SPEAR3 Computer Network Reorganization Under Way
A multi-year project to reorganize the computer network for the SPEAR3 accelerator and beamlines is bearing fruit, according to Clemens Wermelskirchen, manager of the SPEAR3 control system and network, and his counterpart for the SPEAR3 beamlines, Martin George. The goal is to improve network performance and reliability—as vital to the performance of the accelerator and beamlines as mechanical upgrades and maintenance, Wermelskirchen said.
"The SPEAR3 control system can never go down," he stated. "If we lose a significant network component, we lose the accelerator." However, the previous organization of the network coupled with the growth of SSRL made the network increasingly difficult to support.
"Historically, [the network] was flat," Wermelskirchen said. "Offices, the accelerator, the beamlines—everything used to be on the same network."
In addition, network addresses were assigned essentially at random, according to George. "If you looked at an IP address, it didn't mean anything." An office computer could have an IP address adjacent to a control room console, making a logical separation of network components for, say, troubleshooting impossible.
"We also wanted to be more compliant with cyber-security policies for the accelerator and beamline sections of the network," Wermelskirchen added.
To solve these and other problems, teams from across the lab spent two-and-a-half years in planning and preparation, defining fourteen separate sub-networks that group computers and equipment by function. Such a structure uses well-controlled firewalls to isolate mission-critical control and data acquisition segments of the network from each other and from less critical, but possibly more vulnerable, segments, protecting them in the event another part of the network goes down.
Wermelskirchen stressed the intra-lab nature of the effort. "I would definitely like to mention all of the different SLAC groups that had to come together," he said. "Safety Systems, Power Conversion, Computing, other groups at SSRL." Once everyone affected was brought on board, the shutdown provided time to actually implement the changes. The SPEAR3 accelerator network was the main target during the shutdown, while the beamlines will be switched over to their new networks during the coming months.
Much of the work was handled by Chris Ramirez and Edgar Estebanez and their team, who manage the mission-critical network and computing infrastructure, and Stephanie Allison and Harvey Rarback of the SPEAR3 Controls Group.
Ramirez explained that one goal was to set up a more reliable, adaptable network—one that could not only respond easily to change and growth, but also have enough redundancy to absorb outages without the entire network coming down. Ramirez and Estebanez met the challenge by implementing a "virtualized" infrastructure—one in which multiple virtual components can be defined to exist on a single physical machine. The virtual components can be easily reconfigured, and if one goes down, its functions can quickly be shifted to another virtual component.
Such virtualization has the added benefit of reducing the amount of necessary equipment.
According to George, the network reorganization made a natural counterpoint to the mechanical upgrades and improvements also taking place during the shutdown.
"It's funny, because in a way, the stuff we're doing with the network reorganization and the upgrades to SPEAR3—it's not really separate projects. It's all the same project," George said. "It's all driven by 500 milliamps."
—Lori Ann White