Computing and Network Infrastructure for Controls CNIC Context? Why CNIC? What is CNIC? CNIC Phases...

Computing and Network Infrastructure for Controls

CNIC

• Context?

• Why CNIC?

• What is CNIC?

• CNIC Phases and Definitions

• CNIC Status and Manpower

• Conclusion Uwe Epting on behalf of the CNIC-WG

11 October 2005 CNIC at ICALEPCS 2005 - Uwe Epting, CERN, TS/CV 2

Context

• Control Systems– Increasing use of standard IT equipment

• Before

– Specific hard- and software solutions

• Today:

– Workstations and PCs

– Windows or Linux operating systems

– Increasing use of standard networks (Ethernet, TCP/IP)• Before

– Private networks and fieldbuses

• Today

– Large use of Ethernet and remote monitoring also for control systems


Why CNIC?

• Security problems– Increasing risk of virus infections

– Instabilities due to port scans or denial of service attacks (DOS)

– Access and equipment manipulation by error (e.g. wrong IP address)

– Old “unsecure” equipment• No security implemented

• Security updates not available

– Time constraints• Equipment stop not always possible for applying patches

• Important number of equipment needs to be updated at the same time

• Beam and physics operation relies on a stable and secure environment


What is CNIC?

– Working Group delegated by the CERN Controls Board• Mandate covers only control systems, not office computing

– Working group for the definition of • CERN wide security policy

• CERN wide networking aspects

• Operating systems configuration (Windows and Linux)

• Services and support

– Members should cover all CERN controls domains and activities

• Service providers (mainly IT department)

• Service users (mainly Accelerator and Technical Departments)


CNIC mandate

• Tools for system maintenance (NICEFC and LINUXFC).

• Tools for setting up and maintaining many different Controls Network domains. A domain is defined to be a collection of systems under a single management responsibility.

• Rules and policies for what can be connected to a domain and an authorization procedure. For example, this should cover wireless communications and portable computers.

• Ground rules, policies and mechanisms for inter-domain communications.

• Ground rules, policies and mechanisms for communications between controls domains and the Campus Network (and hence the Internet).

• Document all domains of use and in each case obtain from the group(s) concerned the name of the person designated to have technical responsibility, the person with hierarchical responsibility for giving the necessary authorization and their backups.

• Investigate with help from IT/CS what technical means could be provided to ensure the defined policies are complied with, and propose an implementation plan.


Requirements and

Definitions

Operating SystemNetwork

I

CNIC Phases

Implementation Operation

II III

• Phase I - CNIC policy:

– “DESIGN, SETUP AND OPERATION OF THE CERN

CONTROL SYSTEM ENVIRONMENT”

• Description of concepts

• Definition of terms

• Definition of policies

Main Chapters - Security Policy - Networking - Operating System and Tools - Services

09/2004 01/2005 07/2005 01/2006


Security Policy

• Network Domains– Physical network segregation + Functional Sub-Domains (FSD)

• Hardware Devices– No USB, modems, CDs, wireless …

• Operation System– Central installation + Strategy for security patches

• Software– Development guidelines, installation and test procedures

• Logins and passwords– Traceability, no generic accounts, strong passwords

• Training

• Security Incidents and Reporting


Networking

• General Purpose Network (GPN)– Desktop Computing, testing, access from outside, …

• Technical and Experiment Network (TN and EN)– Only operational devices

– Authorization procedure

• Inter domain communications– Application Gateways + Trusted services

• Network monitoring and intrusion detection– Performance and statistics

– Disconnection on “breakpoints”

• Testing– TOCSSiC (hostile network environment)


Operating System and Tools• NICEFC and LINUXFC

– Centrally managed and distributed• Today: Windows XP SP2 (NICE XP), Scientific Linux CERN 3

(SLC3)

• Named Set of Computers (NSC)– Groups of computers with identical basic configuration

– Responsible persons will be contacted in case• of emergency and

• if security patches etc. need to be applied.

