[ale] OT: Switch

Alex Carver agcarver+ale at acarver.net
Fri May 10 19:29:35 EDT 2013 

On 5/10/2013 07:49, JD wrote:
> This really isn't that large of a switch. The MCCs around the world have been
> using UNIX for decades. Windows PCs were not allowed on the network when I
> worked at JSC inside the MCC for shuttle and station operations.
>
> Before the station existed, a few early developers were using some UNIX variant
> on i386 hardware to create the station real-time operating environment. At the
> time, my computer skills were very different, so I couldn't tell you which OS
> was used or even what it was based on - it definitely WAS NOT from Microsoft.
> That I am certain.
>
> As far as patching goes.  Don't expect much of that. Systems like this don't get
> patched without a very good reason. Basically, if it isn't broken in some way, I
> wouldn't patch.  At most, an annual security patch might happen, but I doubt it.
> Once a system is labeled as "operational" any changes are avoided.
>
> It isn't like any of these systems are on the internet ... actually, they aren't
> even on a NASA LAN/WAN. Rather, there might be a connection from a few select
> systems on the ground that are inside the MCC network. That network is not
> air-gapped from the internet, but only allows outbound packets of real-time data
> with a very selective TTL just for the campus. OTOH, I haven't been there since
> '96, so things could be very different.

There are two or three (or more, I don't recall) parallel networks going 
to the ISS.  The main network is for station ops and C&C and is isolated 
very carefully so that nothing can sneak up the link from the rest of 
the world.  The second parallel network connects to select laptops 
on-board for any running experiments that require C&C from the ground. 
This keeps the PIs and others off the main C&C channel and ensures no 
one can do something to the station itself.  The third link (if they're 
using it instead of piggybacked on the experiment link) would be the 
private link for the astronauts to do personal tasks.  The most common 
method to achieve that is to use a remote desktop connection to control 
a computer on the ground.  The private laptop doesn't have a direct 
connection to the Internet that way.  I think they may be experimenting 
with direct Internet connections up there but those would be 
absolutely-never-to-be-connected-anywhere-else laptops.

Fortunately in an environment of only six people and strict training and 
protocols, it's easy to keep the systems separated.

More information about the Ale mailing list