Administration of Soft IOCs under Linux



Similar documents
Implementing Failover Capabilities in Red Hat Network Satellite

File Transfer Examples. Running commands on other computers and transferring files between computers

DVS-100 Installation Guide

DVS-100 Installation Guide

Security Correlation Server Quick Installation Guide

Detailed Revision History: Advanced Internet System Management (v5.07)

F-SECURE MESSAGING SECURITY GATEWAY

Enabling Active Directory Authentication with ESX Server 1

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

LINUX SECURITY COOKBOOK. DanieIJ. Barren, Richard E Silverman, and Robert G. Byrnes

SSSD and OpenSSH Integration

Equalizer VLB Beta I. Copyright 2008 Equalizer VLB Beta I 1 Coyote Point Systems Inc.

SSH! Keep it secret. Keep it safe

Using RADIUS Agent for Transparent User Identification

HOWTO: Set up a Vyatta device with ThreatSTOP in bridge mode

2 Installing Privileged User Manager 2.3

HOWTO: Set up a Vyatta device with ThreatSTOP in router mode

Lab Configure Basic AP Security through IOS CLI

VMware vcenter Log Insight Getting Started Guide

Web Application Firewall

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

VMware vsphere 5 Quick Start Guide

Decision Support System to MODEM communications

Setup Cisco Call Manager on VMware

Making System Administration Easier by Letting the Machines Do the Hard Work, Or, Becoming an Agile Sysadmin

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Uptime Infrastructure Monitor. Installation Guide

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Linux System Administration on Red Hat

Defeating Firewalls : Sneaking Into Office Computers From Home

ClusterLoad ESX Virtual Appliance quick start guide v6.3

Set Up Panorama. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Cisco Setting Up PIX Syslog

There are many different ways in which we can connect to a remote machine over the Internet. These include (but are not limited to):

Syslog & xinetd. Stephen Pilon

Volume SYNAMETRICS TECHNOLOGIES. A Division of IndusSoft Technologies, Inc. DeltaCopy User s Guide

Command Line Interface User Guide for Intel Server Management Software

White Paper. ThinRDP Load Balancing

Understanding MySQL storage and clustering in QueueMetrics. Loway

Installation of MicroSoft Active Directory

Sun Cobalt Migration Utility. User Manual

Mobile Admin Architecture

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions.

CS197U: A Hands on Introduction to Unix

OnCommand Performance Manager 1.1

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Getting Started with Oracle Data Mining on the Cloud

How To Install Storegrid Server On Linux On A Microsoft Ubuntu 7.5 (Amd64) Or Ubuntu (Amd86) (Amd77) (Orchestra) (For Ubuntu) (Permanent) (Powerpoint

Brocade Certified Layer 4-7 Professional Version: Demo. Page <<1/8>>

Connecting with Computer Science, 2e. Chapter 5 The Internet

COBALT Migration Utility. User Manual

VPS Cloud Hosting. Call (02)

Configuring System Message Logging

Network Monitoring & Management Log Management

Future Console Servers. devproj project #31

Using esxtop to Troubleshoot Performance Problems

Manual Prepared by GalaxyVisions Customer Care Team

Go to Policy/Global Properties/SmartDashboard Customization, click Configure. In Certificates and PKI properties, change host_certs_key_size to 2048

Citrix XenServer 5.6 OpenSource Xen 2.6 on RHEL 5 OpenSource Xen 3.2 on Debian 5.0(Lenny)

Web based training for field technicians can be arranged by calling These Documents are required for a successful install:

From Network Security To Content Filtering

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

SSL (Secure Socket Layer)

VXOA AMI on Amazon Web Services

VMware vcenter Operations Standard Installation and Administration Guide

Step One: Installing Rsnapshot and Configuring SSH Keys

CA Nimsoft Monitor. Probe Guide for URL Endpoint Response Monitoring. url_response v4.1 series

CYAN SECURE WEB APPLIANCE. User interface manual

Clearswift Information Governance

Linux VPS with cpanel. Getting Started Guide

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

This training is targeted at System Administrators and developers wanting to understand more about administering a WebLogic instance.

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Network Monitoring & Management Log Management

VMware Identity Manager Connector Installation and Configuration

1. How do I access my VPS control panel?

F-Secure Messaging Security Gateway. Deployment Guide

Talk Internet User Guides Controlgate Administrative User Guide

VERITAS Cluster Server Traffic Director Option. Product Overview

Pen Test Tips 2. Shell vs. Terminal

RELEASE NOTES. Release Notes. Introduction. Platform. Product/version/build: Remote Control ( ) ActiveX Guest 11.

RemotelyAnywhere. Security Considerations

OnCommand Performance Manager 1.1

Features. The Samhain HIDS. Overview of available features. Rainer Wichmann

Connectivity using ssh, rsync & vsftpd

Backing Up Your System With rsnapshot

Disaster Recovery Configuration Guide for CiscoWorks Network Compliance Manager 1.8

PC Monitor Enterprise Server. Setup Guide

WHM Administrator s Guide

Troubleshooting This document outlines some of the potential issues which you may encouter while administering an atech Telecoms installation.

