How to control the DCS computer via VNC

Through a LINUX connection

---------------------------------------

The DCS control computer is a Win2000 machine. Thus, one must go out of one's way to control it over the network. To make matters more difficult, access to the machine is limited to machines on its own subnet for security reasons. So, one must connect through the minos-gateway machine, which requires kerberos or cryptocard authentication.

Things to have installed on your local machine:

1. the VNC viewer (the client - you don't need a server. In fact, a locally running server complicates things). vnc rpms are available with your RedHat install (perhaps in the "powertools" section if you have an obsolete version of the distribution). vnc debian packages are also available (need details for this though). Or, you can download the source, other flavors of unix binaries, or the windows client from RealVNC.com. TightVNC is another free implementation of a different flavor.

2. ssh. If you're sitting at a windows client, there are ways to use ssh-enabled terminal emulators (such as putty) to establish the port forwarding. See below for details. Another option is to install the command line version using the Cygwin package of unix libraries . Then you can run the real ssh in the same fashion as from a unix machine.

Here are one, two, three other websites about vnc/ssh tunneling. Concentrating on the windows side, but might give you a broader overview than this page.

First, establish an ssh connection to minos-gateway.minos-soudan.org. Substitute your minos-gateway account name for username:

ssh -l username -C -g -L 5901:198.124.213.65:5900 198.124.213.3

This establishes a shell login on minos gateway, but also sets up a port forwarding tunnel from your localhost's port 5901 to the DCS machine's 5900, through minos-gateway (the IP address sandwiched between the ports). The -C compresses the datastream, which may or may not speed up your connection.

Next, run the VNC client software, which opens a window mirroring the screen on the DCS machine.

vncviewer -FullColor localhost:1

(old vnc versions try this instead: vncviewer -encodings "copyrect hextile" localhost:1)

The -encodings "blah blah" option works around a lack of packet compression which happens over the localhost device on older unix machines, you won't need that option on a windows client or modern vnc. Also, on a windows client you will want to substitute your local machine's name in place of localhost.

A window will pop up asking for the VNC server's password. This is currently the standard "numi" account password.

You now have a window mirroring the DCS machine's console. Be nice.

A couple of notes:

The VNC server must be running on the DCS machine for this to work. It is supposed to be this way at boot, so if all else fails check with people in the control room to see if something is hung.

If more than one person tries to control the console, either via another VNC session or physically in front of the machine, you will fight for control of the mouse and keyboard.

MS Windows SSH tunnels

OK, now that you are an expert at setting up a linux connection I will show you how to do it with Windows which is required if you NEED to control the chiller. (Chiller instructions follow this section)

Establish an SSH connection to gateway. You have to set up the tunneling or port forwarding here. I use Putty since it is free and works very well with the crypto cards. The program is available at http://www.chiark.greenend.org.uk/~sgtatham/putty/ . If you read the instructions for Linux you should understand what most of this does.

Note that I have 3 different tunnels set up. The first is for DAQ, the second is for the chiller, and last for DCS. This setup should work for 99% of our needs on the far detector. After adding the three local tunnels, remember to save the session. I have several saved below, but only one is needed with all three tunnels.

Once saved you can just load it in the future or save it as default so it automatically loads. Click on open and you will then get a prompt asking what name to login with. This is your GATEWAY login account which is kerberized. You should know how to use your Crypto card already so I won’t go into details here.

Once you have established the connection, you can shrink the screen to get it out of the way.

Establishing a VNC to DCS

Now we use a program to open a window to the DCS machine. The program I use is Tight VNC from

http://www.tightvnc.com/ (also free). Once again, do not start up a server session. Not much to do to establish the connection.

You have the local ports set to go to the tunnel to the machine you want to control. The port can be 5901 or just 1. In the previous examples this is the DCS machine set for this port. DAQ is 3 or 5703. once again, the program will prompt you for a session password. For DCS it is the numi one. It may take a while to load the screen but that is all there is to it.

Chiller Telnet Session

Very simple set up here too. You can just type in a command window or the run dialog in the start bar

telnet localhost 5906

this starts the windows telnet using the port to the chiller 5906. If you want to make an icon on the desktop, the example shows what needs to be in the Target box.

a couple notes about the chiller control

Use the enter key on the number pad. Return on the main keypad does not send the same thing.

DO NOT change things without knowing what you are changing and always log out so DCS can get its readings.