• Configuration– Version management database

• Operating System (LINUXFC or NICEFC)

• User defined software packages (e.g. PVSS, …)

– Rollback to previous version possible


Services

• Operation and Maintenance– IT support for:

• Standard equipment

• Network connections (24h/d, 365d/year)

• Operating System installation

• Security patches

• Test Environment– Vulnerability Tests (TOCSSiC)

– Integration Tests (test bench per domain necessary)

• Hardware Support– Standard PCs (e.g. office)

– “Industrial” PCs (a few models should cover most requirements)


Phase II: Implementation

• Deployment of CNIC policy

IIIIIICNIC Policy Approval

Training on policy and tools

Deployment

PilotDev.

PilotDev.

PilotDev.

Spec’s

NICEFC: Spec’s

Spec’sLinuxFC:

Networking:

09/2004 01/2005 07/2005 01/2006 07/2006

WTS:

Awareness campaign

• Implementation of tools for

configuration, management & maintenance

• Installation of Windows Terminal Servers

• User Training

Install. Pilot Operation

Operation

Operation

Operation

• Operation


CNIC Manpower09/

200410/

200411/

200412/

200401/

200502/

200503/

200504/

200505/

200506/

200507/

200508/

200509/

200510/

200511/

200512/

200501/

200602/

200603/

200604/

200605/

200606/

200607/

2006

CNIC policy

Awareness campaign

approval

Spec NETWORK toolsSpec LINUXFC toolsSpec NICEFC tools

develop NETWORKdevelop LINUXFCdevelop NICEFC

pilot NETWORKpilot LINUXFCpilot NICEFC

NETWORK tools operationalLINUXFC tools operationalNICEFC tools operational

Install pilot operationWTS:

TRAINING: CNIC policy and tools

deploy CNIC policy

CNIC policy in operation:

Packaging support- NICEFC- LINUXFCProposal: IT1 person (missing)

WTSInstallation, supportProposal: IT1 person (planned)

CNIC operation- administration- user supportProposal: domainsForesee 1 person/domain

Tools- development, supportProposal: IT3 persons assigned to IT .




Conclusion

• Awareness and acceptance for changes is very important– Investment vs. advantages

• Decisions and proposals must be backed up by management– Availability of manpower and resources

• Very constructive attitude in the CNIC-WG – Once people understood the reasons

• Many technical questions and reservations from the “users”– Treated as Use Cases

– Must be answered with real/practical solutions !

• Difficult to get acceptance …– … before tools and examples can be shown.


Questions ?

Check the CNIC website for more information:

http://cern.ch/wg-cnic

?


CNIC members

• TS– Uwe EPTING - TS/CSE– Søren POULSEN - TS/EL

• AB– Pierre CHARRUE - AB/CO– Mike LAMONT - AB/OP– Patrick LIENARD - AT/MAS

• IT/CO– Bruce FLOCKHART - IT/CO– Stefan LÜDERS - IT/CO

• Experiments– Beat JOST - PH-LBC– Guiseppe MORNACCHI - PH/ATD– Martti PIMIÄ - PH/CMC– Peter CHOCHULA - PH/AIT

• Network – David FOSTER - IT/CS– Jean-Michel JOUANIGOT - IT/CS– Nils HØIMYR - IT/CS– Nuno CERVAENS COSTA - IT/CS

• NICEFC– Alberto PACE - IT/IS– Ivan DELOOSE - IT/IS

• LINUXFC– Jan IVEN - IT/ADC– Matthias SCHRÖDER - IT/ADC

• Security– Denise HEAGERTY - IT/DI– Lionel CONS - IT/DI

Computing and Network Infrastructure for Controls

CNIC

Uwe Epting on behalf of the CNIC-WG


Use Case 1 - Office connection

• Connection to controls monitoring system (e.g. PVSS) from office PC– Connection to

application gateway (e.g. Windows Terminal Server).

– Open session to application (e.g. PVSS) with connection to controls machine and PLCs.


Use Case 2 - Sensitive equipment

• Vulnerable devices (e.g. PLCs) must be protected against security risks from the network– Group them in Functional Sub-Domains (FSD)

– Access only possible from the host system that controls them• External access

to the host system

via application

gateway

Computing and Network Infrastructure for Controls CNIC Context? Why CNIC? What is CNIC? CNIC Phases...

Documents

Transcript of Computing and Network Infrastructure for Controls CNIC Context? Why CNIC? What is CNIC? CNIC Phases...