PIX/ASA 7.x with Syslog Configuration Example

Alliance Key Manager A Solution Brief for Technical Implementers

Configuring High Availability for VMware vcenter in RMS Distributed Setup

42goISP Documentation

Configuring System Message Logging

HAOSCAR 2.0: an open source HA-enabling framework for mission critical systems

Outpost Office Firewall

Transcription:

Administration of Soft IOCs under Linux Ralph Lange (BESSY)

Objectives BESSY II is still on R 3.13.9 The MLS Control System (based on 3.14) uses soft (host based) IOCs in production for the first time An infrastructure for soft IOCs had to be set up, that ensures Soft IOCs are started and stopped by the system (like system services) The application developer may manually start/stop any soft IOC Soft IOCs may be shifted easily to another host in case of hardware failure Console access and logging has to be done the same way as for VME IOCs CA should be able to distinguish between soft IOCs (access security, client side debugging)

Running the Soft IOCs Considerations Virtualization (VMware) was looked at and dropped: too thick for the small benefit of individual IPs for the soft IOCs Running the soft IOCs as dedicated users (one for each soft IOC) at least allows Access Security to tell them apart and keeps process listings obvious Background operation with attachable console is provided by using the screen application Approach All soft IOCs run on one dedicated Linux host another host is completely configured as cold standby An /etc/init.d/softioc script reads in a simple configuration file, allowing to set environment variables for each of the soft IOCs, and select the soft IOCs that are started automatically takes a list of IOC names as argument to allow manual starting/stopping starts the soft IOC in a screen session run as the dedicated user This fits neatly into the regular system service administration framework

Accessing the Soft IOC Console Considerations When the soft IOC gets started, its screen session gets the soft IOC name Using that name, you can use the screen client to connect to an existing session For ssh connections, you can configure a command to be executed for each key into the ~/.ssh/authorized_keys file Approach A key pair for console access was created For each of the soft IOC users, the matching screen client command was put in the ~/.ssh/authorized_keys file with the console access key E.g., for the user sioc5cp running the soft IOC sioc5cp under the screen session name sioc5cp, the line reads: command="screen -r sioc5cp" ssh-rsa AAAAB3NzaC1yc2EAAAA... Connecting by ssh to the user sioc5cp on the soft IOC host using the console access key will directly connect you to the soft IOC's console

Providing Console Access and Logging for all IOCs Conserver allows multiple users to watch a serial console at the same time (write access for one at a time; you can force taking over a console if you have sufficient rights) does authentication/authorization: user names, access rights (read/write/admin), password file or PAM logs the data, adding timestamps (every m lines, every n seconds, configurable format) plays back a motd and/or a configurable amount of history when client connects to a console client-server architecture using TCP (server can allow or require SSL) a network of multiple console servers sharing the same configuration will redirect a client connection to the appropriate server console server connects to the consoles using telnet, local serial line, arbitrary client application

Example: The Conserver Setup at BESSY ioc5 s1 s1 client redirect s2 s2 s3 s3 console ioc5 s3 is configured as default console server Two console servers (one in each facility) monitor the IOC consoles (using telnet to terminal servers) and soft IOC consoles (using ssh) A third server is fully configured and can take over easily when there's a failure The client machines can use any one of these servers. The suggested way is defining an DNS alias console for all domains and configure all machines to go to console Typing console <iocname> will get you to the console, no matter where it is hosted Logrotate is configured to keep two weeks of individual logs, two months of an unified log Access to log files is provided by cron jobs rsync'ing all log files to one location and running a web server providing access to that set of files

Logfiles and Problems Who cares about log events? Nobody cares about log events. Everybody cares about the problems that cause log events. (John P. Rouillard at the LISA 2004 conference) Problems can be: something that happened something that didn't happen something that didn't happen fast enough after something else happened something that happened too often in a certain time span something that didn't happen at a certain time... The log events have to be correlated to each other and to time to generate useful problem information.

In the Pipe: Logfile Analysis SEC (Simple Event Correlator) SEC is a highly configurable, rule-based tool for analyzing events in a file stream and take actions based on the results. Events are matched by regular expressions, perl subroutines etc. Actions can be user-specified shell scripts or programs SEC will be used to create a logfile analysis mechanism that identifies events and takes appropriate actions. Write email, send SMS messages, create problem reports in our Trac system,...

In the Pipe: Logfile Analysis Correlations Possible correlations cover a wide complexity range: Single - match input event and execute an action list.... Pair - match input event, execute an action list, and ignore the following matching events until some other input event arrives. On the arrival of the second event execute another action list.... SingleWith2Thresholds - count matching input events during t1 seconds and if a given threshold is exceeded, execute an action list. Then start the counting of matching events again and if their number per t2 seconds drops below the second threshold, execute another action list. Both event correlation windows are sliding. Correlations work across log files

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information