KAGRA VIS Operations Manual - Remote Operation

Note: The IP numbers for key computers shown below are subject to change. The most up-to-date values can be found at KAGRA/Subgroups/DGS/IP.

General Info

To work remotely, you are required to have a "buddy" at Kamioka who can liaise with other groups who might be working on the computer system or interferometer.

The KAGRA network is protected by two levels of private network. From the general Internet, it can only be accessed by a three-step process:

1. Use VPN software and ICRR credentials to get onto the ICRR private network.
2. Log onto the gateway machine for the KAGRA network k1gate via its external IP address, 172.16.33.11.
3. Log onto a control room workstation (e.g., k1ctr0 ... k1ctr5) or other computer of interest.

From the k1ctrA and k1ctrG wireless networks, the first two steps can be skipped.

Apply to Miyoki-san, miyoki AT icrr.u-tokyo.ac.jp, for ICRR VPN credentials. Cisco VPN software is required.

Logging onto a control room workstation can be done via terminal commands (preferably from a computer with X Windows available) or with Microsoft Remote Desktop Connection. On the Mac, MRDC is available on the App Store.

ICRR VPN

To access the ICRR VPN, enter the ICRR VPN server:

then enter your credentials:

Note that this will disrupt any running terminal sessions and downloads on your computer, and may disrupt some browser sessions.

== Login via ssh ==

Open a terminal window and log into first the gateway machine and then a workstation or other computer:

Alberts-Mac:~ aeinstein$ ssh -Y controls@172.16.33.11   # need to use the external IP number of k1gate 
controls@172.16.33.11's password: 
[controls@k1gate ~]$ ssh -Y controls@k1ctr0   # can use "k1ctr0" or the like here
controls@k1ctr4's password:

The gateway password and the workstation password are different. Ask a DGS member what they are. The -Y flag sets up X forwarding so that if you have X Windows software installed (e.g., Xquartz for Mac) you can have workstation windows appear on your own machine.

Login via Microsoft Remote Desktop Connection

Workstations k1ctr2, k1ctr3 and k1ctr4 are configured for Microsoft Remote Desktop Connection. Using MRDC has the advantage that the session on the workstation is preserved unless you specifically log out, so it's useful if you want to set up long-running tasks like transfer functions from a laptop or other computer that you can't conveniently leave turned on and in the same place. Information about your session is stored in a .rdp file on your local machine, so multiple people can login from different machines and have their own independent sessions.

However MRDC requires some fancy port-forwarding to work around the gateway machine.

To use MRDC from the general Internet, first connect to the ICRR VPN as described above.

Then set up port forwarding. (Even if you're connecting from the k1ctrA or k1ctrG wireless networks, it's useful to do the port forwarding so that MRDC sees the same environment every time.) Open a terminal window and log in as controls to the gateway machine, setting up port forwarding from port 3389 (the default port for MRDC) on the workstation k1ctr2/k1ctr3/k1ctr4 to port 3390 (an arbitrary number) on your local machine. You will need to enter the gateway password (but not the workstation password at this point).

Alberts-Mac:~ aeinstein$ ssh -L:3390:k1ctr2:3389 controls@172.16.33.11 # or ... controls@10.68.10.1 if from k1crtA or k1ctrG wireless networks
controls@172.16.33.11's password: 

Leave this terminal session open.

Finally, use MDRC to connect to local port 3390:

There may be a warning dialog - if so, click Connect:

Enter "controls" and the password, and click OK:

The workstation virtual desktop comes up in a window:

The size of the virtual desktop can be adjusted in MRDC settings. If you are logged in, you will need to log out of the workstation and back in again to have the change take effect.