Eurogard ServiceServer Скачать руководство пользователя страница 9 | Manualshive

Страница: 9 / 55

background image

System description

2

The security architecture provides for two main user groups: administrators and users associated with
a plant network. As a basic principle, administrators have access to all networks und administrative
functions of the ServiceServer; plant network users can only access the allocated plant network.

Abbildung 1.2. VPN-concept of the Remoteserviceproducts

Eurogard offers a free and efficient OpenVPN client which administers your certificates, logs access
times to various plants and securely sets up connections to the routers at the plant via a mouse click.

The Eurogard ServiceServer and router provide a complete solution for the remote access to IP-based
automation structures in machines and plants.

As the ServiceRouter, the ServiceServer has two network sides at its disposal.

• WAN-side

Used to connect the device to the Internet. Here, access to plant networks or to the LAN side is
only possible indirectly via VPN.

• LAN-side

This is the primary “working network”. Here, all units and PC’s have direct access to all plant
networks and their devices.

All data packets from LAN devices sent to the Internet via the Server are masked via Source-NAT by
the Server. As a consequence, only the external Server IP is outwardly visible, in case the device goes
online indirectly on the WAN-side via the in-house network. This helps to keep down the installation
and administration efforts and expenses.

A so-called service network is installed on the ServiceServer for each plant for which a remote
service is to be set up. This is shown on the right hand side of Abbildung 1.2, „VPN-concept of the
Remoteserviceproducts“. In order to allow for admin network access to each single network at the
same time, a unique network IP-address has to be assigned to each of these networks.

The next step is to create an account for an Eurogard ServiceRouter on the Server. A configuration
file is downloaded from the Server into the Router. This Router is parameterised and integrated into
the plant network. It acts as intermediary between the various devices of the plant and the service
network of the ServiceServer. All IP terminals of the plant can now be accessed via the LAN network
at the Server.

«
...
7
8
9
10
11
...
»

Содержание ServiceServer

Страница 1: ...Eurogard Service Server Manual Falk Sch nfeld schoenfeld eurogard de...

Страница 2: ...Eurogard Service Server Manual by Falk Sch nfeld Copyright 2011 2014 Eurogard GmbH...

Страница 3: ...erver in the LAN network 12 Netmask 13 DHCP Server for the LAN 13 DHCP area 13 HTTPS Port of the web interface 13 Web access WAN 13 WAN Media 13 Configuration of connection 14 Time 14 Time source 15 T...

Страница 4: ...https 34 Allow LAN devices access via external interface 35 Allow access service network LAN 35 4 Messaging 36 Email 36 Emailing 36 Email address 36 Server Port 36 Username Password 36 Transport encr...

Страница 5: ...Eurogard Service Server v A Wichtige Begriffe 46...

Страница 6: ...vi List of Figures 1 1 Eurogard ServiceServer 1 1 2 VPN concept of the Remoteserviceproducts 2...

Страница 7: ...vii List of Examples 3 1 Host and Domain name 12 3 2 URL for HTTPS in case of different port 13 7 1 Syntax URL VPN Log 43 7 2 Example of valid query 44...

Страница 8: ...ers and service staff Function overview and concept The key element of the Eurogard remote service solution is the Eurogard ServiceServer which provides an especially protected dial up service for net...

Страница 9: ...s and PC s have direct access to all plant networks and their devices All data packets from LAN devices sent to the Internet via the Server are masked via Source NAT by the Server As a consequence onl...

Страница 10: ...ernet connection This will depend on your specific requirements Depending on the hardware the Server can handle bandwidths of a minimum of 100 MBit to 1 GBit The Server must have a DNS entry available...

Страница 11: ...conds in order to initialise the hardware and the operating system Subsequently the LED starts flashing at one second intervals and the Router starts setting up its configuration When this process is...

Страница 12: ...carried out via a web interface In order to access the web interface the LAN IP of the Server has to be accessible via your PC In the simplest case just connect the LAN interface of the Server and yo...

Страница 13: ...the relevant chapter of this context sensitive manual In this process the browser opens a new window or a new tab Where no help pages are displayed after clicking the help link please check to see if...

