| Paper |
Title |
Page |
| TUP020 |
Role Based Access Control in the LHC : The RBAC Project - First Deployment in LHC Operation
|
1 |
| |
- P. Charrue, W. Sliwinski, M. Sobczak, I. Yastrebov
CERN, Geneva
- S. R. Gysin, E. S.M. McCrory, A. D. Petrov
Fermilab, Batavia
|
|
| |
Operating the LHC, its high energy stored in the magnets and the multitude of devices settings demand a strict control on who can do what. A Role Based Access infrastructure has been designed and deployed for the LHC. A simple identification based on username/password is translated into an operational role by the RBAC server and this role is then transmitted and checked on the device level to grant or deny access. The RBAC infrastructure has been commissioned in the summer 2008 and used in operation for the first time for the first LHC beams. This presentation will describe the RBAC architecture, its technical choices and its operational deployment. The outcome of the first deployment in LHC operation will be presented, together with the future plans.
|
|
| WEP099 |
Management of Critical Machine Settings for Accelerators at CERN
|
594 |
| |
- W. Sliwinski, P. Charrue, V. Kain, G. Kruk
CERN, Geneva
|
|
| |
In high energy accelerators as LHC energy stored in the beams is orders of magnitude above the damage level of accelerator components like magnets. Uncontrolled release of energy can lead to a serious damage of equipment and long machine downtimes. In order to cope with these potential risks Protection Systems were developed at CERN including two software systems: MCS (Management of Critical Settings) and RBAC (Role Based Access Control). RBAC provides means for authentication and an authorization facility which grants access to the critical parts of a control system. Second layer of security is provided by MCS by ensuring that critical parameters are coherent within the software and hardware components of a control system and can only be changed by an authorized person. MCS system is aimed for the most critical and potentially dangerous equipment (e.g. Beam Loss Monitors) and is complementary to RBAC infrastructure. Both systems are fully integrated in the control system for LHC and SPS and were successfully commissioned for the first beam in LHC. This presentation will describe the MCS architecture, current status and its operational deployment together with plans for the future.
|
|
| THP085 |
An Integration Testing Facility for the CERN Accelerator Controls System
|
838 |
| |
- N. Stapley, M. Arruat, J. C. Bau, S. Deghaye, C. G.A. Dehavay, W. Sliwinski, M. Sobczak
CERN, Geneva
|
|
| |
A major effort has been invested in the design, development, and deployment of the LHC Control System. This large control system is made up of a set of core components and dependencies, which although are tested individually, are often not able to be tested together on a system capable of representing the complete control system environments including hardware. Furthermore, the control system is being adapted and applied to CERN's whole accelerator complex and particularly the forthcoming renovation of the PS accelerators. To ensure quality is maintained as the system evolves, and to improve defect prevention, the Controls group launched a project to provide a dedicated facility for continuous, automated, integration testing of its core components to incorporate into its production process. We describe the project, initial lessons from its application, status, and future directions.
|
|