SPEAR3 Computer Network Reorganization Under Way

From left, Edgar Estebanez and Chris Ramirez examine some of the new networking equipment. (Photo by Lori Ann White.)

A multi-year project to reorganize the computer network for the SPEAR3 accelerator and beamlines is bearing fruit, according to Clemens Wermelskirchen, manager of the SPEAR3 control system and network, and his counterpart for the SPEAR3 beamlines, Martin George. The goal is to improve network performance and reliability—as vital to the performance of the accelerator and beamlines as mechanical upgrades and maintenance, Wermelskirchen said.

"The SPEAR3 control system can never go down," he stated. "If we lose a significant network component, we lose the accelerator." However, the previous organization of the network coupled with the growth of SSRL made the network increasingly difficult to support.

"Historically, [the network] was flat," Wermelskirchen said. "Offices, the accelerator, the beamlines—everything used to be on the same network."

In addition, network addresses were assigned essentially at random, according to George. "If you looked at an IP address, it didn't mean anything." An office computer could have an IP address adjacent to a control room console, making a logical separation of network components for, say, troubleshooting impossible.

"We also wanted to be more compliant with cyber-security policies for the accelerator and beamline sections of the network," Wermelskirchen added.

To solve these and other problems, teams from across the lab spent two-and-a-half years in planning and preparation, defining fourteen separate sub-networks that group computers and equipment by function. Such a structure uses well-controlled firewalls to isolate mission-critical control and data acquisition segments of the network from each other and from less critical, but possibly more vulnerable, segments, protecting them in the event another part of the network goes down.

Wermelskirchen stressed the intra-lab nature of the effort. "I would definitely like to mention all of the different SLAC groups that had to come together," he said. "Safety Systems, Power Conversion, Computing, other groups at SSRL." Once everyone affected was brought on board, the shutdown provided time to actually implement the changes. The SPEAR3 accelerator network was the main target during the shutdown, while the beamlines will be switched over to their new networks during the coming months.

Much of the work was handled by Chris Ramirez and Edgar Estebanez and their team, who manage the mission-critical network and computing infrastructure, and Stephanie Allison and Harvey Rarback of the SPEAR3 Controls Group.

Ramirez explained that one goal was to set up a more reliable, adaptable network—one that could not only respond easily to change and growth, but also have enough redundancy to absorb outages without the entire network coming down. Ramirez and Estebanez met the challenge by implementing a "virtualized" infrastructure—one in which multiple virtual components can be defined to exist on a single physical machine. The virtual components can be easily reconfigured, and if one goes down, its functions can quickly be shifted to another virtual component.

Such virtualization has the added benefit of reducing the amount of necessary equipment.

According to George, the network reorganization made a natural counterpoint to the mechanical upgrades and improvements also taking place during the shutdown.

"It's funny, because in a way, the stuff we're doing with the network reorganization and the upgrades to SPEAR3—it's not really separate projects. It's all the same project," George said. "It's all driven by 500 milliamps."

—Lori Ann White
SLAC Today, November 16, 2010

Handy Links

SLAC News Center

SLAC Today

SLAC News

Lab News

SLAC Links

Stanford

Around the Bay

SPEAR3 Computer Network Reorganization Under Way



Handy Links SLAC News Center News Center home page SLAC Today SLAC Today Subscribe Archives: Feb 2006-May 20, 2011 Archives: May 23, 2011 and later Submit Feedback or Story Ideas About SLAC Today SLAC News SSRL Headlines symmetry magazine TIP Archives Lab News Interactions Lightsources.org ILC NewsLine Int'l Science Grid This Week Fermilab Today Berkeley Lab News @brookhaven TODAY DOE Pulse CERN Courier DESY inForm US / LHC SLAC Links Emergency Safety Policy Repository Site Entry Form Site Maps M & O Review Computing Status & Calendar SLAC Colloquium SLACspeak SLACspace SLAC Logo Café Menu Flea Market Web E-mail Marguerite Shuttle Discount Commuter Passes Award Reporting Form SPIRES SciDoc Activity Groups Library Stanford Stanford University Stanford Report Stanford Events Life on Campus Around the Bay Bay Area Traffic Bay Area Weather Caltrain BART	SPEAR3 Computer Network Reorganization Under Way From left, Edgar Estebanez and Chris Ramirez examine some of the new networking equipment. (Photo by Lori Ann White.) A multi-year project to reorganize the computer network for the SPEAR3 accelerator and beamlines is bearing fruit, according to Clemens Wermelskirchen, manager of the SPEAR3 control system and network, and his counterpart for the SPEAR3 beamlines, Martin George. The goal is to improve network performance and reliability—as vital to the performance of the accelerator and beamlines as mechanical upgrades and maintenance, Wermelskirchen said. "The SPEAR3 control system can never go down," he stated. "If we lose a significant network component, we lose the accelerator." However, the previous organization of the network coupled with the growth of SSRL made the network increasingly difficult to support. "Historically, [the network] was flat," Wermelskirchen said. "Offices, the accelerator, the beamlines—everything used to be on the same network." In addition, network addresses were assigned essentially at random, according to George. "If you looked at an IP address, it didn't mean anything." An office computer could have an IP address adjacent to a control room console, making a logical separation of network components for, say, troubleshooting impossible. "We also wanted to be more compliant with cyber-security policies for the accelerator and beamline sections of the network," Wermelskirchen added. To solve these and other problems, teams from across the lab spent two-and-a-half years in planning and preparation, defining fourteen separate sub-networks that group computers and equipment by function. Such a structure uses well-controlled firewalls to isolate mission-critical control and data acquisition segments of the network from each other and from less critical, but possibly more vulnerable, segments, protecting them in the event another part of the network goes down. Wermelskirchen stressed the intra-lab nature of the effort. "I would definitely like to mention all of the different SLAC groups that had to come together," he said. "Safety Systems, Power Conversion, Computing, other groups at SSRL." Once everyone affected was brought on board, the shutdown provided time to actually implement the changes. The SPEAR3 accelerator network was the main target during the shutdown, while the beamlines will be switched over to their new networks during the coming months. Much of the work was handled by Chris Ramirez and Edgar Estebanez and their team, who manage the mission-critical network and computing infrastructure, and Stephanie Allison and Harvey Rarback of the SPEAR3 Controls Group. Ramirez explained that one goal was to set up a more reliable, adaptable network—one that could not only respond easily to change and growth, but also have enough redundancy to absorb outages without the entire network coming down. Ramirez and Estebanez met the challenge by implementing a "virtualized" infrastructure—one in which multiple virtual components can be defined to exist on a single physical machine. The virtual components can be easily reconfigured, and if one goes down, its functions can quickly be shifted to another virtual component. Such virtualization has the added benefit of reducing the amount of necessary equipment. According to George, the network reorganization made a natural counterpoint to the mechanical upgrades and improvements also taking place during the shutdown. "It's funny, because in a way, the stuff we're doing with the network reorganization and the upgrades to SPEAR3—it's not really separate projects. It's all the same project," George said. "It's all driven by 500 milliamps." —Lori Ann White SLAC Today, November 16, 2010