Authorized users of the Accelerator Controls console system can run an ACNET Console Instance and have it display on any workstation which supports the X Window protocol. This includes Linux workstations, PC's with Cygwin-X, and Macs with XQuartz.
The Accelerator Controls system is on a protected network located behind a firewall. Kerberos authentication is required to access control system computers from outside the firewall. Two kerberized systems called OUTLAND.FNAL.GOV and OUTBACK.FNAL.GOV have been set up as gateway nodes. It is necessary to login to OUTLAND or OUTBACK in order to login to nodes inside the firewall. When users request a console account, they are also given accounts on outland and outback. The gateway nodes only support access using the SSH protocol with Kerberos authentcaton.
Most Accelerator Division PC's have Cygwin-X, MIT Kerberos for Windows, and the Accelerator Controls Customizations for Windows Users installed. This allows a user to start an ACNET console by clicking on an icon. See Install on Home PC for installing this software on other PC's.
The Accelerator Controls Customizations for Windows Users is a series of shortcuts and scripts which make running an ACNET console and developing Controls programs easier. The details of dealing with the gateway nodes (outland and outback), X server, and Kerberos tickets are scripted. The modifications include:
New versions of the Accelerator Controls Customizations are released from time to time in order to fix bugs, add new features, or to track changes in the control system and other software. (Release Notes here) The latest version can be installed as follows:
Download and execute acnet-custom-installer.
To start an ACNET console, do one of the following:
To stop the console:
There are a few issues which can come up when running an ACNET console at home. Your home router will most likely block outside connections to your PC's X server.
The easiest way to run a console behind a home router is to use the "CnsRun VIASSH" item in the Start->Programs->Accelerator Controls menu. This will use the ssh X11 forwarding to tunnel your X connection through your router.
Home users can use the Controls Web Proxy to access Fermilab web pages which are restriced to on-site access and web servers which are inside the controls firewall.
Another way around home router problems is to use the Fermilab VPN. The VPN will also allow you to access restricted Fermilab web pages as if you are at the lab.
Since Fermilab security policy does not permit open X servers, you need some way of authorizing the Acnet console host nodes to open windows on your X display. The easiest way to accomplish this is to tunnel your X connection using SSH X forwarding. You can also specify the MIT-Magic-Cookie value needed to access your X display in the launch command (described below). Use the xauth command to list your cookie value.
First you need to login to outland.fnal.gov or outback.fnal.gov, the firewall gateway nodes, such that you have a forwardable Kerberos ticket there. You can login using Kerberized ssh. ssh has the advantage that it can forward your X connection. You can check that your Kerberos ticket has been forwarded to the gateway node by doing "klist -f".
Once you are logged into outland or outback, you can use the launch command to start a console or other program on a Linux node. The launch script does several things for the user:
The general form of the launch command is:
launch host display[:cookie] command
host can be:
display can be:
cookie is the MIT-Magic-Cookie used to get permission to access the X display.
Some useful launch commands are:
To stop the ACNET console:
ACNET consoles use several custom fonts. Accelerator Division Windows users have these fonts installed on their PC's. For other users, ACNET adds a font server to the X server's font path in order to access these fonts. If the X server is configured to prohibit this, ACNET makes do with the available fonts, resulting in missing and substituted special characters.
Last updated 06-Aug-2021 by Jim Smedinghoff