====== Device controll ====== To controll most of our devices we use a LabVIEW script, written by V. Gkougkousis, which is run on the server. For the devices which don't have the possibility to be remote controlled, we use a Power Device Unit (netio Power PDU 4PS), it's basically a remote controlled pluglist and allows to tunr off and on single outlets. This works as a controll unit for the vacuum pump, cryocooler, solenoid valve and emergency shut off for the server. ==== Network configuration ==== The computer is configured to act as a router and a gateway between the internal network connecting all devices of the experimental setup and the rest of the UZH infrastructure. Effectively, devices on the internal network are hidden from the outside, while they can still access the internet. SELinux is not installed while AppArmor, a security policy software does not interfere with normal operations and thus must be left active. To allow remote connection ssh has to be installed: sudo apt install openssh-server sudo nano /etc/ssh/sshd_config uncomment the follogwing lines: Port 22 PermitRootLogin yes PasswordAuthentication yes To allow for replies to ping requests, the system fierwall has to bedisabled: sudo systemctl stop firewalld sudo systemctl disable firewalld sudo systemctl status firewalld The following rules have to also be configured in the iptables service: sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT sudo iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT sudo iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT sudo iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT After these modifications, one must save the settings and restart the network manager: sudo iptables-save sudo systemctl restart NetworkManager To ensure that ICMP is allowed and replies to pings are issued, the following must also be set: sudo sysctl -w net.ipv4.icmp_echo_ignore_all=0 sudo sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0 If additional debugging is needed, tcpdump is a great utility to monitor traffic on the tcp protocol of all network ports. If not pre-installed, it can be downloaded using apt: sudo apt update sudo apt install tcpdump Once tcpdump is present, once can continuously monitor traffic by issuing: sudo tcpdump -i any icmp ==== Using local web interace (Firefox) to display instrument information ==== - Make sure server and VPN are on. Then start XLaunch and check “Disable access control” to ensure a remote server can connect to the application. Why do we do we need XLanuch?: Linux programs like Firefox (the graphical user interface) don't know how to draw themselves on WindowsShell. VcXsrv (XLaunch) acts as a translator that listens for Linux "drawing instructions" and turns them into a Windows window. - Type in Shell: $env:DISPLAY = "127.0.0.1:0.0" => This tells Shell to where it needs to direct the graphical user interace (the firefox page) which in this case is the XLaunch. 127.0.0.1:0.0 is the universal IP address for local host (the computer I am working on) - Type in Shell ssh -Y damic2@10.65.117.44 => This connects us with the server. Important: Don’t forget the -Y => This is necessary since ssh can only handle text but we want image / video formats (Firefox), the -Y creates a “video tunnel” inside the connection - Finally type firefox& into Shell => This opens the firefox window and we can now view the instrument data Instead of Windows Shell, we can also use PuTTY for faster responses. In this case: - Input 10.65.117.44 into IP address - Under SSH register select "Enable compression" - In SSH => X11 => Select "Enable X11 forwarding"