Speaker
Description
Remote participation to experiments poses the challenge of allowing users connected from all around the world real-time access to the control room screens. The risks that have to be handled come into two categories:
1) IT security risks
2) Operation risks
The EPICS Data Diode was developed as a mechanism to allow running OPIs in a guaranteed read-only fashion on a computer network separated from that where the EPICS PVs are generated and used. The main difference with other similar tools such as the EPICS gateway is that the Diode ensures intrinsically a mono-directional streaming from the sender (client) to the receiver (server) preventing anyone accessing to the receiver to change the EPICS environment on the sender (by accident or not).
The current adopted streaming communication protocol is HTTP fully built on top the TCP transport layer, which allows routing through firewalls and proxies, making the Diode suitable for long distance communication.
The Diode collects the PVS in the technical network, then streams them over a network connection, and finally recreates the same PVs on a different network.
To give a concrete use case, it ensures a one-way pushing of the EPICS variables from a not-accessible technical network connected to critical instrumentation to a user-accessible network, to monitor and eventually store the PV values over the machine operation time, preventing any access to the technical network. The EPICS environment of the technical network is recreated remotely to allow the users to monitor the machine operations on the OPIs, or to store a history of the PVs values since their original timestamps are also preserved.