![CONEL SmartCluster — настройка доступа для групповых участников сети [68/97]](/icons/site-icon-64.png){kind=icon}
CONEL SmartCluster — настройка доступа для групповых участников сети [68/97]
Превью страниц
Страница 68 /
97
![CONEL SmartCluster [68/97] The grant group accees option is like setting permissions collectively for all network participants](/views2/1190538/page68/bg44.png)
Part III 5 Configuration options
Figure 5.3: Network Access Permissions or Grant Group Access
5.2 Road warrior options
5.2.1 Grant Group Access (Road warrior)
The Grant Group Accees option is like setting permissions collectively for all network participants
instead of granting access rights on an individual basis.
Activating the option grants the Road warrior access to all network participants of its group currently
created or in future. Access is granted to VPN IP addresses not to real IP addresses.
59
Содержание
457- Trademarks licences and brands
- Other trademarks brands and company names may appear in this manual if so they shall remain the exclusive property of their respective owners the absence of an explicit labelling of registered
- May and this is also valid for the described product be reproduced copied or recorded in any form
- All rights are reserved especially the right of reproduction distribution and translation this manual
- Ii smartcluster administrator 11
- I introduction 1
- Contents
- Iii group administrator 40
- Contents
- Iv excursion minicluster 64
- Contents
- Vi appendix a 1
- V faq 69
- Contents
- Part v faq 69
- Part iv excursion minicluster 64
- Part iii group administrator 40
- Part ii smartcluster administrator 11
- Part i introduction 1
- List of tables
- Part iii group administrator 40
- Part ii smartcluster administrator 11
- Part i introduction 1
- List of figures
- Part iv excursion minicluster 64
- Part list of figures
- I introduction
- Portal that enables the adjustable connection of entire networks machines sites control centres
- Part i 1 preface
- Minicluster conel s security appliance
- Maintenance is not required smartcluster creates the required vpn settings automatically and offers
- Identically constructed machines and sites with identical ip addresses can be interconnected a number
- Hardware minicluster is immediately operational and functioning not only does it connect single
- Development of cone
- Customer
- Creates the required vpn settings and offers them for download on the minicluster portal minicluster
- Complementary to mobile network and lan to lan routers smartcluster is an optimised vpn service
- Complementary to cone
- The routers directly connect to the minicluster via vpn with a limited number of 100 connections at
- Be interconnected a number of times via 1 1 nat a certificate based encryption preserves the access
- Smartcluster different variants
- Smartcluster conel s vpn service portal
- And communication between sites tedious manual setting of routers and pcs to enable remote
- S smartcluster vpn service portal being installed on a small electricity saving
- An outside attack or internet eavesdropping is not possible tedious manual and thus error prone
- S industrial mobile network and lan to lan routers minicluster is a further
- Preface
- You must go through to enable a road warrior left side to get remote access via a vpn tunnel to
- Set up your smartcluster onl
- Part i 1 preface
- Objectives
- Initially failing to do so will delete all previously created
- In this manual you will find all the information required to set up and manage a smartcluster as
- About this manual
- Part i 1 preface
- Group he can edit the groups and road warrior settings disconnect participants and display the log
- Group administrator
- User concept
- The smartcluster administrator on page 12 main tasks are creating and deleting participants i e
- The group administrator on page 41 is responsible for the configuration of the participants in his
- Smartcluster administrator
- Passwords etc which are relevant for your environment using data taken from the examples may
- Part i 1 preface
- Links without any numbering are glossary terms which are linked to the glossary and acronyms
- Figures
- Data in figures
- All screen shots of the web interface were taken from a current firefox browser dialogues and or
- Accentuations
- Notes on the installation of the product
- Normal use equipment configuration and installation
- Normal use equipment configuration and installation
- For 24v power supply ensure a reliable electrical isolation of the low voltage use only power
- All products are developed manufactured and reviewed in accordance with the relevant standards
- The automation system must be disconnected from any power source before it is assembled
- Security advices
- Part i 2 security advices
- Wherever errors in the automation system can cause great damage or even personal injury
- Prevention of property damage and personal injury
- Part i 2 security advices
- Operating state in case of error e g through independent threshold switches mechanical
- Change the default password for the user root on the router failing to do leaves the router