Страница 14: ...the next steps as well as in the configuration files for the clients On the LAN side the Server has been set to the IP 192 168 155 1 If there is any reason to change this please do so under menu item...

Страница 15: ...rk access WAN You can choose between Ethernet via DHCP or static IP as well as PPPoE DSL Select your way of access and test the functionality Go to Status Logs Diagnosis You should be able to ping an...

Страница 16: ...ng the button save in the bottom right corner of your screen Caution After expiry of the validity period access to the VPN network with the expired certificate is no longer possible Set up a reminder...

Страница 17: ...uration of the Server In order to quickly put the Server into operational state as sufficient for most applications please refer to the chapter Installation Quick guide the section called Installation...

Страница 18: ...scribes all configuration options for all sub menus Administration area In order to change the configuration or the operating parameters of the ServiceServer it is necessary to login to your admin acc...

Страница 19: ...ally however the full stop may be used which helps with regards the structure Please enter the complete domain of which your Server is part of at this point Also the domain name is included in the cer...

Страница 20: ...network Default 192 168 155 100 192 168 155 120 HTTPS Port of the web interface In this field the port can be entered where the integrated webserver software receives SSL encrypted connections The Ser...

Страница 21: ...manual interaction or intervention is required MTU This value should only be altered if your device is running behind a NAT cascade and Path MTU Discovery by means of filtering of ICMP Typ 3 Code 4 p...

Страница 22: ...al This configures the interval of time levelling via NTP Default daily NTP Server chart This chart lists the servers and ports to be used for time levelling via NTP NTP These settings may be changed...

Страница 23: ...the host name and domain name on the System Settings site From now on the Server checks every ten minutes to see if your Internet IP has changed If this is the case it is updated by the DynDNS com ser...

Страница 24: ...h as for example browsers have lists of trustworthy issuers If for example a browser does not know the signatory of the certificate of a SSL encrypted website it will issue a warning message Since a s...

Страница 25: ...ate is bound not only to the host name but also to the IP of the WAN interface This IP is read directly from the interface during the certificate generation process When calling up the web surface per...

Страница 26: ...ccordingly in the menu Server configuration Basic settings LAN In case these options are selected this also applies to the WAN and LAN IP Caution If there are clients in action while re generating the...

Страница 27: ...uration options of the ServiceServer 20 Click Open and Import in the next dialog The certificate window is displayed and the certificate can be installed on the PC by clicking the button Install certi...

Страница 28: ...iceServer 21 The certificate import wizard is started Click Next The next dialog specifies the storage location Click Browse in order to select a location manually From the list displayed select Trust...

Страница 29: ...the ServiceServer 22 Confirm the two following safety warnings and the certificate is installed Remove the root certificate Click the menu item Extras in the upper right hand corner of the browser and...

Страница 30: ...Configuration options of the ServiceServer 23 Click the tab Contents and then Certifikates...

Страница 31: ...your certificate authority and click delete Confirm the safety instructions and the certificate is removed from the computer Mozilla Firefox 5 0 Import of the root certificate After clicking the butt...

Страница 32: ...Configuration options of the ServiceServer 25 Use of the certificate is configured for Firefox Remove the root certificate Select the menu item Settings from Extras...

Страница 33: ...Configuration options of the ServiceServer 26 Go to the tab Advances and Encryption then click the button Show certificates...

Страница 34: ...check sum of the keys used in the certificate Any number of certificates with identical field contents can be generated the fingerprints however will always be different making this an important secur...

Страница 35: ...a the LAN The areas from which addresses are assigned must not overlap since this will inevitably result in breakdowns and inaccessibility of clients Default from 192 168 155 200 to 192 168 155 220 St...

Страница 36: ...e logs In this drop down box the maximum size for a log file of each single VPN process is specified If this value is exceeded the log is saved and a new empty log file is set up Default 512 Kilobyte...

Страница 37: ...Default 2 This option is also transmitted to the clients during connection set up Cryptoalgorithm Since the Router Version 1 uses a different cryptographic algorithm from Version 2 the Router generat...

Страница 38: ...networks are restarted which results in a short temporary unavailability of these networks The length of the interruption depends on the parameters set in the section called Time interval for keep al...

