2 JA Home Team, Japan Atomic Energy Agency, 801-1 Mukoyama, Naka, Ibaraki, 311-0193 Japan; 3 EU Home Team, Fusion for Energy, Boltzmannstr 2, Garching, 85748, Germany (Received: 25 October 2009 / Accepted: 9 March 2010) The CAD models will be exchanged and integrated at Naka for JT-60SA, a common computer network efficiently connected between Naka site and the Garching site is needed to be established. Virtual Private Network (VPN) was introduced with LAN on computer network physically-separated from JAEA intranet area and firewall. In July 2009, a new VPN connection between the Naka and Garching sites has been successfully demonstrated using IPSec-VPN technology with a commercial and cost-effective firewall/router for security. It was found that the introduction of the Wide Area File Service (WAFS) could solve the issue of the data transmission time and enhance the usability of the VPN for design integration in JT-60SA. Keywords: JT-60SA, CAD, VPN, IPSec-VPN, RTT, WAFS, F4E 1. Introduction The JT-60U will be upgraded to a large superconducting tokamak named as the JT-60SA (JT-60 Super Advanced) at Naka in Japan. Construction and exploitation of the JT-60SA will be conducted under the Satellite Tokamak Programme (STP) and the Japanese national programme [1]. The STP is undertaken as part of the Broader Approach (BA) agreement jointly implemented between the Government of Japan and the European Atomic Energy Community (EURATOM), which was launched in June 2007. During the constr ction phase, procurement of the components for JT-60SA will be shared as in-kind contributions by EU and Japan. The design integration will be implemented between the Naka site for JAEA and the Garching site for Fusion For Energy (F4E), where JAEA and F4E are the Implementing Agencies in Japan and EU for the BA activities, respectively. For interface control among components procured by EU and Japan and also for assembly of the tokamak, the CAD data will be exchanged and integrated using a common database, driven by ENOVIA-SmarTeam, located in Naka site. In order to perform communications on the CAD data smoothly between the Naka site for JAEA and the Garching site for F4E, it is required to establish a common computer network system connecting the Naka site for JAEA and the Garching site for F4E. To comply with the security policies on the firewall of the JAEA network, still supporting the CAD data exchange, the IPSec Virtual Private Network (VPN) dedicated to the CAD Environment was introduced with LAN on the private computer network. The IPSec-VPN is suitable for our environment of site and user scales rather than the SSL-VPN or L2TP-VPN. This paper will describe the development of Virtual Private Network (VPN) for JT-60SA CAD integration between Naka in Japan and Garching in Germany. 2. SmarTeam system for Design Integration The SmarTeam system for CATIA model management has been developed in Naka by the JA Home Team (HT) and it in use since June 2008. Then, in order to establish the VPN between the Naka and Garching sites, the SmarTeam system has been relocated outside the firewall of the JAEA network as shown in Figure 1. The SmarTeam system is composed of CATIA, and SmarTeam Editor and Web Editor. The SmarTeam Editor manages a variety of data and resources including CAD drawing, assemblies, parts, and documents. The Web Editor has similar but reduced functionalities with the advantage to be web based. The SmarTeam system is arranged on the VPN separated from the JAEA network so that clients of the EU Home Team can freely access it. author s e-mail:oshima.jaea@csc.jp 620 2010 by The Japan Society of Plasma Science and Nuclear Fusion Research