- Change any server vpn settings retrospectively the settings between router and
- Additional notes
- Smartcluster
- Part i 3 concept
- Facility 1 network address 192 68 255 55 55 resides behind a conel vpn router as a road warrior you want to access facility 1 using a smartphone or a computer therefore you
- Concept
- Against this background the topic services has become an important tool for companies to clearly
- Address is mapped to exactly one external address the implementation of 1 1 nat is interpreted
- Usually you can initiate an outgoing vpn connection from your mobile device allowing you remote
- Using remote service enables technicians to access remote machines and plants from the central
- The issue of remote service is becoming increasingly important one the one hand customers and
- The 1 1 nat variant of conel only works in a combination of smartcluster and conel vpn mobile
- The 1 1 nat variant of conel maps the real ip address as configured in the device to a vpn ip
- Taken in sum remote services reduce the amount of on site work for technicians thus reducing
- Smartcluster has the ability to connect networks with private ip addresses via mobile telephony depending on the configuration you will be able to work with the local ip addresses of the remote
- The first three octets 192 68 of the real ip address are substituted by the first three octets of
- The vpn ip address 10 0 or in other words the first three octets of the vpn ip address are
- Part i 3 concept
- In our network scheme facility 2 is locates behind another conel router this facility s lan is
- Address 192 68 1 the vpn access to this camera will be realised via the 1 1 mapped vpn ip
- You may remotely access systems without a vpn tunnel via real ip addresses see v 11 special
- There is no danger of address conflicts for the remote access to the cameras access is carried out
- Part i 3 concept
- Ii smartcluster administrator
- Part ii 1 tasks
- As smartcluster administrator you are allowed to create and delete network participants groups
- After the initial set up we will show in 4 workflows on page 26 which steps are necessary for a
- Start page
- Part ii 2 graphical user interface
- In this chapter we will explain the graphical user interface and its components for the smartcluster
- Graphical user interface
- At the bottom of the start page you will find the contact data as well as the version number of your
- You must configure the vpn server and e mail server settings and mail template you will create a root certificate x 09 certificate and define the global settings for networks routers and road
- The settings menu is described in 3 menu settings on page 20 you must adjust the necessary
- Status menu
- Settings menu
- Road warriors menu
- Part ii 2 graphical user interface
- Networks menu
- Groups menu
- Symbols in lists
- Part ii 2 graphical user interface
- General functions
- Filter list entries
- To remove a filter delete the entry in the field or choose the entry in the drop down list the
- Sort list entries
- Part ii 2 graphical user interface
- Names and alias names
- Each network participant has a name not subsequently modifiable and an alias name later modifi
- By using aliases you can achieve a certain degree of pre sorting of list items via dexterous naming
- Requirements
- Part ii 3 initial set up
- Log in
- Initial set up
- During the initial set up you must configure certain settings once mandatory the settings for
- An exception to the browser s security settings this must be carried out once per domain and web
- Part ii 3 initial set up
- Part ii 3 initial set up
- Settings server
- Part ii 3 initial set up
- Menu settings
- In the navigation click on the settings menu item the server ca e mail and options sub menu
- Enter an ip address in the public ip adress field otherwise your smartcluster is not accessible via
- Recommendation accept the default values for the network
- Protocol for vpn tunnel communication udp tcp or udp tcp
- Part ii 3 initial set up
- Only network participants who belong to the same group can communicate with each other see ii 4 creating a group on
- Network masks only if this is necessary for operational reasons
- Ip address format ipv4 or host name with the domain under
- Administrative access to the smartcluster s graphical user inter
- In the next step create a new unique root certificate ca certificate authority the root certificate
- Contains keys and additional information used for authentication and decryption of confidential data
- Settings ca
- Part ii 3 initial set up
- Settings e mail optional
- Part ii 3 initial set up
- You can send e mails to the group administrator once you have created a group and added the
- Use the options sub menu item to define additional parameters for the router which are not directly
- To edit the template text click on the edit button all text appearing in e g publicaddr are
- Settings options optional
- Part ii 3 initial set up
- If the version of your smartcluster is 2 or lower us
- Define global settings for all routers in the vpn network recurring general basic settings can be