Страница 39: ...stage and delete the Eurogard account The existing accounts are organised in an overview chart as in the section called Add network Again you have the possibility to filter browse and set the maximum...

Страница 40: ...ord has to be entered when the user logs into web interface The password must have a minimum of 6 characters Both the user name and the password are case sensitive bediener0815 and Bediener0815 would...

Страница 41: ...mask the data traffic of the LAN clients via NAT NAT before entering the WAN This minimises administration requirements and enhances the acceptance of the devices The following basic settings are acti...

Страница 42: ...you do not wish LAN devices to access the Internet Default enabled Allow access service network LAN If you wish devices in service networks to access devices in the LAN this can be enabled here The se...

Страница 43: ...cryption If the SMTP server chosen supports encrypted communication the encryption method may be chosen at this point Please note that depending on the method chosen the ports to be used may vary on o...

Страница 44: ...ware and the mail server Reports The device can send status reports at pre determined intervals This function and the intervals can be set here The report includes the network parameters in use connec...

Страница 45: ...by the client for address allocation The MAC address of the current IP holder The validity period of the assigned IP OpenVPN This menu item displays information about the individual OpenVPN processes...

Страница 46: ...DNS provider The last line indicates whether the Server has been configured for dDNS The button Update now triggers an immediate synchronisation of the current Internet IP with the dDNS provider Diagn...

Страница 47: ...f the google com IPs which are displayed The IPs listed in the above example may have changed in the meantime and should be verified The tool nslookup can also be found in the Router Enter the host na...

Страница 48: ...nts can be loaded on to your PC Reset After clicking the button Reset and a confirmation prompt the factory default settings of the device are restored The reset function can also be triggered via the...

Страница 49: ...adjusted accordingly When activating the service access this port is opened in the firewall for the LAN and for the WAN side If the WAN side is not to be accessed this may be changed under Router Conf...

Страница 50: ...ssful pings has to be subtracted from the logged termination time in order to determine the minimum connection time Show logged connection data Data can be retrieved via the menu items Status Logs Eve...

Страница 51: ...be specified via the GET parameters tStart and tEnd with the following syntax JJJJ MM DD The following is an example of a valid request string Example 7 2 Example of valid query http 192 168 155 1 cgi...

Страница 52: ...in this manual only apply to the current version The online documentation regarding the Router is intended for technically qualified personnel either those project planning personnel familiar with se...

Страница 53: ...abe im Browser E Mail NTP Deshalb muss dem ServiceServer ein DNS Server bekannt sein Dom ne Damit sich Rechner im Netz besser strukturieren lassen und um nicht jeden Hostnamen eindeutig zu halten wurd...

Страница 54: ...mit seiner IP sichtbar NTP NTP ist ein Protokoll zum Beziehen der aktuellen Uhrzeit eines Rechners ber das Netz Da die genaue Zeit wichtig f r den VPN Betrieb ist ist die Synchronisierung per NTP die...

Страница 55: ...tifiziert Darin sind gem x509 Standart z B Name des Inhaber Name des Aussteller G ltigkeit und Pr fsumme der Schl ssel usw Das Zertifikat wird von OpenVPN und auch zur Sicherung der Weboberfl che verw...

Отзывы:

Нет отзывов

Похожие инструкции для ServiceServer

Бренд: Javad Страницы: 35

Бренд: Lindy Страницы: 4

Бренд: Falcon Страницы: 24

Бренд: Google Страницы: 14

Brocade X6-8 Director

Бренд: Broadcom Страницы: 207

Бренд: Juniper Страницы: 190

Teranex 2D Processor

Бренд: Blackmagicdesign Страницы: 969

Бренд: eWON Страницы: 34

Бренд: Multitech Страницы: 81

Бренд: Vega Страницы: 12

Ether-GSH24T v3

Бренд: AirLive Страницы: 2

Бренд: KYLAND Technology Страницы: 24

Бренд: Digi Страницы: 75

Ultra WiFi Booster

Бренд: Optus Страницы: 8

AirBridge VS-YOFIMN-000

Бренд: Vivint Страницы: 2

Бренд: R3 Страницы: 48

Бренд: protech Страницы: 84

Бренд: Allied Telesis Страницы: 44

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды