Speaker
Peter Chochula
(CERN)
Description
In the design of the control system for the ALICE experiment much
emphasis has been put on cyber security. The control system operates on
a dedicated network isolated from the campus network and remote access
is only granted via a set of Windows Server 2003 machines configured as
application gateways. The operator consoles are also separated from the
control system by means of a cluster of terminal servers. Computer
virtualization techniques are deployed to grant time-restricted access for
sensitive tasks such as control system modifications. This paper will
describe the global access control architecture and the policy and
operational rules defined. The role-based authorization schema will also
be described as well as the tools implemented to achieve this task. The
authentication based on smartcard certificates will also be discussed.
Author
Peter Chochula
(CERN)
Co-authors
Andre Augustinus
(CERN)
Lennart Jirden
(CERN)
Peter Rosinsky
(CERN)