- As the value for
- To add additional settings for road warriors click on the additional settings button these
- Part ii 3 initial set up
- Finishing the initial set up
- In this chapter we describe recurring workflows for the smartcluster administrator we will show
- Workflows
- Workflows
- Requirements
- Part ii 4 workflows
- Log in
- The term groups as communication groups clients or projects the creation of groups is based on
- Part ii 4 workflows
- Only network participants users and or devices within a group can communicate with each other
- Creating a group
- Access to the service portal is created for each group the group administrator is able to see all
- You must save click on the ok button the group once before
- You can configure additional setting for the network router pa
- Part ii 4 workflows
- Now the e mail button is displayed click on this button to send an e mail with access data and further instructions to the group administrator e mail template text see ii 3 settings e mail
- If possible choose a descriptive name see ii 2 names and
- Creating and managing a network
- The name of the network is not modifiable subsequently as its used for the creation of the root
- Part ii 4 workflows
- The alias name will be displayed in the overview list in the name
- Part ii 4 workflows
- Once saved do not change a network name because otherwise
- If possible choose a descriptive name see ii 2 names and
- All settings apply to this network only these parameters router
- According to the network mask setting default 24 in setting
- Position of the link depends on the browser you use click on the link and save the fil
- Part ii 4 workflows
- On your
- Creating a road warrior
- A new link to the configuration file for this network will be displayed in the input mask the exact
- Part ii 4 workflows
- If possible choose a descriptive name see ii 2 names and
- All settings apply to this road warrior only these parameters
- Position of the link depends on the browser you use click on the link and save the file
- Participants of this group instead of permitting access to each
- Submitting access data
- Receive access data on page 45 to manage the initial configuration of the network participants
- Part ii 4 workflows
- Use the network access permissions settings to specify individually which other network
- To save the
- Part ii 5 uses cases
- Now change the entry in the name field for the second router e g
- In the case of the road warrior you can use the grant group access option to create the default setting to allow him to access all other network participants manual activation of access to every
- Enter the name of the first router e g
- Define communication routes
- Define communication routes
- Create multiple routers simultaneously
- Click on the networks menu item in the navigation and on the new symbol in the overview list for
- And click on the ok button the create
- Uses cases
- Road warrior as main administrator
- Part ii 5 uses cases
- Must be changed e g t
- Deleting a network participant is done in a hierarchical way if you delete a group all of its networks
- Delete network participants
- Configuration men
- And the ping interval value t
- This server pc is a special case of road warrior because it stays invisible but can be reached by all
- Server pc for all network participants in the smartcluster
- Part ii 5 uses cases
- First create a road warrior without a group membership i e choose the entry in the
- Create this road warrior without any group membership i e choose the entry in the
- Before you begin to create a backup you must first install a communication programme able to
- Backup and restore
- Backup
- Part ii 5 uses cases
- You will see the following output example shortened in the ssh console
- To create a backup start the backup sh script
- The backup archive is created in the director
- Tar gz
- Starting the backup script several times a day will result in one archive only as the previously created
- Starting backup
- Part ii 5 uses cases
- Home dcadmin backup old
- Example dc backup 20130613 tar gz for the backup from 13th june 2013
- Contact conel for the required password the user name is root
- Archive is overwritten i e just one backup archive per day
- And with a name according
- Restore
- Part ii 5 uses cases
- Alternatively you may initiate reboot of the smartcluster via the command line enter the command
- To restore a backup start th
- Script the script expects as parameter the path to the
- Restoring a backup requires a reboot of the smartcluster in the web interface click on the reboot
- Iii group administrator
- Part iii 1 tasks
- Listed in grey see below all necessary network participants groups networks and road warriors
- In principle a smartcluster administrator may also manage network participants using the rights
- Symbols in lists
- Start page
- Part iii 2 graphical user interface
- Graphical user interface
- General functions
- To remove a filter delete the entry in the field or choose the entry in the drop down list the
- Sort list entries
- Part iii 2 graphical user interface
- Filter list entries
- Part iii 2 graphical user interface
- Names and alias names
- Each network participant has a name not subsequently modifiable and an alias name later modifi
- By using aliases you can achieve a certain degree of pre sorting of list items via dexterous naming
- The initial configuration must be performed only once in 4 workflows on page 55 you will find a
- Receive access data
- Part iii 3 initial configuration
- Log in page
- Initial configuration
- Initial configuration
- After the initial set up the smartcluster administrator sends an e mail containing the access data
- Recommended procedure for road warriors and
- Part iii 3 initial configuration
- Enter user name and password see e mail with access data or data received from smartcluster
- Download files
- Download files
- The overview list of all network participants created for this group by the smartcluster administrator
- The openvpn configuration file
- Start page
- The road warrior mask will be displayed download either the openvpn configuration file
- Part iii 3 initial configuration
- Or the openvpn configuration archive
- Log in
- In the user name field ente
- Enter the router s ip address into the browser s navigation toolbar the required protocol is http or
- Configure the router
- Configure the router
- As user name in the password field agai
- As password
- And if you use windows as operating system the file
- For this router see obove click
- Click on the browse button and select the configuration file
- Part iii 3 initial configuration
- Load the smartcluster configuration file on the router
- The reboot of the router takes some seconds following this the router start page will be reloaded
- Reboot the router
- Reboot menu item mar
- Part iii 3 initial configuration
- Navigation the overview list for all different connection types will be shown see fig 3 reboot
- In the administration section see fig 3 navigation column lower
- After approximately one minute you can click on the status menu item in the network section of the
- The fields show the prepared data click on the
- The installation of the openvpn client requires administrator rights start the installation of the file
- Part iii 3 initial configuration
- Openvpn windows
- Openvpn linux
- Installing an openvpn client
- In the dialogue box network connections a new entry will appear in the vpn section click on the
- Vpn submenu item the dialogue box network connections will be displayed click on the import
- This entry will be displayed only after the openvpn tunnel to the smartcluster has been
- The installation of the openvpn client under windows 7 requires administrator rights open
- Part iii 3 initial configuration
- Part iii 3 initial configuration
- Part iii 3 initial configuration
- Into the
- After the installation of the client copy the smartcluster openvpn configuration fil
- Use the network access permissions settings to specify individually which other network
- This completes the initial configuration by the group administrator proceed to 4 using vpn
- Specifying communication routes
- Part iii 3 initial configuration
- In the case of the road warrior you can use the grant group access option to create the default setting to allow him to access all other network participants manual activation of access to every
- Ending the initial configuration
- Ending the initial configuration
- If the browser issues the warning this connection is untrusted proceed as described in ii 3 log
- Workflows
- Workflows
- The start page of your smartcluster will be displayed see fig 2 the group administrator start
- Part iii 4 workflows
- Managing road warriors
- Managing networks
- Log in
- Windows
- We will show the use of an openvpn tunnel under linux based on ubuntu distribution other linux
- Using vpn connections
- Part iii 4 workflows
- In the network manager click on the vpn connections menu item choose the desired tunnel the
- Direct remote
- Deactivate the url option and click on the ok button the url will no longer displayed new
- Configuration options
- Configuration options
- Part iii 5 configuration options
- Network router options
- In this chapter we describe the optional configuration parameters for networks routers and road
- The last octe
- Snmp support
- Part iii 5 configuration options
- Masquerade
- In the ip address corresponds to the conel router to connect to a web service on
- Enable internet access
- Cation to the internet via the router activate the enable internet access option to save the settings
- Afterwards transfer the new configuration onto the router and restart the router see 3 load the
- The grant group accees option is like setting permissions collectively for all network participants
- Road warrior options
- Part iii 5 configuration options
- Grant group access road warrior
- Activating the option grants the road warrior access to all network participants of its group currently
- Use cases
- Terminating connections
- Setting up access for smartphones
- Part iii 6 use cases
- For setting up openvpn on a smartphone as this file is created especially for this road
- Editing configurations
- Editing configurations
- The reboot of the router takes some seconds following this the router start page will be reloaded
- Road warrior as group administrator
- Reboot menu item mar
- Part iii 6 use cases
- Navigation the overview list for all different connection types will be shown see fig 3 reboot
- In the administration section see fig 3 navigation column lower
- Server pc for all network participants of a group
- Road warrior has access to two routers
- Part iii 6 use cases
- This server pc is a special case of road warrior because it can be reached by all other network
- This road warrior has access to two lans with an identical configuration via vpn ip addresses i e
- Router to router connection
- Part iii 6 use cases
- Iv excursion minicluster
- Shutdown server
- Restore
- Part iv 1 differences to smartcluster
- Number of access points
- Logging in
- Differences to smartcluster
- Backup and restore
- Backup
- As a minicluster administrator you will find an additional red button for initiating the shutdown of the
- Additional fields
- Additional fields
- The number of access points for minicluster is restricted to 100 networks routers and 100 road
- The minicluster is normally operated in the data center of the operator and not in the cloud you
- Part iv 1 differences to smartcluster
- Workflows
- Workflows
- Procedure
- Part iv 2 workflows
- If you cannot access your minicluster via the ethernet network interface e g because of failed
- Connection via serial interface
- Connect the minicluster and your computer with the one of the cables mentioned start the terminal
- Part iv 2 workflows
- Operation
- Mobile road warriors simply log in on the smartcluster from their smartphone and download the especially created openvpn configuration file
- Keys are stored in a single file this file can be processed by most of the vpn clients offered by
- Conel lan router tcp has proven to be better as default protocol for more stable vpn tunnels and
- After that everything will run automatically up to the connection to the smartcluster generally the device will store the settings for the vpn
- With the file with the same
- Why is my vpn connection not stable
- The advantage of the openvpn configuration file is that all necessary data including certificate and
- Take care not to overwrite the openvpn configuration file
- Part v 1 why is my vpn connection not stable
- Openvpn configuration archive or configuration file
- Openvpn configuration archive or configuration file
- Wi fi configuration on the blackberry solution management menu in the
- Which settings for my smartphone
- Part v 3 which settings for my smartphone
- Blackberry
- Android
- Part v 4 what does it works in my browser mean
- Iphone ios
- How many access points can i use
- Generally the number of vpn access points in unlimited however experience shows that it makes
- Windows phone 7 8
- Why should i change the default passwords
- Why do i have to shut down the minicluster
- What does it works in my browser mean
- This messages indicates that the smartcluster has been started successfully the address url
- Yes you can transfer a configuration from one smartcluster to another smartcluster proceed as
- Yes you can restoring a different instance of the minicluster creates a vpn service portal with the
- Why do i have to shut down the minicluster
- Special case remote service for siemens controls
- Shutting down the minicluster instead of just switching off is necessary because miniclusters are
- Reconfiguration of router necessary
- Part v 8 can i transfer a configuration
- How do i establish vpn connections
- Can i transfer a configuration
- Can i transfer a configuration
- Can i set up a replacement vpn service portal
- When is a reconfiguration of the router necessary
- Part v 12 reconfiguration of router necessary
- Part v 13 how many device can i use
- How many device can i use
- Calculations with default settings
- As a service provider offering smartcluster you can vary the value for the vpn group netmask e g
- Vi appendix
- Other trademarks brands and company names may appear in this manual if so they shall remain the exclusive property of their respective owners the absence of an explicit labelling of registered
- License copyright
- Liability
- Faq bug report and updates
- Glossary and acronyms
- Glossary and acronyms
- Glossary and acronyms
- Glossary and acronyms
- Glossary and acronyms
Похожие устройства
-
CONEL GSM keyИнструкция по эксплуатации -
CONEL CGK-5xРуководство по конфигурации -
CONEL CGK-5xИнструкция по эксплуатации
-
Rovercomputers RoverPC MIDИнструкция 2 -
Rovercomputers RoverPC MIDИнструкция 1 -
Rovercomputers RoverPC P7 PDAИнструкция 1 -
Rovercomputers RoverPC Q7Инструкция 1 -
Rovercomputers RoverPC S5Инструкция 1 -
Asus PadFoneИнструкция 4 -
Asus PadFoneИнструкция 3 -
Asus PadFoneИнструкция 2 -
Asus PadFoneИнструкция 1
Узнайте, как настроить групповой доступ для участников сети с помощью опции Grant Group Access. Обеспечьте безопасность и удобство для всех пользователей.