Garching network Fig.1 Schematic view of the VPN connection between Garching and Naka with the common SmarTeam system. Fig.2 Conceptual diagram of the VPN for JT-60SA CAD integration 3. VPN Construction between Naka and Garching In order to construct of the VPN with high security and low cost, a commercial network (NTT BFLET 'S optical line (100Mbps)) was introduced. And the Internet service provider was also adopted commercial provider of the OCN business IP16 (NTT Communications). Moreover, Virtual Private Server (VPS) (Tokyo), which is excellent in stability, maintainability, and security, was used as a server for the domain service, e-mail and FTP. After the establishment of the line and internet services, the development was advanced aiming at a cost-effective and high performance network maintaining the network security by using the VPN encryption technology with the firewall. This VPN communication was opened between Naka and EU-Garching in July, 2009. As the firewall/router device the Juniper Networks SSG-5 was adopted. The IPSec-VPN (IKE Phase1 and Phase 2) method based on the specification of each firewall was used, and an information exchange and connection 621

adjustment were performed successfully between Naka and Garching. As shown in Figure 2, firewall devices of SSG-5 (JA) and CheckPoint (EU) are connected by the IPSec-VPN encryption protocol, and clients of JA and EU can access to the JA HT SmarTeam server as they are in the same zone and log in and do the design work. The Active Directory (AD) servers for the domain in VPN, a web editor server, and client machines, etc. were also prepared and set up in VPN (LAN) for SmarTeam operation in June 2009. The CATIA/SmarTeam system entered in test operation with IPSec-VPN connection with Garching. Real operation will be started by the end of 2009 after a network security policy for the VPN is established. In addition to the SmarTeam server, this system has other servers on non VPN zone for maintenance of the network, FTP and so on. By construction of this private network system, we have an advantage for flexible control and monitor the firewall by each site responsibility. The firewall was configured to have the fully open outward ports for accessing of SmarTeam client user. It seems to be very difficult in the large-scale robust network such as the company unit network. 4. Performance of VPN It was measured by connecting to a server in Japan that the downlink speed was 50 Mbps and uplink speed was 40 Mbps as performance at the time of the introduction of the network. As for the VPN connection with the Garching network, the round-trip time (RTT) of 300 ms was obtained by pinging (There is somewhat difference by the measurement condition and site). Throughput (T p ) [Mbps] is given by [1] Tp = Ws / RTT (1), where Ws [KB] is the window size. Using the Window size of 64 KB in Windows XP as Ws and the measured RTT of 300 ms in equation (1), Tp =1.7 Mbps is obtained, while the VPN specification value of firewall is 40 Mbps. When data is transmitted though the Internet, the relation between RTT and the throughput is in inverse proportion. Generally, the RTT mainly depends on the number of routers of the line, but not on the distance between areas. Since the network line between Japan and EU goes by way of the United States, the number of the routers is significantly increased. Because of this reason, the RTT for Japan as a starting point tends to increase in order of the United States, Europe, Russia and China. Therefore, a fast transfer cannot be expected on a usual network between Naka in Japan and Garching in Germany. The measurement of throughput and RTT in the TCP uplink was actually done by ping to servers in major cities in the world from Naka. As shown in Figure 3, in the measurement of the TCP uplink to a Frankfurt server in Germany, RTT was 276 ms, which is close to RTT of 300 ms measured in the VPN connection to Garching. As foreseen beforehand, it was found that a fast transmission is not possible between Naka and Garching by a usual network line. Fig.3 Throughput as a function of the round trip time (RTT) measured from Naka to each country through the VPN. 5. Improvement of CAD Model Transfer The model for JT-60SA is composed of parts from tens to hundreds of MB. Here, we assumed the 10 GB model for estimation of the transfer time since a final real model reaches as much as around 10 GB. The transfer time Tt [s] is given by Tp [Mbps] and the volume data Vd [MB] of the file: Tt = Vd / Tp (2) It takes 188 s to transfer a parts model of 40 MB with this network (Tp = 1.7 Mbps) in a normal way, and it takes 4.7 10 4 s, namely, about 13 hours to transfer a parts model of 10 GB. It is evaluated to be slow and not practical for real CAD model transfer. To solve this issue, a Wide Area File Service (WAFS) of the model named Riverbed 1050M was introduced to 622

realize a speed-up and resolve this problem. WAFS is a technology that forwards the data to the server in the remote place with a high speed by using the cash technology of the file. These WAFSs were introduced at both Garching and Naka for the data transfer speed-up verification. 6. Result of Actual Time Measurements Following three patterns were carried out as connection test from EU to JA on the SmarTeam server in Naka-site. We measured the actual login completion time and the transmission time of CATIA data. Case (1): a user in Garching logs in to the SmarTeam from the PC in Naka-site by way of Remote Desktop Protocol (RDP) and transfers CATIA models. Case (2): a user in Garching directly logs in the SmarTeam and transfers the CATIA models by a client mode of CATIA Integration [CAI]. In addition, the direct login can be done by the WEB client mode [WEB], but it cannot transfer the CATIA model. Case (3): a user logs in from JA (Naka) and transfers the CATIA models by a client mode [CAI], which is reference to the case(1) and (2) since this is a normal method to use SmarTeam in JA. And only login time was also measure by [WEB] client mode for reference. Figure 4 shows the result of the login time among three cases. The login time was reduced to 1/3 and 1/5 by use of the WAFS device in case (2) and case (3), respectively. The effect of WAFS did not appear in case (1), because the PC in Naka-site was used and latency time for RDP between EU and JA was not controlled by the WAFS. The data transmission time was measured in next. Figure 5 shows the results for a CATIA part model of 60 MB of the ECRH system was used. Using the WAFS device, the transmission time was reduced from ~30 min. to ~1 min. at the case (1). Reduction from ~8 min. to ~1 min. was also observed at the case (2) of direct from EU [CAI]. (As mentioned above, there is no data at the case (2) of direct from EU [WEB], because a function of this case only views the CATIA model on the SmarTeam window, can not get the CATIA data.). Thus, it was confirmed that the transmission time was reduced by a factor of ~10 with application of the WAFS device. Fig.4 Login-time to SmarTeam on each case. Fig.5 Transfer CAD Data by SmarTeam on each case. 7. Conclusions and Future Prospect A cost-effective VPN with good security between Garching and Naka has been constructed for CAD integration in JT-60SA using IPSec-VPN technology with a commercial and cost-effective firewall/router for security. Downlink was 50 Mbps to the performance when the network was introduced, and uplink was 40 Mbps. It was 1.7 Mbps and latency time was 300 ms by way of VPN. By construction of this private network system, we have an advantage for flexible control and monitor the firewall by each site responsibility which seems to be very difficult in the large-scale robust network such as the company unit network. In order to improve the issue of delay time, for connection on both sites, the WAFS device was introduced and its effect was confirmed. Login time to the SmarTeam was reduced 1/3~1/5 using the WAFS at the direct connection from EU with modes of CAI and WEB. In further, the transmission time of CATIA data was reduced typically by a factor of ~10 at the RDP and direct connection with the mode of CAI. It was found that the application of the WAFS could solve the issue of the data transfer and enhance the usability of the VPN for design integration in JT-60SA. When the JT-60SA begins to operate, demonstrative tests of remote experimentation for ITER are planned from the Rokkasho site to the JT-60SA in the BA activities. It will be also required to make the access from EU to the large-scale experimental data in JT-60SA 623

possible. The development of the VPN for the CAD integration between Japan and EU will be also able to contribute to remote experimentation and participation in experiments [3-4]. 8. Acknowledgments They acknowledge Drs. O. Naito, M. Matsukawa, T. Ozeki, Y. Kamada, P. Barabaschi, S. Ishida, and the members of the JT-60SA team for their continuous encouragement and support. 9. References [1] S. Ishida et al, Status and Prospect of the JT-60SA Project, submitted to Fusion Engineering and Design. [2] T. Yamamoto, Fusion Eng. Des. 83, 516-519 (2008). [3] T. Oshima, et al., Fusion Eng. Des. 71, 239-244 (2004). [4] D.P. Schissel, Fusion Eng. Des. 83/2-3, 539-544 (2008). 624

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information