EUROTEV-Memo

EUROTeV-Memo-2005-xxx-1: GANMVL Design Specifications15.5.2006

Design Specification

for the Global Accelerator Network Multipurpose Virtual Laboratory (GANMVL)

GANMVL Collaboration

May 15, 2006

Abstract

EUROTeV-Memos are internal notes and can be published by any EUROTeV member and if thematically close to EUROTeV matters also by external collaborators. EUROTeV-Memos will not be refereed and should be used to document the technical and scientific progress of the tasks. EUROTeV-Memos will be published on www.eurotev.org and are default worldwide readable. A EUROTeV-Memo number will be assigned through the EUROTeV Scientific Coordinators.

Document revisions:

21.2.06, M.Kasemann

- included all contributions received so far

- Inconsistencies, open questions and missing parts marked in red

- no contribution from IGD yet, although high resolution equipment covered elsewhere

- still some overlap in the two architecture views provided by Roberto and Kay

- glossary collection incomplete and no descriptions

- send out as basis for GANMVL workshop 23-24.2.

22.2.06, M.Kasemann

- Extracts from the IGD contributed paper included

23.2.06, M.Kasemann

- Introduction added from F.Willeke

24.2.06, M.Kasemann

- corrected paragraphs for identity provision and secure networking using netlets

- remove description of wearable computers for mobile local server

24.3.06, M.Kasemann

- Contribution on help system included, see 5.1

- Contribution on optical beam diagnostic included, see 3.3.6

24.3.06

The following topics are still to be added in the design document:

how to grant/remove access to control room screens and applications using VNC(responsible: Pugliese, Rehlich)

Streamline document wrt. naming of components, add glossary (responsible Kasemann)

27.3.06 M.Kasemann

- documented edited, corrected component naming and video camera grabbing

15.5.06 F.Willeke, M.Kasemann

- HR video numbers are not documented

- HR video stream specification added

Table of contents

31Introduction

42High Level Architecture

42.1The Global Architecture of GANMVL

52.2Architecture of one GANMVL Node

63GANMVL Design Specification

63.1The GANMVL Remote Client

73.2Laboratory Server Components

73.2.1The Monitoring Infrastructure

83.2.2Identity provision

83.2.3Secure Connections through Netlet

83.2.4The Electronic Logbook

93.2.5Remote Control Software: VNC

93.3Local Server Components

103.3.1The Semi-Mobile Local Server Hardware

113.3.2The Mobile Local Server Hardware

113.3.3Video Cameras

123.3.4Integration of Test and Measurement Instruments

143.3.5Remote Control Software: VNC

143.3.6High Resolution Video streaming

153.3.7Specifications for Beam Optical Diagnostics

154Operational procedures and User Interfaces

154.1User Help Utility

154.2An Example GANMVL session

17Glossary

17Acknowledgement

18References

1 Introduction

The most likely scenario of a linear collider is that it will be built by a collaboration of existing laboratories, which will remain involved during the operation of the accelerator. Advanced means of communication will be necessary to support efficient collaboration. GANMVL[1] is a project which will design and build a novel collaboration tool and test it on existing accelerator collaborations. GANMVL is the acronym for "Global Accelerator Network Multipurpose Virtual Laboratory". The tool is a mobile communication centre which provides immersive video and audio capture and reproduction of an accelerator control room, a laboratory workplace environment or an accelerator hardware installation. It is able to connect to standard measurement equipment (scopes, network analyzers etc.) and to elements of accelerator controls and make these connections available to a remote client. The remote user should be enabled to participate in accelerator studies, assembly of accelerator components, trouble shooting of hardware or analysis of on-line data as if he or she would be present on site. The GANMVL project will provide valuable experience of a new way in designing, building and operating large accelerator complexes, and will address the important psychological and sociological issues of the Global Accelerator Network.

GANMVL integrates video capture, audio capture, and connectivity of virtual instruments, access to control system in one portable and mobile system which is located at various locations on the accelerator site, which can provide the all the corresponding information and connections necessary for a remote expert to participate in a large variety of activities on the accelerator site.

The most important feature of MVL is that it is operated in a turn-key fashion, so that no experts are necessary to start up and to configure the system and the system can be used in an ad-hoc manner for example in an emergency situation.

2 High Level Architecture

2.1 The Global Architecture of GANMVL

Several GANMVL setups will exist at laboratories serving different user groups (Virtual Organisations, VO). Therefore GANMVL has a multi-tier architecture: one GANMVL setup or node for each institute or laboratory in the VO plus some centralized service to support the connection of the different GANMVL nodes in the VO. The GANMVL node represents a sort of Point Of Presence in the GANMVL VO.

A GANMVL node consists of at least 2 components:

the Laboratory Server

a Station or set of Local Servers (LS)

The Laboratory Server is an application server usually installed on a single host, running the portal application, the user and project database and all the infrastructure components need to allow a secure access to the laboratory resources in the VO. The Laboratory Server manages a (possibly) infinite number of Local Servers, and activates actions implemented by agents running in the local servers.

The Laboratory Server can support more Stations (e.g. a control room station, a mobile or semi mobile station etc). Each Station is implemented by at least one Local Server (LS). Stations can share resources and tools. The LS allows an easy integration of controls and instruments.

The remote collaborator will use his or her PC as a remote client equipped with a web browser, possibly videoconference equipment and if the case with a projector.

All the communication between the different NS and between the Laboratory Server and the LS is done via webservices secured with X.509 certificates.

VO supporting services are centralized but implemented in such a way to allow a single GANMVL Node to work properly even without them. Example of VO supporting services are an information system which registers all the nodes in the VO, videoconference support services (i.e. Reflectors), a common software repository and possibly a monitoring infrastructure service.

The global GANMVL architecture and the components are shown in Figure 1.

2.2 Architecture of one GANMVL Node

The architecture of the GANMVL setup for one user group or VO is shown in Figure 2; it consists of three main building blocks: a remote client as a station for an expert at a remote site, a Laboratory Server as the fixed station that manages the Web pages and authentications, and one or more Local Servers as stations close to the accelerator or facility to control. The remote client can be any PC or Laptop with an internet connection. A common Web browser like Mozilla Firefox or the Internet Explorer is used to contact the Web server of the Laboratory Server.

The Laboratory Server provides the main Web page of the project and allows the user to login. The connection is established via a Secure Network link (https) by means of an automatic download of a JAVA applet from the Laboratory Server to the remote client. This applet functions as a gateway between the client and all used services on the host site. All different port connections are tunnelled through this gateway in a secure link. On the Laboratory Server side a gateway proxy unfolds the different port links and switches in a transparent way the connections to all services. In addition the Laboratory Server handles the authentication procedures to allow a single sign-on for all applications. Furthermore this server provides the access to the control system of the facility by a VNC server. VNC serves as a host that shares a display for the connected clients. This schema allows using the control system applications of the facility site without opening the firewall for network connections to the control system. Also the programs must not be transferred to client stations. Instead a Java applet as a thin client in a Web browser shows the control system applications. It is not required to run the VNC server on the same Laboratory Server. Any computer in the facility could be used even with additional firewalls in between.

The third building block in the architecture is one or more Local Servers. This station is used to connect instruments, e.g. scopes or spectrum analyzers, or high resolution cameras to the facility in order to allow a remote expert to do measurements or to support maintenance and construction work. A video conference installation on the Local Server provides the communication between the local and remote sites. Links to the remote sites are all tunnelled by the proxy gateway in the Laboratory Server. Authentication is also checked by the Laboratory Server to allow the users to login once for the