|
Size: 3110
Comment:
|
Size: 3580
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
| The KAGRA network is protected by two levels of private network. The | The KAGRA network is protected by two levels of private network. |
| Line 12: | Line 12: |
| Apply to Miyoki-san, miyoki AT icrr.u-tokyo.ac.jp, for ICRR VPN credentials, and install the Cisco VPN software. Logging onto a control room workstation can be done via terminal commands (preferably from a computer with X Windows available) or with Microsoft Remote Desktop Connection. On the Mac, MRDC is available on the [[https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417?mt=12|App Store]]. |
|
| Line 13: | Line 17: |
| Apply to Miyoki-san, miyoki AT icrr.u-tokyo.ac.jp, for ICRR VPN credentials, and install the Cisco VPN software. | |
| Line 19: | Line 22: |
| and enter your credentials: | then enter your credentials: |
| Line 23: | Line 26: |
| Note that this will disrupt any existing terminal sessions and downloads on your computer, and may disrupt some browser sessions. | Note that this will disrupt any running terminal sessions and downloads on your computer, and may disrupt some browser sessions. |
| Line 29: | Line 32: |
| Alberts-Mac:~ aeinstein$ ssh -Y controls@172.16.33.11 # need to use the external IP number of k1gate | Alberts-Mac:~ aeinstein$ ssh -Y controls@172.16.33.11 # need to use the external IP number of k1gate |
| Line 31: | Line 34: |
| [controls@k1gate ~]$ ssh -Y controls@k1ctr0 # can use "k1ctr0" or the like here | [controls@k1gate ~]$ ssh -Y controls@k1ctr0 # can use "k1ctr0" or the like here |
| Line 38: | Line 41: |
| Workstation k1ctr4 is configured for Microsoft Remote Desktop Connection. Using MRDC has the advantage that the connection is preserved unless you specifically log out, so it's useful if you want to set up long-running tasks like transfer functions from a laptop or other computer that you can't conveniently leave turned on and in the one place. However it requires some fancy port-forwarding to work around the gateway machine. | Workstations k1ctr2, k1ctr3 and k1ctr4 are configured for Microsoft Remote Desktop Connection. Using MRDC has the advantage that the session on the workstation is preserved unless you specifically log out, so it's useful if you want to set up long-running tasks like transfer functions from a laptop or other computer that you can't conveniently leave turned on and in the same place. Information about your session is stored in a .rdp file on your local machine, so multiple people can login from different machines and have their own independent sessions. |
| Line 40: | Line 43: |
| First install Microsoft Remote Desktop Connection if you don't already have it. On the Mac it is available on the [[https://itunes.apple.com/us/app/microsoft-remote-desktop/id715768417?mt=12|App Store]]. | However MRDC requires some fancy port-forwarding to work around the gateway machine. |
| Line 42: | Line 45: |
| Connect to the ICRR VPN as described above. | To use MRDC, first connect to the ICRR VPN as described above. |
| Line 44: | Line 47: |
| Open a terminal window and log in as controls to the gateway machine, setting up port forwarding from port 3389 (the default port for MRDC) on the workstation 10.68.10.54 to port 3390 (an arbitrary number) on your local machine. | Open a terminal window and log in as controls to the gateway machine, setting up port forwarding from port 3389 (the default port for MRDC) on the workstation 10.68.10.54 to port 3390 (an arbitrary number) on your local machine. You will need to enter the gateway password (but not the workstation password at this point). |
| Line 48: | Line 51: |
| controls@172.16.33.11's password: | |
| Line 56: | Line 60: |
| There may be a warning dialog - click Connect: | There may be a warning dialog - if so, click Connect: |
KAGRA VIS Operations Manual - Remote Operation
Note: The IP numbers for key computers shown below are subject to change. The most up-to-date values can be found at KAGRA/Subgroups/DGS/IP.
General Info
The KAGRA network is protected by two levels of private network. From the general Internet, it can only be accessed by a three-step process:
- Use VPN software and ICRR credentials to get onto the ICRR private network.
- Log onto the gateway machine for the KAGRA network (k1gate, 172.16.33.11).
- Log onto a control room workstation (e.g., k1ctr0, 10.68.10.50) or other computer of interest.
Apply to Miyoki-san, miyoki AT icrr.u-tokyo.ac.jp, for ICRR VPN credentials, and install the Cisco VPN software.
Logging onto a control room workstation can be done via terminal commands (preferably from a computer with X Windows available) or with Microsoft Remote Desktop Connection. On the Mac, MRDC is available on the App Store.
ICRR VPN
To access the ICRR VPN, enter the ICRR VPN server:
then enter your credentials:
Note that this will disrupt any running terminal sessions and downloads on your computer, and may disrupt some browser sessions.
== Login via ssh ==
Open a terminal window and log into first the gateway machine and then a workstation or other computer:
Alberts-Mac:~ aeinstein$ ssh -Y controls@172.16.33.11 # need to use the external IP number of k1gate controls@172.16.33.11's password: [controls@k1gate ~]$ ssh -Y controls@k1ctr0 # can use "k1ctr0" or the like here controls@k1ctr4's password:
The gateway password and the workstation password are different. Ask a DGS member what they are. The -Y flag sets up X forwarding so that if you have X Windows software installed (e.g., Xquartz for Mac) you can have workstation windows appear on your own machine.
Login via Microsoft Remote Desktop Connection
Workstations k1ctr2, k1ctr3 and k1ctr4 are configured for Microsoft Remote Desktop Connection. Using MRDC has the advantage that the session on the workstation is preserved unless you specifically log out, so it's useful if you want to set up long-running tasks like transfer functions from a laptop or other computer that you can't conveniently leave turned on and in the same place. Information about your session is stored in a .rdp file on your local machine, so multiple people can login from different machines and have their own independent sessions.
However MRDC requires some fancy port-forwarding to work around the gateway machine.
To use MRDC, first connect to the ICRR VPN as described above.
Open a terminal window and log in as controls to the gateway machine, setting up port forwarding from port 3389 (the default port for MRDC) on the workstation 10.68.10.54 to port 3390 (an arbitrary number) on your local machine. You will need to enter the gateway password (but not the workstation password at this point).
Alberts-Mac:~ aeinstein$ ssh -L:3390:10.68.10.54:3389 controls@172.16.33.11 controls@172.16.33.11's password:
Leave this terminal session open.
Finally, use MDRC to connect to local port 3390:
There may be a warning dialog - if so, click Connect:
Finally enter "controls" and the password:
