myUTN
USB Dongleserver
User Manual
Windows
dongleserver Pro, dongleserver ProMAX
USB Dongleserver User Manual Windows
Manufacturer & Contact
SEH Computertechnik GmbH
Suedring 11
33647 Bielefeld
Germany
Phone: +49 (0)521 94226-29
Fax: +49 (0)521 94226-99
Support: +49 (0)521 94226-44
Email: info@seh.de
Web: https://www.seh-technology.com
Document
Type: User Manual
Title: USB Dongleserver User Manual Windows
Version: 1.0 | 2020-04
Legal Information
SEH Computertechnik GmbH has endeavored to ensure that the information in this documentation is correct. If
yo u det ect an y ina ccur acies plea se inform u s at t he address indicated above. SEH Computertechnik GmbH will not
accept any liability for any error or omission. The information in this manual is subject to change without notification.
The original manual is the German version of this document and shall govern. All non-German versions of this
document are translation of the original manual.
All rights are reserved. Copying, other reproduction, or translation without the prior written consent from SEH
Computertechnik GmbH is prohibited.
These products include 'open source software'. For detailed information, visit https://www.seh-technology.com
© 2020 SEH Computertechnik GmbH
All trademarks, registered trademarks, logos and product names are property of their respective owners.
.
USB Dongleserver User Manual Windows
Content
1 General Information........................................................................................ 1
1.1 Product ..............................................................................................................................................................................................2
1.2 Documentation ..............................................................................................................................................................................4
1.3 Support and Service......................................................................................................................................................................6
1.4 Your Safety .......................................................................................................................................................................................7
1.5 First Steps .........................................................................................................................................................................................8
2 Administration Methods................................................................................. 9
2.1 Administration using the dongleserver Control Center............................................................................................... 10
2.2 Administration via the SEH UTN Manager......................................................................................................................... 12
2.3 Administration via the SEH Product Manager.................................................................................................................. 17
2.4 Administration via Email .......................................................................................................................................................... 19
3 Network Settings ........................................................................................... 21
3.1 How to Configure IPv4 Parameters and DNS ................................................................................................................... 22
3.2 How to Configure IPv6 Parameters...................................................................................................................................... 25
3.3 How to Configure Bonjour ...................................................................................................................................................... 27
3.4 How to Configure Email (POP3 and SMTP)........................................................................................................................ 28
3.5 How to Configure Server Services ........................................................................................................................................30
3.6 How to Use the UTN Server in VLAN Environments....................................................................................................... 32
4 Device Settings .............................................................................................. 34
4.1 How to Assign a Description................................................................................................................................................... 35
4.2 How to Configure the Device Time......................................................................................................................................36
4.3 How to Configure the (Encrypted) UTN Port .................................................................................................................... 38
4.4 How to Assign a Name to a USB Port................................................................................................................................... 39
4.5 How to Get Messages................................................................................................................................................................ 40
4.6 How to Monitor the UTN Server............................................................................................................................................ 42
4.7 How to Determine what is Shown in the Display
(only dongleserver ProMAX)46
4.8 How to Configure Acoustic Signals (only dongleserver ProMAX) ............................................................................ 48
5 Working with the SEH UTN Manager ........................................................... 49
5.1 How to Find UTN Servers/USB Devices in the Network................................................................................................ 50
5.2 How to Establish a Connection to a USB Device .............................................................................................................52
5.3 How to End the Connection between the USB Device and the Client.................................................................... 54
5.4 How to Request an Occupied USB Device......................................................................................................................... 55
5.5 How to Automate USB Device Connections and Program Starts ............................................................................. 56
5.6 How to Find Status Information on USB Ports and USB Devices............................................................................... 59
5.7 How to Use the Selection List and Manage User Access Rights with It................................................................... 60
5.8 How to Use the SEH UTN Manager without Graphical User Interface (utnm)...................................................... 63
6 Security........................................................................................................... 69
6.1 How to Define the Encryption Strength for SSL/TLS Connections........................................................................... 70
6.2 How to Encrypt the USB Connection................................................................................................................................... 72
6.3 How to Encrypt the Connection to the dongleserver Control Center..................................................................... 74
6.4 How to Protect Access to the dongleserver Control Center
(User Accounts)75
USB Dongleserver User Manual Windows
6.5 How to Block UTN Server Ports (TCP Port Access Control) .......................................................................................... 76
6.6 How to Control Access to USB Devices............................................................................................................................... 77
6.7 How to Block USB Device Types............................................................................................................................................80
6.8 How to Use Certificates ............................................................................................................................................................ 81
6.9 How to Configure Network Authentication (IEEE 802.1X)........................................................................................... 86
6.10 How to Configure SNMP .......................................................................................................................................................... 89
6.11 How to Disable a USB Port....................................................................................................................................................... 90
7 Maintenance .................................................................................................. 91
7.1 How to Backup Your Configuration..................................................................................................................................... 92
7.2 How to Reset Parameters to their Default Values........................................................................................................... 95
7.3 How to Perform a Device Software Update ...................................................................................................................... 97
7.4 How to Restart the UTN Server .............................................................................................................................................. 98
8 Appendix ........................................................................................................ 99
8.1 Glossary ........................................................................................................................................................................................100
8.2 Troubleshooting .......................................................................................................................................................................102
8.3 Parameter lists............................................................................................................................................................................105
8.4 SEH UTN Manager – Feature Overview.............................................................................................................................132
USB Dongleserver User Manual Windows General Information
1 General Information
•Product 2
• Documentation 4
• Support and Service 6
• Your Safety 7
•First Steps 8
1
USB Dongleserver User Manual Windows
1.1 Product
Purpose
UTN servers comprise USB Deviceservers and USB Dongleservers. As USB Dongleservers, UTN servers make nonnetwork-ready USB dongles accessible via TCP/IP network. The USB dongles are connected to the USB ports of the
UTN server for this purpose. The UTN (UTN = USB to Network) functionality and the corresponding software tool
'SEH UTN Manager' then establish a virtual USB connection between USB dongle and client. The USB dongle can
be used as if it were connected locally.
System Requirements
The UTN server has been designed for use in TCP/IP networks.
The SEH UTN Manager can be used in the following systems:
• Windows 7 or higher, except Windows Server 2008
(For Windows 7 and Windows Server 2008 R2, KB3033929 http://technet.microsoft.com/en-us/library/security/3033929 must be installed.)
• macOS 10.9 or higher
• Linux: *.deb (for Debian-based systems) and *.rpm (for Red Hat-based systems) installation packages are available for 64-bit systems. A successful installation cannot be guaranteed due to the multitude of Linux varieties!
The installation must be carried out on your own.
Installation was tested successfully under the following 64-bit systems:
Debian: Debian 10, Ubuntu 18.04
Red Hat: Red Hat Enterprise Linux 8, Oracle 8, CentOS 8, SUSE Linux Enterprise 15.1, openSUSE Leap 15.1
•IPv4 TCP/IP network
The SEH Product Manager can be used under the following systems:
• Windows 7 or higher
• macOS 10.12.x or higher
•IPv4 TCP/IP network
This document describes usage under Windows environments. Information about the usage in other environments can be found in the relevant system-specific User Manual. More details can be found in chapter ’Documentation’ 4.
Combination with Associated Products
You can combine the UTN server with additional SEH Computertechnik GmbH products to ideally adapt the use
of your devices to your environment!
Service
Service contracts are available for USB Dongleservers, known as Service
plus
plus
packages. The Service
plus
package ex-
tends the manufacturer's guarantee on your Dongleserver from 36 to 60 months. In addition, you will receive
plus
quickly and easily an advance replacement device in case of a defect. Service
packages must be purchased
separately.
Detailed information:
https://www.seh-technology.com/services/service-packages.html
2
USB Dongleserver User Manual Windows
Rack Mount Kits
We recommend the 'Rack Mount Kits' (RMK) for optimal and safe storage of your Dongleserver. The mounting kits
allow the installation of USB Dongleservers in 19" server cabinets and convenient access to the device.
Detailed information:
https://www.seh-technology.com/products/rack-mount-kits.html
3
USB Dongleserver User Manual Windows
1.2 Documentation
Please load all current documents from our Website:
http://www.seh-technology.com
Further applicable documents
The USB Dongleserver documentation consists of the following documents:
Quick Installation Guide Print, PDF Information on safety, technical data, declarations of con-
formity and description of the hardware installation and
initial setup.
User Manual PDF Detailed description of the UTN server configuration,
administration and maintenance. System-specific instructions for the following systems:
- Windows
- macOS
- Linux
Online help HTML Information on how to use the 'dongleserver Control Cen-
ter' web interface.
(Embedded into web interface; no download.)
Product information Print, PDF Features and technical data
Brochures Print, PDF http://www.seh-technology.com
Open source licenses online https://www.seh-technology.com/services/licenses.html
Symbols and Legend
A variety of symbols and mark-ups are used within this document.
WAR NIN G
Warning
Important:
Important information
Requirement Requirements that must be met before you can begin the action.
•Numeration Listing
1. Numeration Step-by-step instructions
Result Outcome of a performed action
Tip
A warning contains important information that must be heeded. Nonobservance may lead to malfunctions.
These notes contain crucial information for failure-free operation.
Recommendations and beneficial advice
Bold Established terms (e.g. of buttons, menu items, or selection lists)
Courier
Reference (Within the document you can use hyperlinks.)
Code (e.g. for command lines or scripts), Paths
4
USB Dongleserver User Manual Windows
'Proper names' Single quotation marks identify proper names
5
USB Dongleserver User Manual Windows
1.3 Support and Service
SEH Computertechnik GmbH offers extensive Support. If you have any questions, please contact us.
Monday through Thursday
Friday
+49 (0)521 94226-44
support@seh.de
Customers from the United States of America (USA) and Canada please contact North American Support:
Monday – Friday 9:00 am – 5:00 pm (EST/EDT)
+1-610-943-3226
support@sehtechnology.com
All information and downloads regarding your product are available on our website:
8:00 a.m. to 4:45 p.m.
8:00 a.m. to 15:15 p.m.
http://www.seh-technology.com
6
USB Dongleserver User Manual Windows
1.4 Your Safety
Read and observe all safety regulations and warnings found in the documentation, on the device and on the packaging. This will avoid potential misuse and prevent damages to people and devices.
Intended Use
Th e UT N se rver is u sed in TC P/I P net wor ks a nd h as b een designe d for us e in off ice enviro nme nts. It allo ws m ult ipl e
network users to access non-network-ready USB dongles.
Improper Use
All uses of the device that do not comply with the functionalities described in the USB Dongleserver documentation are regarded as improper use.
Safety Regulations
Before starting the initial setup of the UTN server, read and observe the safety regulations in the 'Quick Installation
Guide'. This document is enclosed in the packaging in printed form.
Warnings
Read and observe all warnings mentioned in this document. Warnings are found before any instructions known
to be dangerous. They are presented as follows:
WAR NIN G
Warning!
Liability and Guarantee
SEH Computertechnik GmbH will not accept any liability for personal injuries, property damages and consequential damages resulting from the non-observance of the mentioned safety regulations and warnings. Non-observance will also result in any guarantee claims becoming void.
Modifications to the Device and Repairs
It is not allowed to make modifications to the hardware and software or to try to repair the device. If your device
needs to be repaired, contact our support 6.
7
USB Dongleserver User Manual Windows
1.5 First Steps
1. Read and observe the security regulations in order to avoid damages to people and devices 7.
2. Install the hardware. Hardware installation includes connecting the UTN server to the network, USB devices,
and power grid ‘Quick Installation Guide’.
3. Install the software. Software installation includes installing the required 'SEH UTN Manager' software tool on
your client and assigning an IP address ‘Quick Installation Guide’.
4. Configure the UTN server so that it is optimally embedded it into your network and sufficiently protected. All
information on how to do this you will find in this document.
5. Use the SEH UTN Manager to establish and manage connections to the USB dongles which are connected to
the UTN server ’Working with the SEH UTN Manager’ 49.
You can find information on the USB Dongleserver documentation in the chapter’Documentation’ 4.
8
USB Dongleserver User Manual Windows Administration Methods
2 Administration Methods
You can administer, configure and maintain the UTN server in a number of ways:
• Administration using the dongleserver Control Center 10
• Administration via the SEH UTN Manager 12
• Administration via the SEH Product Manager 17
• Administration via Email 19
9
USB Dongleserver User Manual Windows
2.1 Administration using the dongleserver Control Center
The UTN server has a user interface, the dongleserver Control Center, which can be opened using an Internet
browser (e.g. Microsoft Edge).
The UTN server can be configured, monitored and maintained using the dongleserver Control Center.
• Opening dongleserver Control Center in the Browser 10
• Opening dongleserver Control Center from SEH UTN Manager 10
• Opening dongleserver Control Center from SEH Product Manager 10
• Controls 11
Opening dongleserver Control Center in the Browser
The UTN server is connected to the network and the power grid.
The UTN server has a valid IP address 22.
1. Open your browser.
2. Enter the IP address of the UTN server as the URL.
The dongleserver Control Center will be displayed in the browser.
Important:
If the dongleserver Control Center is not displayed, check if a gateway is
configured ( 22) and the proxy settings of your browser.
Opening dongleserver Control Center from SEH UTN Manager
The UTN server is connected to the network and the power grid.
The UTN server has a valid IP address 22.
The SEH UTN Manager is installed on the client 12.
1. Start the SEH UTN Manager.
2. In the selection list, select the UTN server.
3. In the menu bar, select UTN Server – Configure.
Your browser opens and the dongleserver Control Center is displayed.
Opening dongleserver Control Center from SEH Product Manager
The dongleserver Control Center is displayed directly in the SEH Product Manager. You can also open it separately
in the browser.
The SEH Product Manager is installed on the client 17.
1. Start the SEH Product Manager.
2. In the device list, select the UTN server.
The dongleserver Control Center is displayed on the right side in the integrated browser.
3. To access the dongleserver Control Center separately in the browser, select Launch Browser from the
Device menu.
Your browser opens and the dongleserver Control Center is displayed.
Important:
If the dongleserver Control Center is not displayed, check the certificate.
If the certificate chain of trust can not be verified, a security warning will appear
instead of the dongleserver Control Center. Review the certificate personally and
add an exception rule for the certificate, if necessary. Detailed information can be
found in the
'SEH Product Manager Online Help'.
10
USB Dongleserver User Manual Windows
54
3
1
2
Controls
Figure 2.1-1: dongleserver Control Center
1 Product & Company Manufacturer’s contact details and additional product information.
2 Menu item After selecting a menu item, the available submenu items are displayed.
3 Page Menu content
4 Globe Language selection
5 ? icon Online help
11
USB Dongleserver User Manual Windows
4
5
1
3
2
2.2 Administration via the SEH UTN Manager
The 'SEH UTN Manager' is a software tool developed by SEH Computertechnik GmbH. The SEH UTN Manager is
used to establish and manage connections to the USB devices connected to the UTN servers.
• Features 12
• Versions 13
• Installation 14
•Program Start 16
Features
The software is installed on all clients that are meant to access a USB device in the network. After the SEH UTN
Manager is started, the network is scanned for connected UTN servers. All UTN servers found and their connected
USB devices are displayed in the 'network list'. To use the USB devices connected to the UTN server, you have to
add the UTN server to the 'selection list'. The devices shown in the selection list can be administrated and the connected USB devices can be used. Working working with the SEH UTN Manager is described in detail in the chapter
’Working with the SEH UTN Manager’ 49.
WAR NIN G
UTN ( 2) and the corresponding SEH UTN Manager only work in IPv4 networks.
In pure IPv6 networks, it is only possible to access the dongleserver Control Center
( 10) to administer the UTN server.
Figure 2.2-1: SEH UTN Manager
12
USB Dongleserver User Manual Windows
1 Menu bar Available menu items
2 Buttons for editing the selec-
tion list
3 Buttons for managing the
port connection
4 Selection list Shows the selected UTN servers and the connected USB devices.
5 Display area for the proper-
ties
Detailed information on how to use the SEH UTN Manager can be found in the
Help'. To start the online help, go to the SEH UTN Manager menu bar and select Help – Online Help.
Important:
Some SEH UTN Manager features might not be displayed or are displayed as inactive. This depends on
• the type and location of the selection list
• the user's rights and the group memberships on the client
• the client operating system
• the settings of the product-specific security mechanisms
• the status of the UTN server and respective USB port
More details can be found in chapter ’SEH UTN Manager – Feature Overview’
132.
Opens the dialog for searching UTN servers in the network and for selecting the desired devices 50.
Establishes a connection to the USB device connected to the USB port (
52) or interrupts the connection ( 54).
Shows information on the selected UTN server or USB device 59.
'SEH UTN Manager Online
Versions
The SEH UTN Manager is available in two versions:
•Complete Version:
SEH UTN Manager with graphical user interface (figure 2.2-1 12) and additional features.
• Minimal version (without graphical user interface):
Usage only via command line ('utnm' 63) and automated programs ('UTN Actions' 56).
Important:
The complete version is recommended for general use.
The minimal version is to be used by experts only!
In both versions the 'SEH UTN Service' works in the background and is automatically active after the system start.
The service can be controlled by means of the usual administration methods.
Additionally, the following user groups are distinguished:
• users with administrative rights (administrator)
• users without administrative rights (standard user)
Important:
Some features can only be configured by administrators. More details can be
found in chapter ’SEH UTN Manager – Feature Overview’ 132.
13
USB Dongleserver User Manual Windows
Installation
In order to use the SEH UTN Manager, the program must be installed on a computer with a Windows operating
system. The SEH UTN Manager installation file can be found on the SEH Computertechnik GmbH website:
https://www.seh-technology.com/services/downloads.html
The installation file is available as '*.exe' for Windows systems. The file contains both versions of the SEH UTN Manager. Instead of the standard installation, an unattended installation may be carried out.
• ’Standard Installation’ 14
• ’Unattended Installation’ 14
Standard Installation
Windows 7 or higher, except Windows Server 2008
(For Windows 7 and Windows Server 2008 R2, KB3033929 http://technet.microsoft.com/en-us/library/security/3033929 must be installed.)
The installation can only be carried out by users with administrative rights.
1. Start the SEH UTN Manager installation file.
2. Follow the installation routine.
The SEH UTN Manager is installed on your client.
If used in server-based environments (Citrix XenApp, Microsoft Remote Desktop Services/Terminal Services) and
virtualized environments (VMware, Citrix XenDesktop, Microsoft HyperV, etc.) the Windows system may lack required drivers. The installation routine checks the available drivers during the installation process. If drivers are
missing, another installer ('USB driver for SEH UTN Manager'). This installer will prepare the installation of the required drivers.
Unattended Installation
An unattended installation takes place without any time-consuming user input. In addition, the SEH UTN Manager UTN Manager can be automatically installed on a large number of clients via login scripts. For more information,
refer to the documentation of your operating system.
Default settings used:
•Complete version
• Installation for all users of the client
• Target directory:
%PROGRAMFILES%\SEH Computertechnik GmbH\SEH UTN Manager
(Where %PROGRAMFILES% is a Windows environment variable for the 'Program Files' directory. By means of
the command line, the path can be determined as follows:
•Start menu folder:
SEH Computertechnik GmbH\SEH UTN Manager
echo %PROGRAMFILES%)
• A desktop shortcut will be created.
• SEH UTN Manager will start automatically after the installation.
Windows 7 or higher, except Windows Server 2008
(For Windows 7 and Windows Server 2008 R2, the following must be installed: KB3033929 http://technet.microsoft.com/en-us/library/
security/3033929 and hotfix 2921916 http://support.microsoft.com/en-us/help/2921916/the-untrusted-publisher-dialog-box-appears-when-you-install-a-driver-i.)
14
USB Dongleserver User Manual Windows
The installation can only be carried out by users with administrative rights.
Important:
By installing the SEH UTN Manager, you automatically accept the SEH Computertechnik GmbH agreement concerning the license and the use of the software. The
agreement can be found on the website of SEH Computertechnik GmbH:
https://www.seh-technology.com/services/licenses.html
1. Open the command-line interface.
2. Change to the directory containing the SEH UTN Manager installation file.
3. Enter the command sequence:
"sehutnmanager-win-X.X.X.exe" /S [<command>]
Commands: table 2.2-1 15.
4. Confirm your entry.
The sequence of commands will be run.
Table 2.2-1: Installation commands
Command Description
/A
/C
/F=<folder name>
Installs SEH UTN Manager for all users.
Installs SEH UTN Manager for the current user only.
Overrides the default folder name of the Start menu folder. Subfolders can be
specified with '/'.
/G
Installs the complete version ( 14) of SEH UTN Manager.
Recommended for general use.
/I=<path>
Overrides the default installation directory. An absolute path must be specified.
It has to be the last parameter used in the command line and must not contain
any quotes, even if the path contains spaces.
/K
/M
Does not create a desktop shortcut.
Installs the minimal version ( 14) of SEH UTN Manager.
Expert use only!
/R
/S
Runs SEH UTN Manager after the installation is complete.
Instructs the installation to be silent. There is no user interaction and the user
cannot cancel the installation.
/U
Updates an existing SEH UTN Manager.
(If no SEH UTN Manager is installed, it will be installed using the default installa-
tion settings.)
/V1
/V2
Enables command line logging to troubleshoot installation problems.
Creates a log file in the installation folder. The file contains information to trou-
bleshoot installation problems.
/V3
Enables command line logging and creates a log file in the installation directory. Both provide information to help troubleshoot installation issues.
/?
Shows the help page.
15
USB Dongleserver User Manual Windows
Program Start
You can recognize the SEH UTN Manager by its icon: . The program is started with the usual methods of your
operating system.
Update
You can check for program updated manually and automatically. More information can be found in the 'SEH
UTN Manager Online Help'.
16
USB Dongleserver User Manual Windows
4
5
1
6
3
2
2.3 Administration via the SEH Product Manager
The 'SEH Product Manager' is a software tool developed by SEH Computertechnik GmbH for the administration
and management of SEH Computertechnik GmbH devices on the network.
•Function 17
• Installation 18
•Program Start 18
Function
The software is installed on all clients from which SEH Computertechnik GmbH devices are to be administrated
and managed on the network.
After starting the SEH Product Manager, the network is first scanned for connected SEH Computertechnik GmbH
devices. All found devices are displayed in the 'device list'. You can select and then administer and manage the
devices in the device list.
If a task can be performed using the SEH Product Manager, this will be described in the corresponding chapter.
WAR NIN G
The SEH Product Manager only works in IPv4 networks.
In pure IPv6 networks, it is only possible to access the dongleserver Control Center
( 10) to administer and manage SEH Computertechnik GmbH devices.
Figure 2.3-1: SEH Product Manager
1 Menu bar Available menu items
2 Filter Filters the displayed devices by product type.
3 Searching Search function for searching the device list.
17
USB Dongleserver User Manual Windows
4 Device list Shows the devices found on the network by SEH Computertechnik
GmbH.
5 Control Center Shows the Control Center of the device selected in the device list.
6 Functions for editing the de-
vice list
Detailed information on how to use the SEH Product Manager can be found in the
Online Help'. To start the online help system, go to the SEH Product Manager menu bar and select Help – Online
Help.
Installation
In order to use the SEH Product Manager, the program must be installed on a computer with a Windows operating
system. The SEH Product Manager installer can be found on the SEH Computertechnik GmbH website:
https://www.seh-technology.com/services/downloads.html
The installation file is available as '*.exe' for Windows systems.
Windows 7 or higher
The installation can only be carried out by users with administrative rights.
• Refresh: Updates the status of the devices displayed in the list.
• Search: Searches the network for more devices from SEH Computertechnik GmbH. Found devices are added to the device list.
• Delete: Removes all devices from the device list.
'SEH Product Manager
1. Start the SEH Product Manager installer.
2. Follow the installation routine.
The SEH Product Manager is installed on your client.
Program Start
You can recognize the SEH Product Manager by its icon: . The program is started with the usual methods of
your operating system.
The program automatically searches for SEH Computertechnik devices on the network after starting. For more information see the
Update
You can check for program updates manually and automatically. More information can be found in the 'SEH
Product Manager Online Help'.
'SEH Product Manager Online Help'.
18
USB Dongleserver User Manual Windows
2.4 Administration via Email
You can administrate the UTN server via email and thus from any computer Internet access (remote access):
• Get UTN server status
• Set UTN server parameters
• UTN server update
To do so, you write commands into the email message header table 2.4-1 19.
Table 2.4-1: Commands and comment:
Commands Option Description
<Command>
get status
get parameters
set parameters
You get the UTN server status page.
You get the UTN server parameter list.
Sends one or more parameters to the UTN server which will then
be adopted by the UTN server.
Write the parameters and their values into the email message
body:
<parameter> = <value>
The syntax and values can be found in the parameter lists 105.
update utn
Carries out an automatic update using the software that is
attached to the mail.
help
You get a page with information on remote maintenance.
[<Comment>] Freely definable text for descriptions.
The following applies to the instructions:
• not case-sensitive
• one or more space characters are allowed
• max. length is 128 byte
• only the ASCII format can be read.
In addition, a TAN is needed to execute updates or parameter changes. To begin with, you have to get a status
page via email (table 2.4-1 19) because it contains the TAN. You enter the received TAN into the email message
body. A space character must follow.
An email user account for the UTN server is set up on a POP3 server.
An email user account for the UTN server is set up on an SMTP server.
A DNS server is configured on the UTN server 22.
POP3 and SMTP parameters have been configured on the UTN server 28.
1. Open an email program.
2. Write a new email:
- As recipient enter the UTN server address.
- Enter a command in the subject line:
cmd: <command> [<comment>]
Commands and comments: table 2.4-1 19.
- Into the email message body enter a TAN, if applicable.
3. Send the email.
The UTN server receives the email and carries out the instruction.
19
USB Dongleserver User Manual Windows
Examples
You want to get the UTN server parameter list:
To:
UTNserver@company.com
Subject: cmd: get parameters
You want to set the 'configuration' parameter:
To:
UTNserver@company.com
Subject: cmd: set parameters
Email message body:TAN = nUn47ir79Ajs7QKE
sys_descr = <your description>
20
USB Dongleserver User Manual Windows Network Settings
3 Network Settings
To optimally embed your UTN server into your network, you can configure the following settings:
• How to Configure IPv4 Parameters and DNS 22
• How to Configure IPv6 Parameters 25
• How to Configure Bonjour 27
• How to Configure Email (POP3 and SMTP) 28
• How to Configure Server Services 30
• How to Use the UTN Server in VLAN Environments 32
21
USB Dongleserver User Manual Windows
3.1 How to Configure IPv4 Parameters and DNS
In the hardware installation ( ‘Hardware Installation Guide’) the UTN server is connected to the network. The
UTN server then checks if it receives an IPv4 network configuration (IP address, subnet mask, gateway, DNS - Domain Name Service) dynamically over DHCP (Dynamic Host Configuration Protocol). If this is not the case, the UTN
server assigns itself an IP address via Zeroconf from the address range which is reserved for Zeroconf (169.254.0.0/
16).
Important:
If the UTN server is connected to an IPv6 network, it will automatically receive an
additional IPv6 address 25.
The IPv4 address assigned to the UTN server can be found via the SEH UTN Manager and SEH Product Manager
software tools. This step usually is carried out during the initial set up (
As an alternative to automatic configuration via DHCP or Zeroconf, you can assign a manual (static) IPv4 network
configuration to the UTN server.
• Assigning an IPv4 network configuration using the dongleserver Control Center 22
• Assigning an IPv4 Network Configuration using the SEH UTN Manager 23
• Determining the IPv4 Address using the SEH UTN Manager and Assigning an IPv4 Network Configuration
23
• Determining the IPv4 Address using the SEH Product Manager 24
‘Quick Installation Guide’).
Assigning an IPv4 network configuration using the dongleserver Control Center
For DHCP: Your network has a DHCP server.
For DNS: Your network has a DNS server.
1. Start the dongleserver Control Center.
2. Select NETWORK – IPv4.
3. Configure the IPv4 parameters; table 3.1-1 22.
4. Click Save & Restart to confirm.
The settings will be saved.
Table 3.1-1: IPv4 parameters
Parameters Description
DHCP Enables/disables the DHCP protocol.
If DHCP is enabled in your network, IPv4 network configuration (IP address,
subnet mask, gateway, DNS) is automatic.
We recommend disabling this option once an IP
address has been assigned to the UTN server.
ARP/PING Enables/disables the ARP/PING protocol.
You can use the commands ARP and PING to change an IP address. The implementation depends on your system; read the documentation of your operating
system.
We recommend disabling this option once an IP
address has been assigned to the UTN server.
22
USB Dongleserver User Manual Windows
Parameters Description
IP Address IP address of the UTN server.
Subnet mask Subnet mask of the UTN server.
Subnet masks are used to logically partition big networks into subnetworks. If
you are using the UTN server in a subnetwork, it requires the subnet mask of
the subnetwork.
Gateway IP address of the network's standard gateway which the UTN server uses.
With a gateway, you can address IP addresses from other networks.
DNS Enables/disables the name resolution via a DNS server.
Important:
Only DNS allows you to use host names instead of IP addresses if
you define servers such as e.g. a time server on the UTN server.
Example: Time server configuration ( 36) with
instead of
10.168.0.140.
ntp.server.de
Primary DNS server Defines the IP address of the primary DNS server.
Secondary DNS server Defines the IP address of the secondary DNS server.
The secondary DNS server is used if the first one is not available.
Domain name (suffix) Defines the domain name of an existing DNS server.
Assigning an IPv4 Network Configuration using the SEH UTN Manager
The SEH UTN Manager (complete version) is installed on the client 12.
The UTN server is shown in the selection list 50.
1. Start the SEH UTN Manager.
2. In the selection list, select the UTN server.
3. In the menu bar, select UTN Server–Set IP Address.
The Set IP Address dialog appears.
4. Enter the relevant TCP/IP parameters.
5. Click OK.
The settings will be saved.
Determining the IPv4 Address using the SEH UTN Manager and Assigning an IPv4 Network Configuration
The SEH UTN Manager searches the network for connected UTN servers.
The SEH UTN Manager (complete version) is installed on the client 12.
1. Start the SEH UTN Manager.
2. Confirm the note dialog Your Selection List seems to be empty with Yes.
If no note dialog is available and the main dialog appears, select Selection List–Edit in the menu bar.
The Edit Selection List dialog appears.
3. In the network list, select the UTN server.
If you are using several UTN servers of the same model, you can identify a specific device by its default name ( 22) or the connected USB devices.
4. In the shortcut menu, select Set IP Address.
The Set IP Address dialog appears.
5. Enter the relevant TCP/IP parameters.
23
USB Dongleserver User Manual Windows
6. Click OK.
The settings will be saved.
Determining the IPv4 Address using the SEH Product Manager
The SEH Product Manager is installed on the client 17.
1. Start the SEH Product Manager.
The device list is displayed.
2. Search for the UTN server in the device list. It can be identified by its product type and MAC address (which
can be found on the device type plate).
3. Read the UIP address of the UTN server from the device list.
If you select the UTN server in the device list, the dongleserver Control Center will be
displayed. If necessary, you can assign the IPv4 network configuration directly there
( 22).
24
USB Dongleserver User Manual Windows
3.2 How to Configure IPv6 Parameters
IPv6 (Internet Protocol Version 6) is the successor of the still predominantly used IPv4 (Internet Protocol Version
128
4). IPv6 offers the same basic functions but has many advantages such as the increased address space of 2
32
(IPv6) instead of 2
(IPv4) IP addresses and auto configuration.
Important:
IPv6 address notation differs from IPv4: An IPv6 address consists of 128 bits. The
normal format of an IPv6 address is eight fields. Each field contains four hexadecimal digits representing 16 bits.
Example:
2001:db8:4:0:2c0:ebff:fe0f:3b6b
As a URL in a Web browser, an IPv6 address must be enclosed in square brackets.
This prevents port numbers from being mistakenly regarded as part of an IPv6
address.
Example:
http://[2001:db8:4:0:2c0:ebff:fe0f:3b6b]:443
The URL will only be accepted by browsers that support IPv6.
You can embed the UTN server into an IPv6 network.
WAR NIN G
UTN functionality ( 2) and the corresponding SEH UTN Manager only work in
IPv4 networks. The SEH Product Manager also only works in IPv4 networks.
In pure IPv6 networks, it is only possible to access the dongleserver Control Center
( 10) to administer the UTN server.
The UTN server will automatically receive one or more IPv6 addresses in addition to its IPv4 address. To optimally
embed the UTN into your network, you can configure IPv6 parameters.
1. Start the dongleserver Control Center.
2. Select NETWORK – IPv6.
3. Configure the IPv6 parameters; table 3.2-1 25.
4. Click Save & Restart to confirm.
The settings will be saved.
Table 3.2-1: IPv6 parameters
Parameters Description
IPv6 Enables/disables the IPv6 functionality of the UTN server.
Automatic configuration Enables/disables the automatic assignment of the IPv6 address to the UTN
server.
IPv6 address Defines an IPv6 unicast address in the format n:n:n:n:n:n:n:n which is manually
assigned to the UTN server.
• Every 'n' represents the hexadecimal value of one of the eight 16 bit elements of the address.
• Leading zeros can be omitted.
• An IPv6 address may be entered or displayed using a shortened version
when successive fields contain all zeros (0). In this case, two colons (::) are
used.
Router Manually defines a static router to which the UTN server sends its requests.
25
USB Dongleserver User Manual Windows
Parameters Description
Prefix length Defines the length of the subnet prefix for the IPv6 address. The value 64 is pre-
set.
Address ranges (e.g. your network) are specified with prefixes. To do this, the
prefix length (number of bits used) is added to the IPv6 address as a decimal
number and the decimal number is preceded by '/'.
26
USB Dongleserver User Manual Windows
3.3 How to Configure Bonjour
Bonjour is a technology which automatically detects devices and services in TCP/IP networks.
The UTN server uses Bonjour to
• verify IP addresses
• announce and find network services
• match host names and IP addresses
1. Start the dongleserver Control Center.
2. Select NETWORK – Bonjour.
3. Configure the Bonjour parameters; table 3.3-1 27.
4. To confirm, click Save.
The settings will be saved.
Table 3.3-1: Bonjour parameters
Parameters Description
Bonjour Enables/disables Bonjour.
Bonjour name Defines the Bonjour name of the UTN server.
The UTN server uses this name to announce its Bonjour services. If no Bonjour
name is entered, a default name will be used (device name@ICxxxxxx).
27
USB Dongleserver User Manual Windows
3.4 How to Configure Email (POP3 and SMTP)
The UTN server uses email for a range of functions:
• The UTN server can be administered using email 19.
• The notification service will send you status and error messages over email 40.
• During monitoring, logs can be exported as a backup by email 42.
To use these features, the 'POP3' and 'SMTP' email protocols must be configured on the UTN server.
• POP3 (Post Office Protocol Version 3), to allow the UTN server to retrieve email from an email server.
• Simple Mail Transfer Protocol (SMTP) to send email.
For this, the UTN server (client) needs an email user account on an email server.
•Configuring POP3 28
•Configuring SMTP 29
Configuring POP3
An email user account for the UTN server is set up on a POP3 server.
1. Start the dongleserver Control Center.
2. Select NETWORK – Email.
3. Configure the POP3 parameters; table 3.4-1 28.
4. To confirm, click Save.
The settings will be saved.
Table 3.4-1: POP3 parameters
Parameters Description
POP3 Enables/disables the POP3 functionality.
POP3 – Server Address Defines the POP3 server via its IP address or host name.
A host name can only be used if a DNS server ( 22) was configured beforehand.
POP3 – Server Port Defines the port which the UTN server uses to receive emails.
The default port number for POP3 is 110. The default port number for SSL/TLS
(parameter ’POP3 – Security’ 28) is 995. If required, read the documentation
of your POP3 server.
POP3 – Security Defines the authentication method to be used:
• APOP: encrypts the password when logging on to the POP3 server.
• SSL/TLS: encrypts the entire communication with the POP3 server. The en-
cryption strength is defined via the encryption protocol and level 70.
POP3 – Check mail every Defines the time interval (in minutes) which with the POP3 server is checked for
emails.
POP3 – Ignore mail exceeding
POP3 – User name Defines the user name used by the UTN server to log on to the POP3 server.
POP3 – Password Defines the user password used by the UTN server to log on to the POP3 server.
Defines the maximum email size (in Kbyte) to be accepted by the UTN server.
(0 = unlimited)
28
USB Dongleserver User Manual Windows
Configuring SMTP
An email user account for the UTN server is set up on an SMTP server.
1. Start the dongleserver Control Center.
2. Select NETWORK – Email.
3. Configure the SMTP parameters; table 3.4-2 29.
4. To confirm, click Save.
The settings will be saved.
Table 3.4-2: SMTP Parameters
Parameters Description
SMTP – Server Address Defines the SMTP server via its IP address or host name.
A host name can only be used if a DNS server ( 22) was configured beforehand.
SMTP – Server Port Defines the port which the UTN server and SMTP server use to communicate.
The default port number for SMTP is 25. For SSL/TLS (parameter ’SMTP – SSL/
TLS’ 29), SMTP servers use by default port 587 (STARTSSL/STARTTLS) or the
old port 465 (SMTPS). If required, read the documentation of your SMTP server.
SMTP – SSL/TLS Enables/disables SSL/TLS.
SSL/TLS encrypts the communication from the UTN to the SMTP server. The
encryption strength is defined via the encryption protocol and level 70.
SMTP – Sender name Defines the email address used by the UTN server to send emails.
Very often the name of the sender and the email account user name are identical.
SMTP – Login Enables/disables SNMP authentication. To send emails, the UTN sends its user
name and password to the SMTP server to authenticate itself. Enter user name
(parameter ’SMTP – User name’ 29) and password (parameter ’SMTP – Password’ 29).
Some SMTP servers require SMTP authentication to prevent fraudulent use
(spam).
SMTP – User name Defines the user name used by the UTN server to log on to the SMTP server.
SMTP – Password Defines the password used by the UTN server to log on to the SMTP server.
SMTP – Security (S/MIME) Enables/disables signing email using S/MIME (Secure/Multipurpose Internet
Mail Extensions).
A signature created by the sender allows the recipient to verify the identity of
the sender and to make sure that the email was not modified. All S/MIME secu-
rity features require an S/MIME certificate 81.
SMTP – Attach public key Sends the public key together with the email.
Many email clients require the public key to be attached in order to view the
emails.
SMTP – Encrypt Enables the encryption of emails. Only the intended recipient can open and
read the encrypted email.
29
USB Dongleserver User Manual Windows
3.5 How to Configure Server Services
Some features of the UTN server are based on services running on external servers:
• Monitoring ( 42): Export the collected values to a WebDAV and/or syslog-ng server.
• Backup ( 92): Save a system backup to a WebDAV server.
To use these features, you must first implement the corresponding server service on your network. Then configure
the basic server service settings and functionality on the UTN server.
• ’WebDAV Server Configuration’ 30
• ’syslog-ng Server Configuration’ 30
WebDAV Server Configuration
The WebDAV (Web-based Distributed Authoring and Versioning) protocol allows you to transfer files and directories over HTTP. The protocol also has a versioning mechanism.
How you implement WebDAV in your network depends on your network environment. You must handle this implementation yourself.
Your network has a WebDAV server.
1. Start the dongleserver Control Center.
2. Select NETWORK – Server.
3. Tick the WebDAV option.
4. Configure the WebDAV parameters; table 3.5-1 30.
5. To confirm, click Save.
The settings will be saved.
Table 3.5-1: WebDAV parameters
Parameters Description
Server address Defines a WebDAV server by its IP address or host name.
A host name can only be used if a DNS server ( 22) was configured before-
hand.
User name Defines the user name used by the UTN server to log on to the WebDAV server.
Password Defines the password used by the UTN server to log on to the WebDAV server.
SSL/TLS Enables/disables SSL/TLS encryption of communication between the UTN
server and WebDAV server.
The encryption strength is defined via the encryption protocol and level
70.
syslog-ng Server Configuration
The syslog-ng protocol allows you to transmit log messages (monitoring data in this case) to a syslog-ng server
over the network. The received data can be written to a database or forwarded to other servers, for example.
How you implement syslog-ng in your network depends on your network environment. You must handle this implementation yourself.
Your network has a syslog-ng server.
1. Start the dongleserver Control Center.
2. Select NETWORK – Server.
3. Tick the syslog-ng option.
30
USB Dongleserver User Manual Windows
4. Configure the syslog-ng parameters; table 3.5-2 31.
To confirm, click Save.
Table 3.5-2: syslog-ng parameters
Parameters Description
Server address Defines a syslog-ng server by its IP address or host name.
A host name can only be used if a DNS server ( 22) was configured before-
hand.
Server port Defines the port number used by the UTN server to communicate with the sys-
log-ng server.
The port number 514 is preset.
SSL/TLS Enables/disables SSL/TLS encryption of communication between the UTN
server and syslog-ng server.
The encryption strength is defined via the encryption protocol and level
70.
31
USB Dongleserver User Manual Windows
3.6 How to Use the UTN Server in VLAN Environments
The UTN server supports VLAN (Virtual Local Area Network) according to 802.1Q.
A VLAN divides a physical network into logical subnetworks. Each subnetwork is its own broadcast domain, so
data packets cannot be exchanged between subnetworks. VLANs are used to structure networks and, above all,
to secure them.
Each USB device can be assigned to a VLAN. To transfer VLAN data via the USB ports, you must first enter the
VLANs on the UTN server. After this, the USB ports used for forwarding data must be linked to the specified VLANs.
The access to USB devices can be regulated particularly well with VLAN: a defined
group of network users may use certain USB devices.
Inform yourself on how to implement VLAN in your environment and then set up the
UTN server for it.
• Define a IPv4 Management VLAN 32
• Define a IPv4 Client VLAN 32
• Allocating a IPv4 Client VLAN to a USB Port 33
Define a IPv4 Management VLAN
1. Start the dongleserver Control Center.
2. Select NETWORK – IPv4 VLAN.
3. Configure the IPv4 VLAN parameters; table 3.6-1 32.
4. To confirm, click Save.
5. The settings will be saved.
Table 3.6-1: IPv4 management VLAN parameters
Parameters Description
IPv4 management VLAN Enables/disables the forwarding of IPv4 management VLAN data.
If this option is enabled, SNMP is only available in the IPv4 management VLAN.
VLAN ID ID for the identification of the IPv4 management VLAN (0–4096).
IP address IP address of the UTN server 22.
Subnet mask Subnet mask of the UTN server 22.
Gateway IP address of the network's standard gateway which the UTN server uses
22.
With a gateway, you can address IP addresses from other networks.
Access from any VLAN Enables/disables the administrative access (web) to the UTN server via IPv4 cli-
ent VLANs.
If this option is enabled, the UTN server can be administrated via all VLANs.
Access via LAN (untagged) Enables/disables the administrative access to the UTN server via IPv4 packets
without tag.
If this option is disabled, the UTN server can only be administrated via VLANs.
Define a IPv4 Client VLAN
1. Start the dongleserver Control Center.
2. Select NETWORK – IPv4 VLAN.
3. Configure the IPv4 VLAN parameters; table 3.6-2 33.
32
USB Dongleserver User Manual Windows
4. To confirm, click Save.
The settings will be saved.
Table 3.6-2: IPv4 client VLAN parameters
Parameters Description
VLAN Enables/disables the forwarding of IPv4 client VLAN data.
IP Address IP address of the UTN server within the IPv4 client VLAN.
Subnet mask Subnet mask of the UTN server within the IPv4 client VLAN.
Gateway Gateway address of the IPv4 client VLAN.
VLAN ID ID for the identification of the IPv4 client VLAN (0–4096).
Use Auto-fill to automatically fill VLAN, IP address and Subnetmask with the values from line 1. VLAN ID will automatically be counted up by '1'.
Allocating a IPv4 Client VLAN to a USB Port
1. Start the dongleserver Control Center.
2. Select SECURITY – USB port access.
3. Allocate a VLAN to the USB port using the Allocate VLAN list.
4. To confirm, click Save.
The settings will be saved.
33
USB Dongleserver User Manual Windows Device Settings
4 Device Settings
• How to Assign a Description 35
• How to Configure the Device Time 36
• How to Configure the (Encrypted) UTN Port 38
• How to Assign a Name to a USB Port 39
• How to Get Messages 40
• How to Monitor the UTN Server 42
• How to Determine what is Shown in the Display (only dongleserver ProMAX) 46
• How to Configure Acoustic Signals (only dongleserver ProMAX) 48
34
USB Dongleserver User Manual Windows
4.1 How to Assign a Description
You can assign freely definable descriptions to the UTN server. This gives you a better overview of the devices in
the network.
You can also assign names to USB ports to distinguish them 39.
1. Start the dongleserver Control Center.
2. Select DEVICE – Description.
3. Enter freely definable names for Host name, Description, and Contact person.
4. To confirm, click Save.
The settings will be saved.
Table 4.1-1: Description
Parameters Description
Host name Device name as alternative to IP address. With a name you can identify the UTN
server more easily in the network, e.g. if you are using several UTN servers.
Is displayed in the dongleserver Control Center, in the SEH UTN Manager and
SEH Product Manager.
Description Device description, e.g. location or department.
Is displayed in the dongleserver Control Center, in the SEH UTN Manager and
SEH Product Manager.
Contact person Contact person, e.g. device administrator.
Is displayed in the dongleserver Control Center.
35
USB Dongleserver User Manual Windows
4.2 How to Configure the Device Time
The UTN server has a device time. Correct time information is required for some network mechanisms, such as authentication for example. Device monitoring ( 42) also uses the device time as the timestamp.
The UTN server has a built-in hardware clock. A device time is preconfigured and stored in the hardware clock
when the device is produced. The device clock continues to run for a certain period of time, even when the device
is switched off. During operation, it is either possible to continue to use the hardware clock, or use a Simple Network Time Protocol (SNTP) server. Such a time server controls the time in a network and synchronizes the time of
multiple devices within the network.
We recommend the use of a time server for regular operation, and use of the device
clock only for special cases such as the initial installation. This is because a time server
guarantees an accurate and synchronous time for all network participants.
In general, today's primary time standard 'UTC' (Universal Time Coordinated) is used. The time zone compensates
for location.
Important:
If your network in configured accordingly, the UTN server receives the time server
settings automatically via DHCP ( 22). A time server assigned in such a manner
always takes precedence over a manually set time server and the device clock.
• Time zone configuration 36
• Device time configuration via device clock 36
• Device time configuration via time server 36
Time zone configuration
The time zone adjusts the device time (set using the device clock or received from a time server) to your local zone
time including country-specific features such as daylight saving time.
1. Start the dongleserver Control Center.
2. Select DEVICE – Date/Time.
3. From the Time zone list, select the code for your local time zone.
4. To confirm, click Save.
The settings will be saved.
Device time configuration via device clock
1. Start the dongleserver Control Center.
2. Select DEVICE – Date/Time.
3. Tick Date/Time.
4. In the Device Clock area, set a Date and a Time.
5. To confirm, click Save.
The settings will be saved.
Device time configuration via time server
The network has a time server.
1. Start the dongleserver Control Center.
2. Select DEVICE – Date/Time.
3. Tick the Time Server option.
36
USB Dongleserver User Manual Windows
4. Enter the IP address or the host name of the time server in the Server Address field.
(The host name can only be used if a DNS server was configured beforehand 22.)
5. To confirm, click Save.
The settings will be saved.
37
USB Dongleserver User Manual Windows
4.3 How to Configure the (Encrypted) UTN Port
A shared port is used for the data transfer between the UTN server (including connected USB devices) and the client. It depends on the connection type:
•unencrypted
•encrypted
You can change the port number, e.g. if the port number is already used for another application in your network.
The change is made on the UTN server and is relayed to the SEH UTN Manager installed on the clients via SNMPv1.
SNMPv1 is enabled 89.
1. Start the dongleserver Control Center.
2. Select Device – UTN port.
3. Enter the port number into the UTN port or Encrypted UTN port box.
4. To confirm, click Save.
The settings will be saved.
connection: UTN port (default = 9200)
connection ( 72): encrypted UTN port (default = 9443)
WAR NIN G
The UTN por t or encr ypted UTN port must not be blocked by security software (firewall).
38
USB Dongleserver User Manual Windows
4.4 How to Assign a Name to a USB Port
By default, the names of the connected USB devices are displayed on the USB ports in the dongleserver Control
Center and SEH UTN Manager. These names are specified by the device manufacturers and might be ambiguous
or inaccurate.
That is why you can assign freely definable names to the USB ports, e.g. the name of a corresponding software.
This gives you a better overview of the USB devices available in the network.
1. Start the dongleserver Control Center.
2. Select SECURITY – USB.
3. Enter a name for the desired USB port in the Name box.
4. To confirm, click Save.
The settings will be saved.
39
USB Dongleserver User Manual Windows
4.5 How to Get Messages
The UTN server can send you different messages:
• Status email: Periodically sent email containing the status of the UTN server and of the connected USB devices.
• Event notification via email or SNMP trap:
- System information (restart, network connections, power supply, temperature warnings, etc.)
- USB port and USB device information (enabling or disabling a USB port, connecting or disconnecting a USB
device, etc.)
- SD card information (inserting or removing an SD card, unusable SD card, etc.) (dongleserver ProMAX only)
You can customize the content of the e-mail subject line.
• Configuring the sending of status emails 40
• Configuring event and system notifications via email 40
• Customizing the email subject 40
• Configuring event and system notifications via SNMP traps 41
Configuring the sending of status emails
The status email can be sent to up to two recipients.
SMTP is set up 28.
DNS is set up 22.
1. Start the dongleserver Control Center.
2. Select DEVICE – Notification.
3. Enter the recipient into the Email address box.
4. Tick the desired recipient(s) in the Status email area.
5. Define the interval.
6. To confirm, click Save.
The settings will be saved.
Configuring event and system notifications via email
The event emails can be sent to up to two recipients.
SMTP is set up 28.
DNS is set up 22.
1. Start the dongleserver Control Center.
2. Select DEVICE – Notification.
3. Enter the recipient into the Email address box.
4. Tick the options with the desired messages.
5. To confirm, click Save.
The settings will be saved.
Customizing the email subject
You can specify the content of the email subject line with a–z, A–Z, 0–9 and using variables:
%P = product type %p = model %N = default name %H = host name
%I = IP address %M = MAC address %E = event %D = date %t = time
40
USB Dongleserver User Manual Windows
1. Start the dongleserver Control Center.
2. Select DEVICE – Notification.
3. Enter the desired variables in the Email Subject box.
4. To confirm, click Save.
The settings will be saved.
Configuring event and system notifications via SNMP traps
The event SNMP traps can be sent to up to two recipients.
SNMPv1 or/and SNMPv3 is set up 89.
1. Start the dongleserver Control Center.
2. Select DEVICE – Notification.
3. Enter the IP address of the recipient in the Address box.
4. Enter the community of the recipient in the Community box.
5. Select the SNMP protocol version from the SNMP Version list.
6. Enable the desired messages in the Content area.
7. To confirm, click Save.
The settings will be saved.
41
USB Dongleserver User Manual Windows
4.6 How to Monitor the UTN Server
The UTN server has a monitoring function (logging) that collects various values:
• Error (e.g. missing certificates)
• System status (e.g. restarts)
• Parameter Changes
• USB ports and attached devices (e.g. enable or disable a USB port)
• Device access (e.g. logins)
The collected data is stored on the UTN server and can be viewed and deleted directly. You can also export the
monitoring logs as a backup
• to your local client
• via WebDAV
•via Email
• via syslog-ng
With syslog-ng-the data is continuously exported. With WebDAV and e-mail you can choose between different
time intervals:
• Continuous backup: On the UTN server, the monitoring logs are divided into 2 MB files. Once this size is
reached, the file is transferred.
• Daily backup: Transmits the monitoring logs daily at a defined time.
• Manual backup: Transmits the monitoring logs immediately.
This allows you to integrate monitoring of the UTN server appropriately into your network environment and to
capture, archive and evaluate the collected data as desired.
• Configuring Monitoring 42
• Viewing the Monitoring Log 43
• Continuously Exporting Monitoring Logs via WebDAV 43
• Saving the Monitoring Log Locally 43
• Continuously Exporting Monitoring Logs via WebDAV 43
• Exporting Monitoring Logs Daily via WebDAV 43
• Immediately Exporting Monitoring Logs via WebDAV 44
• Continuously Exporting Monitoring Logs via Email 44
• Exporting Monitoring Logs Daily via Email 45
• Immediately Exporting Monitoring Logs via Email 45
• Exporting Monitoring Logs via syslog-ng 45
Configuring Monitoring
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the Values area, activate the desired option.
4. To confirm, click Save.
The settings will be saved.
42
USB Dongleserver User Manual Windows
Deleting the Monitoring Log
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the Monitoring area, click the Delete button.
4. Confirm the security query by clicking OK.
The monitoring log is deleted.
Viewing the Monitoring Log
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the Monitoring area, click the Show log button.
The log file is displayed on a separate tab.
Saving the Monitoring Log Locally
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the Monitoring area, click the Export button.
4. Save the '<default-name>_monitor.txt' file to your client using your browser.
The monitoring log is saved.
Continuously Exporting Monitoring Logs via WebDAV
Your network has a WebDAV server.
WebDAV is configured on the UTN server 30.
Monitoring is enabled 42.
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the WebDAV – Server area, enter the directory on the WebDAV server where the monitoring logs are to be
stored in the Directory box.
4. Optional: If you want to save the monitoring logs for a single day to subfolders, enable the Create individual
directories for days option.
Important:
The FIFO principle (first-in, first-out) is applied after one year. For example, 1 January of last year will overwritten with files from 1 January of the current year.
5. In the WebDAV – Backup area, enable the Continuous Backup option.
The settings will be saved.
Exporting Monitoring Logs Daily via WebDAV
Your network has a WebDAV server.
WebDAV is configured on the UTN server 30.
Monitoring is enabled 42.
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the WebDAV – Server area, enter the directory on the WebDAV server where the monitoring logs are to be
stored in the Directory box.
43
USB Dongleserver User Manual Windows
4. Optional: If you want to save the monitoring logs for a single day to subfolders, enable the Create individual
directories for days option.
Important:
The FIFO principle (first-in, first-out) is applied after one year. For example, 1 January of last year will overwritten with files from 1 January of the current year.
5. In the WebDAV – Backup area, enable the Daily backup at option.
6. From the list, select the hour at which the backup will be transferred.
7. To confirm, click Save.
The settings will be saved.
Immediately Exporting Monitoring Logs via WebDAV
Your network has a WebDAV server.
WebDAV is configured on the UTN server 30.
Monitoring is enabled 42.
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the WebDAV – Server area, enter the directory on the WebDAV server where the monitoring logs are to be
stored in the Directory box.
4. Optional: If you want to save the monitoring logs for a single day to subfolders, enable the Create individual
directories for days option.
Important:
The FIFO principle (first-in, first-out) is applied after one year. For example,
January 01 of last year is overwritten with the files of the current January 01.
5. Click the Export manually now button.
The monitoring logs are stored on the WebDAV server.
Continuously Exporting Monitoring Logs via Email
SMTP is configured on the UTN server 28.
Monitoring is enabled 42.
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the Email – Recipient area, enter the email address of the recipient where the monitoring logs will be sent
in the Email Address box.
4. In the Email – Recipient area, enter the content of the email subject line for monitoring log emails in the
Email Subject box.
(You can specify the content of the email subject line with a–z, A–Z, 0–9 and using variables:
%P = product type %p = model %N = default name %H = host name
%I = IP address %M = MAC address %E = event %D = date %t = time)
5. In the Email – Backup area, enable the Continuous Backup option.
6. To confirm, click Save.
The settings will be saved.
44
USB Dongleserver User Manual Windows
Exporting Monitoring Logs Daily via Email
SMTP is configured on the UTN server 28.
Monitoring is enabled 42.
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the Email – Recipient area, enter the email address of the recipient where the monitoring logs will be sent
in the Email Address box.
4. In the Email – Recipient area, enter the content of the email subject line for monitoring log emails in the
Email Subject box.
(You can specify the content of the email subject line with a–z, A–Z, 0–9 and using variables:
%P = product type %p = model %N = default name %H = host name
%I = IP address %M = MAC address %E = event %D = date %t = time)
5. In the Email – Backup area, enable the Daily backup at option.
6. From the list, select the hour at which the backup will be transferred.
7. To confirm, click Save.
The settings will be saved.
Immediately Exporting Monitoring Logs via Email
SMTP is configured on the UTN server 28.
Monitoring is enabled 42.
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. In the Email – Recipient area, enter the email address of the recipient where the monitoring logs will be sent
in the Email Address box.
4. In the Email – Recipient area, enter the content of the email subject line for monitoring log emails in the
Email Subject box.
(You can specify the content of the email subject line with a–z, A–Z, 0–9 and using variables:
%P = product type %p = model %N = default name %H = host name
%I = IP address %M = MAC address %E = event %D = date %t = time)
5. Click the Export manually now button.
The monitoring logs will be sent by email.
Exporting Monitoring Logs via syslog-ng
Your network has a syslog-ng server.
syslog-ng is configured on the UTN server 30.
Monitoring is enabled 42.
1. Start the dongleserver Control Center.
2. Select DEVICE – Monitoring.
3. Tick the syslog-ng export option.
4. In the syslog-ng export area, select the desired Format.
(IETF = RFC 5424 or Legacy = RFC 3164/BSD)
The settings will be saved.
45
USB Dongleserver User Manual Windows
4.7 How to Determine what is Shown in the Display
(only dongleserver ProMAX)
The dongleserver ProMAX has a display panel on the front side. The following information can be displayed:
• Identifier Freely definable name which will be displayed as default. (Default: DS)
• Error states: Optional notifications which can be displayed if these events occur:
- only one power supply works
- SD card errors (read and write errors, no SD card)
- only one network connection is established
• The Errors are displayed in codes.
Te xt Description Troubleshooting
DS
(or identifier)
RS The Dongleserver is restarting. –
DL Firmware/software is loaded onto the
E1 One of the two power supplies is not
E2 The SD card is formatted with an unsup-
E3 The SD card is read-only. Remove the write protection from the SD
E4 No SD card is available in the card reader. Insert an SD card into the SD card reader:
E5 One or both network connections have
The Dongleserver is operational. –
Dongleserver. Afterwards the Dongleserver is updated.
working.
Which connection is not working is indi-
cated by a glowing dot (left dot, left
power supply; right dot, right power supply).
ported file system or read/write is not
possible.
no link.
–
Check the cabling connections and voltage source.
• Format the SD card in the file format
FAT32, FAT16 or FAT12.
• Check if the SD card functions properly.
card.
• Type: SD or SDHC
• File system: FAT32, FAT16, or FAT12
Check the cable connections and your
network.
• Configuring the Identifier 46
• Enable Error Notifications 47
Configuring the Identifier
Use the identifier to identify devices if you have installed several donglesever ProMAX
in the same server rack or at the same location.
1. Start the dongleserver Control Center.
2. Select DEVICE – Description.
3. Enter a freely definable description into the Identifier (display panel) box.
(Max. 2 characters; A–Z, 0–9. E+digit is not permitted because this combination is used for errors.)
46
USB Dongleserver User Manual Windows
4. To confirm, click Save.
The settings will be saved.
Figure 4.7-1: Display field dongleserver ProMAX
Enable Error Notifications
1. Start the dongleserver Control Center.
2. Select DEVICE – Notification.
3. In the Display panel area, tick the options with the desired message types.
4. To confirm, click Save.
The settings will be saved.
The optional acoustic signals ideally complement the error messages in the display
panel 48.
47
USB Dongleserver User Manual Windows
4.8 How to Configure Acoustic Signals (only dongleserver ProMAX)
The dongleserver ProMAX gives acoustic feedback if:
• a USB dongle is connected
• the Dongleservers restarts
• the parameters are reset
These acoustic signals cannot be turned off.
Optionally, you can configure additional acoustic feedback for the following events:
• only one power supply works
• SD card errors (read and write errors, no SD card)
• only one network connection is established
These optional acoustic signals ideally complement the error messages in the display
panel 46.
1. Start the dongleserver Control Center.
2. Select DEVICE – Notification.
3. In the Acoustic signal area, tick the options with the desired message types.
4. To confirm, click Save.
The settings will be saved.
48
USB Dongleserver User Manual Windows Working with the SEH UTN Manager
5 Working with the SEH UTN Manager
The 'SEH UTN Manager' is a software tool developed by SEH Computertechnik GmbH. The SEH UTN Manager is
used to establish and manage connections to the USB devices connected to the UTN servers.
• How to Find UTN Servers/USB Devices in the Network 50
• How to Establish a Connection to a USB Device 52
• How to End the Connection between the USB Device and the Client 54
• How to Request an Occupied USB Device 55
• How to Automate USB Device Connections and Program Starts 56
• How to Find Status Information on USB Ports and USB Devices 59
• How to Use the Selection List and Manage User Access Rights with It 60
• How to Use the SEH UTN Manager without Graphical User Interface (utnm) 63
49
USB Dongleserver User Manual Windows
5.1 How to Find UTN Servers/USB Devices in the Network
The software tool SEH UTN Manager is used to establish and manage connections to the USB devices connected
to the UTN servers.
After the SEH UTN Manager is started, the network has to be scanned for connected UTN servers. The network
range to be scanned is freely definable; the search can be effected via multicast and/or in definable IP ranges. The
default setting is multicast search in the local network segment.
All UTN servers found and their connected USB devices are displayed in the 'network list'. To use the USB devices
connected to the UTN server, you have to add the UTN server to the 'selection list'.
You can also directly add an UTN server to the selection list. To do this, you need to know its IP address.
• Defining Search Parameters 50
• Scanning the Network 50
• Adding the UTN Server to the Selection List 50
• Adding a UTN Server via IP Address 51
Defining Search Parameters
The SEH UTN Manager (complete version) is installed on the client 12.
1. Start the SEH UTN Manager.
2. In the menu bar, select Program – Options.
The Options dialog appears.
3. Select the Network Scan tab.
4. Tick IP Range Search and define one or more network ranges.
5. Click OK.
The settings will be saved.
Scanning the Network
The SEH UTN Manager (complete version) is installed on the client 12.
1. Start the SEH UTN Manager.
2. In the menu bar, select Selection List – Edit.
The Edit Selection List dialog appears.
3. Click Scan.
4. The network is scanned. The UTN servers and USB devices found are displayed in the network list.
Adding the UTN Server to the Selection List
The SEH UTN Manager (complete version) is installed on the client 12.
The UTN server was found via the network scan and is displayed in the network list.
1. Start the SEH UTN Manager.
2. In the menu bar, select Selection List – Edit.
The Edit Selection List dialog appears.
3. In the network list, select the UTN server to be used.
4. Click Add.
(Repeat steps 2 and 3, if necessary.)
5. Click OK.
The UTN servers and the connected USB devices are shown in the selection list.
50
USB Dongleserver User Manual Windows
Figure 5.1-1: SEH UTN Manager – Edit Selection List
Adding a UTN Server via IP Address
The SEH UTN Manager (complete version) is installed on the client 12.
You know the IP address of the UTN server.
1. Start the SEH UTN Manager.
2. Select UTN server – Add.
The Add server dialog appears.
3. In the Host name or IP address box, enter the IP address of the UTN server.
4. If you changed the UTN port or encrypted UTN port ( 38), define the respective port number in the UTN
Port and Encrypted UTN Port boxes.
5. Click OK.
The UTN server and the connected USB devices is shown in the selection list.
51
USB Dongleserver User Manual Windows
5.2 How to Establish a Connection to a USB Device
To connect a USB device to the client, a point-to-point-connection is established between the client and the USB
port of the UTN server to which the USB device is connected. The USB device can then be used as if it were directly
connected to the client. As long as the connection is established, other users cannot connect the USB device to
their client and thus cannot use it. This means that the licensing terms of USB dongles are not changed, circumvented or violated at any time.
Important:
Special case of compound USB devices
When connecting certain USB devices to a USB port of the UTN server, the selection list
displays several USB devices on this port. These are compound USB devices. They consist of a hub and one or more USB devices that are all integrated into a single housing.
If the connection is established to a port with a connected compound USB device, all
USB devices shown will be connected to the user's client. In this case, each integrated
USB device occupies a virtual USB port of the UTN server. If the limit is reached, no
further USB devices can be used on this UTN server.
dongleserver Pro 8 16
dongleserver ProMAX 20 40
The SEH UTN Manager (complete version) is installed on the client 12.
The USB port is shown in the selection list 50.
All provisions (driver installation, etc.) necessary to operate the USB device locally (i.e. connected directly to
the client) have been met on the client. Ideally, the USB device has been connected and operated on the client
locally according to the instructions of the manufacturer.
The USB port is not
1. Start the SEH UTN Manager.
2. In the selection list, select the port.
3. In the menu bar, select Port – Activate.
The connection between the USB device and client is established.
connected to another client.
52
USB Dongleserver User Manual Windows
Figure 5.2-1: SEH UTN Manager – USB port activation
53
USB Dongleserver User Manual Windows
5.3 How to End the Connection between the USB Device and the Client
If a USB device is connected to a client, the connection is of a point-to-point type. As long as the connection is
established, other users cannot connect the USB device to their client and thus cannot use it. For this reason, you
have to end the connection once you are no longer using the USB device.
To end the connection between USB device and client, deactivate the connection between the client and the USB
port of the UTN server to which the USB device is connected.
• Usually the connection is cut by the user via the SEH UTN Manager 54.
• The administrator can also end the connection from the dongleserver Control Center 54.
• You can also set up an automatic deactivation (Auto Disconnect) 56.
Disconnecting the Device Using the SEH UTN Manager
The SEH UTN Manager (complete version) is installed on the client 12.
The USB port is shown in the selection list 50.
The USB port is connected to your client 52.
1. Start the SEH UTN Manager.
2. In the selection list, select the port.
3. Select Port – Deactivate from the menu bar.
The connection will be deactivated.
Disconnecting the Device Using the dongleserver Control Center
A USB port is connected to your client 52.
1. Start the dongleserver Control Center.
2. Select DASHBOARD.
3. Choose the active connection from the Attached devices list and click the icon.
4. Confirm the security query.
The connection will be deactivated.
54
USB Dongleserver User Manual Windows
5.4 How to Request an Occupied USB Device
If a USB device is connected to a client, the connection is of a point-to-point type. As long as the connection is
established, other users cannot connect the USB device to their client and thus cannot use it.
If you want to use an occupied USB device, you can request it. The other user will receive a release request in form
of a pop up. If the user follows your request and releases the USB device by deactivating the connection to the
USB device, the connection between the USB device and your client will automatically be activated.
The SEH UTN Manager (complete version) is installed on the client 12.
The SEH UTN Manager (complete version) is installed on the client of the user who uses the USB device 12.
The SEH UTN Manager (complete version) is executed with graphical user interface on both clients.
The USB port is shown in the selection list 50.
The USB port is connected to another client 52 (but not via Auto-Connect).
1. In the selection list, select the port.
2. In the menu bar, select Port – Request.
The release request will be sent.
55
USB Dongleserver User Manual Windows
5.5 How to Automate USB Device Connections and Program Starts
Connections to USB ports of the UTN server and the connected USB devices can be automated. Simple to complex
processes can be implemented.
• Automatic Connection If a USB Device Is Connected (Auto-Connect) 56
• Automatic Deactivation of the Connection after a Time Defined (Auto-Disconnect) 56
• Automatic Connection between a USB Device and Client When a Print Job Is Received (Print-On-Demand)
57
• Creating a UTN Action: Automated Connections and Program Starts without the SEH UTN Manager Interface
57
This chapter describes features of the SEH UTN Manager with which automatisms are
set up. Users who have expert knowledge in scripting should use the command line
tool 'utnm' 63.
Automatic Connection If a USB Device Is Connected (Auto-Connect)
Auto-Connect automatically establishes a connection to a USB port and the connected USB device as soon as a
USB device is connected to the USB port. Auto-Connect must be activated for each USB port and works for all USB
devices which are connected to the USB port.
The SEH UTN Manager (complete version) is installed on the client 12.
The USB port is shown in the selection list 50.
You are logged on to the client as administrator.
1. Start the SEH UTN Manager.
2. Select the UTN server from the selection list.
3. In the menu bar, select UTN server – Activate Auto-Connect.
The dialog Activate Auto-Connect appears.
4. Tick the option for the desired USB ports.
5. Click OK.
The setting will be saved. The connection to the USB port and the connected USB device is automatically and
immediately activated. If you disconnect the USB device and reconnect it, the connection is again automatically established.
Important:
If you manually deactivate an active USB port connection that was established via
Auto-Connect, Auto-Connect will be switched off. If you want to use Auto-Connect
again, you will need to reconfigure it later.
Automatic Deactivation of the Connection after a Time Defined (Auto-Disconnect)
Auto-Disconnect deactivates the connection to a USB port and the connected USB device after a previously defined time. 2 minutes before time runs out, the user will receive a notification and is asked to deactivate their connection in order to prevent data loss and error states. Optionally, a one-off prolongation of the connection by the
duration of the defined time can be activated. In this case, the user can choose to prolong the connection or decline it when the notification pops up.
Auto-Disconnect allows a large number of network participants to access a small number of devices and avoids
idle times.
You can be notified about the free port if a connection is automatically disconnected.
For this purpose, set up a notification if the USB port is available 40.
56
USB Dongleserver User Manual Windows
The SEH UTN Manager (complete version) is installed on the client 12.
The UTN server is displayed in the 'Automatic Device Disconnect' area 50.
You are logged on to the client as administrator.
1. Start the SEH UTN Manager.
2. In the menu bar, select Program – Options.
The Options dialog appears.
3. Select the Automatisms tab.
4. In the Auto-Disconnect area, tick Status for the relevant UTN server.
5. Define the desired time range (10-9999 minutes).
6. Is desired, tick Prolongation.
7. Click OK.
The setting will be saved.
Automatic Connection between a USB Device and Client When a Print Job Is Received (Print-On-Demand)
Print-On-Demand automatically establishes a connection between the client and the USB port to which the USB
device (printer or multifunction device) is connected when a print job is received.
After completion of the print job, the connection will be automatically disabled.
The SEH UTN Manager (complete version) is installed on the client 12.
The USB port is shown in the selection list 50.
The USB port is not
connected to another client.
You are logged on to the client as administrator.
1. Start the SEH UTN Manager.
2. In the selection list, select the port.
3. In the menu bar, select Port – Activate.
The connection will be established. The device is installed. A printer object is created on the client.
4. In the menu bar, select Port – Settings.
The Port Settings dialog appears.
5. In the Automatic device connection area, tick Print-On-Demand.
6. Click OK.
The setting will be saved.
7. Select Port – Deactivate from the menu bar.
The connection will be deactivated.
Print-On-Demand is set up.
Creating a UTN Action: Automated Connections and Program Starts without the SEH UTN Manager Interface
UTN Actions are small files which contain a script that automates the connections to USB ports including connected USB devices. The process defined in the script runs automatically when the file is executed. Since the 'SEH UTN
Service' is active in the background, the user does not have to start the SEH UTN Manager interface. I.e., UTN Actions can be used with the complete ( 12) and minimal version ( 12).
UTN Actions are for realizing simple scenarios, such as activating a connection, as well as complex procedures,
such as activating a connection and starting an application with time delay. You can create the UTN action with a
wizard. The wizard is only available in the complete version ( 12) of the SEH UTN Manager. You can create the
following UTN Actions:
• UTN Actions which activate and deactivate the device
The wizard will automatically create one UTN Action for the activation and one UTN Action for the deactivation of the USB port, including the connected USB device. Both UTN Actions will be saved to the desktop.
57
USB Dongleserver User Manual Windows
• UTN Action which starts an application and activates the device
After the selection of the application by the user, the wizard will automatically create a UTN Action to start the application and activate
the USB port, including the connected USB device.Additionally, you can define a port deactivation after the application is closed.
• Custom UTN Action (Experts only)
With the help of the wizard, a custom UTN Action can be created. You can create:
- UTN Actions for the activation and deactivation of the USB port and the connected USB device. You can define additional options.
- A script for starting the application and activating the USB port and the connected USB device. Additionally, you can define a delay
for the start of the application, the deactivation of the USB port after the closing of the application and additional options. Finally,
the complete UTN Action will be created automatically by the SEH UTN Manager and saved by the user.
UTN Actions are based on the command line tool 'utnm'. We recommend experts to
use this tool, if they want to create very complex scripts without restraints 63.
The SEH UTN Manager (complete version) is installed on the client 12.
The USB port is shown in the selection list 50.
1. Start the SEH UTN Manager.
2. Select a port from the selection list.
3. In the menu bar, select Port – Create UTN Action.
The dialog Create UTN Action appears.
4. Follow the instructions of the wizard.
A UTN Action will be created. The UTN Action is run by double-clicking the file.
Figure 5.5-1: Create UTN Action dialog
Shortcuts can be moved to any place and renamed after they have been saved.
(Experts only) Custom UTN Actions which activate or deactivate USB devices can be
edited after their creation. To do this, edit the command line in the shortcut target.
Expert mode (script): You can also edit the script after its creation using a simple text
editor.
58
USB Dongleserver User Manual Windows
5.6 How to Find Status Information on USB Ports and USB Devices
You can check the status of USB ports and USB devices at any given time. You can also configure automatic messages. You can use automatic messages to be notified when a USB port becomes available or to receive information about the connection duration.
• Displaying Status Information 59
• Notification If a USB Port Becomes Available 59
• Message about the Duration of a Connection 59
Displaying Status Information
The SEH UTN Manager (complete version) is installed on the client 12.
The USB port is shown in the selection list 50.
1. Start the SEH UTN Manager.
2. Select the USB port from the selection list.
The status information is displayed in the Properties area.
Notification If a USB Port Becomes Available
You will receive a message once a network participant deactivates the connection to a USB port and the connected USB device.
The SEH UTN Manager (complete version) is installed on the client 12.
The USB port is shown in the selection list 50.
1. In the selection list, select the port.
2. In the menu bar, select Port – Settings.
The Port Settings dialog appears.
3. Tick the option under Messages.
4. Click OK.
The setting will be saved.
Message about the Duration of a Connection
You will receive a message if one of your connections to a USB port and the connected USB device exceeds a defined time period.
The SEH UTN Manager (complete version) is installed on the client 12.
1. In the menu bar, select Program – Options.
The Options dialog appears.
2. Select the Program tab.
3. In the Messages area, tick the option.
4. Define the desired duration.
5. Click OK.
The setting will be saved.
59
USB Dongleserver User Manual Windows
User
administrators
global list
administrators
User
administrator list
individual
lists
5.7 How to Use the Selection List and Manage User Access Rights with It
The selection list is the main element in the SEH UTN Manager and shows all embedded UTN servers. USB devices
can only be used if the UTN server to which they are connected is on the list ( 50). By controlling the selection
list you consequently control the user's access to UTN servers and the connected USB devices.
By default, all client users use the global selection list in the SEH UTN Manager. However, you can set a user selection list for the client users. This list can be compiled by the users themselves. Alternatively, you as client administrator restrict user rights and provide a list with which only the UTN servers you define can be used.
Table 5.7-1: Differences in global and user selection list
Global Selection List User Selection List
• All users of a client use the same selection list. • Each user has their own selection list.
All administrators have the same selection list.
• The users can access all devices listed in the selection list.
(Provided that no security mechanisms have been
specified via the dongleserver Control Center.)
• The users can access all devices listed in the selection list.
(Provided that no security mechanisms have been
specified via the dongleserver Control Center.)
• List is stored at: Registry • List ('ini'-file) is stored at:
%APPDATA%\SEH Computertechnik GmbH\SEH
UTN Manager.ini
(%APPDATA% is an environment variable for a Windows user;
the path for the current user can be determined with using
command line: echo %APPDATA%
Example Windows 10:
echo %APPDATA% yields
C:\Users\Username\AppData\Roaming
+
\SEH Computertechnik GmbH\SEH UTN Manager.ini
Complete path to the ini file:
C:\Users\User name\AppData\Roaming\SEH
Computertechnik GmbH\SEH UTN Manager.ini)
• The selection list can be edited by administrators. • The selection list can be edited by administrators
or by users with write access to the ini-file.
Users with read-only access to the ini-file cannot
edit the selection list and have limited access to
SEH UTN Managers functions.
60
USB Dongleserver User Manual Windows
Which functions (selection list editing etc.) can be used in the SEH UTN Manager depends on the selection list type (global/user) and user account type on the client (administrator/user; user with/without write access to ini-file). For a detailed breakdown
see ’SEH UTN Manager – Feature Overview’ 132.
• Setting Up the Global Selection List for All Users 61
• Providing User Selection Lists 61
• Restrict Write Access to the 'SEH UTN Manager.ini'-file 62
Setting Up the Global Selection List for All Users
The global selection list is used by default.
The SEH UTN Manager (complete version) is installed on the client 12.
You are logged on to the system as administrator.
1. Start the SEH UTN Manager.
2. Compose the selection list 50.
3. In the menu bar, select Program – Options.
The Options dialog appears.
4. Select the tab Selection List.
5. Tick Global selection list.
6. Click OK.
The setting will be saved. All users of a client use the same selection list.
Providing User Selection Lists
The SEH UTN Manager (complete version) is installed on the client 12.
You are logged on to the system as administrator.
1. Start the SEH UTN Manager.
2. In the menu bar, select Program – Options.
The Options dialog appears.
3. Select the tab Selection List.
4. Tick User selection list.
5. Click OK.
Optional: With the following steps you provide a predefined selection list.
6. Create a selection list with the desired devices
7. In the menu bar, select Selection List–Export.
The Export to dialog appears.
8. Save the file 'SEH UTN Manager.ini' to the user directories:
%APPDATA%\SEH Computertechnik GmbH\SEH UTN Manager.ini (table 5.7-1 60)
The setting will be saved. Each user uses their individual (predefined) selection list. The administrators share
one selection list.
50.
61
USB Dongleserver User Manual Windows
Restrict Write Access to the 'SEH UTN Manager.ini'-file
User selection lists can be set up and edited by the users themselves.
In order to restrict users to just the UTN servers you want them to have access to, you can provide a list to users.
To do so, you as administrator store a predefined list for the user ( 61) and limit the user to read-only access to
the 'SEH UTN Manager.ini'-file. By limiting the user to read-only access, all SEH UTN Manager functions concerning
the selection list are disabled for the user.
Use the usual methods of your operating system to turn the ini-files into read-only files. For more information,
read the documentation of your operating system.
62
USB Dongleserver User Manual Windows
5.8 How to Use the SEH UTN Manager without Graphical User Interface
(utnm)
The SEH UTN Manager is available in two versions 12. It can be used without graphical user interface in the
minimal version. To do so, the tool 'utnm' is utilized to use UTN features via the command line of the operating
system:
• directly, by entering commands in a certain syntax and executing them
• via scripts which contain commands in a certain syntax that will be executed automatically and step by step
by the command line interpreter
Use scripts to automate frequently recurring command sequences such as port activations.
The execution of scripts can be automated as well, e.g. by means of login scripts.
•Syntax 63
• Commands 63
•Return 66
• Using utmn via Command Line 66
• Creating a utnm Script 66
Syntax
"<path utnm.exe>" /c "command string" [/<command>]
The file 'utnm.exe' can be found in the program folder of the SEH UTN Manager.
Commands
Rules for commands:
• Underlined elements are to be replaced by the appropriate values (e.g.
a UTN server)
• elements in square brackets are optional.
• not case-sensitive
• only the ASCII format can be read.
server = IP address or host name of
63
USB Dongleserver User Manual Windows
Command Description
/c "command string"
or
/command "command string"
Runs a command. The command is specified in greater detail by the command string. Command strings:
•
activate server port number
activates the connection to a USB port and the connected USB device.
•
activate server vendor ID (VID) product ID (PID)
activates the connection to a USB port and the first free connected
USB device with the defined IDs, if several identical USB devices are
connected to the UTN server.
•
deactivate server port number
deactivates the connection to a USB port and the connected USB device.
•
set autoconnect=true|false server port number
activates/deactivates Auto-Connect ( 56) for the USB port.
•
set userportkey=port key server port number
stores a USB port key ( 77) locally on the system for the current
user account. This way, the USB port key is always automatically sent
and does not need to be specified each time with the command
k USB port key
or /key USB port key (see below).
/
(To remove the USB port key use the command string
set userportkey= server port number)
Important:
The command only sets the key permanently to make the
USB device available.
The USB port key configuration is done via the dongleserver
Control Center 77.
•
set autoconnectportkey=port key server port
number
stores a USB port key ( 77) locally and system-wide for the AutoConnect function ( 56). This way, the USB port key is always automatically sent and does not need to be specified each time with the
command
/k USB port key or /key USB port key (see below).
(To remove the USB port key use the command string
set autoconnectportkey= server port number)
Important:
The command only sets the key permanently to make the
USB device available.
The USB port key configuration is done via the dongleserver
Control Center 77.
•
find [IP address-IP address]
searches for all UTN servers in the network segment and shows the
UTN servers found with IP address, MAC address, model and software
version. IP address ranges can also be searched.
64
USB Dongleserver User Manual Windows
Command Description
• state server port number
displays the status of the USB device connected to the USB port.
•
getlist server
shows an overview of the USB devices connected to the UTN server
(including port number, vendor ID, product ID, vendor name, product
name, device class, and status).
/h
Shows the help page.
or
/help
/k USB port key
Specifies a USB port key 77.
or
/key USB port key
/mr
or
/machine readable
/nw
Separates the output of the command string getlist with tabulators
and the output of
Suppresses warning messages.
or
/no-warnings
/o
Shows the output in the command line.
or
/output
/p port number
or
/port port number
/q
Uses an alternative UTN port.
Use this command if the UTN port number was changed ( 38).
Suppresses the output.
or
/quiet
Important:
The command only enters the key to make the USB device
available.
Use the command
"command string
/c "command string" or /command
" to permanently store a USB port key on
the system so that it is sent automatically each time (see
above).
The USB port key configuration is done via the dongleserver
Control Center 77.
find with commas.
/sp port number
or
/ssl-port port number
/t seconds
or
/timeout seconds
Uses an alternative UTN port with SSL/TLS encryption.
Use this command if the UTN SSL port number was changed ( 38).
Specifies a timeout for the command strings activate and deacti-
vate
.
65
USB Dongleserver User Manual Windows
Command Description
/v
Shows version information about utnm.
or
/version
Return
After a command is executed, a return indicates success or failure of the process. The returned information is a
status combined with a return value (return code). If the output is suppressed (’
/quiet’ 65), only the value is
returned.
The return can be used to determine how the process proceeds, e.g. in a script.
Return Value Description
0
20
21
23
24
25
26
The command was executed successfully.
Activation failed.
Deactivation failed.
Is already activated.
Is already deactivated or not available.
Activation failed: Another user has activated the USB port incl. device.
Not found: There is no device connected to the USB port or the USB port key ( 77) is
missing or wrong.
29
30
31
40
41
42
43
44
47
200
Not found: No USB device with this VID and PID connected.
Isochronous USB devices are not supported.
UTN driver error. Contact the SEH Computertechnik GmbH support 6.
No network connection to the UTN server.
An encrypted connection to UTN server cannot be established.
No connection to UTN service.
The DNS resolution failed.
Insufficient rights (administrative rights required).
This feature is not supported.
Error (with error code).
Using utmn via Command Line
The SEH UTN Manager is installed on the client 12.
The IP address or host name of a UTN server is known.
1. Open the command-line interface.
2. Enter the sequence of commands; see ’Syntax’ 63 and ’Commands’ 63.
3. Confirm your entry.
The sequence of commands will be run.
Example: Activating a USB device on port 3 of the UTN server with the IP address 10.168.1.167
"C:\Program Files\SEH Computertechnik GmbH\SEH UTN Manager\utnm.exe"
/c "activate 10.168.1.167 3"
66
USB Dongleserver User Manual Windows
Creating a utnm Script
The SEH UTN Manager is installed on the client 12.
The IP address or host name of a UTN server is known.
You know how to create and use scripts in your operating system. If needed, refer to the documentation of your
operating system.
1. Open a text editor.
2. Enter the sequence of commands; see ’Syntax’ 63, ’Commands’ 63, and ’Return’ 66.
3. Save the file as executable script on your client.
The script is saved and can be used.
67
USB Dongleserver User Manual Windows Security
6 Security
The UTN server can be protected with various security mechanisms. These mechanisms secure the UTN server itself as well as the connected USB devices. In addition, you can integrate the UTN into the protection mechanisms
implemented in your network.
• How to Define the Encryption Strength for SSL/TLS Connections 70
• How to Encrypt the USB Connection 72
• How to Encrypt the Connection to the dongleserver Control Center 74
• How to Protect Access to the dongleserver Control Center (User Accounts) 75
• How to Block UTN Server Ports (TCP Port Access Control) 76
• How to Control Access to USB Devices 77
• How to Block USB Device Types 80
•How to Use Certificates 81
• How to Configure Network Authentication (IEEE 802.1X) 86
• How to Configure SNMP 89
•How to Disable a USB Port 90
Important:
Protect access to the dongleserver Control Center with user accounts so that security related settings cannot be modified by unauthorized persons.
VLAN is another security concept you can use 32.
69
USB Dongleserver User Manual Windows
6.1 How to Define the Encryption Strength for SSL/TLS Connections
Some connections to and from the UTN server can be encrypted with the protocol SSL (Secure Sockets Layer) and
its successor TLS (Transport Layer Security):
• Web access to the dongleserver Control Center: HTTPS ( 74)
• USB connection: Data transfer between the clients and the UTN server and the connected USB devices (
70)
•Email: POP3 ( 28)
•Email: SMTP ( 28)
The encryption strength and thus the safety of the connection is defined via the encryption protocol and level.
You can choose both.
Each encryption level is a collection of what is called cipher suites. A cipher suite in turn is a standardized sequence of four cryptographic algorithms that are used to establish a secure connection. Based on their encryption
strength they are grouped to encryption levels. Which cipher suites are supported by the UTN server, i.e. are part
of an encryption level, depends on the chosen encryption protocol. You can choose between two encryption levels:
• Any: The encryption is automatically negotiated by both communicating parties. The strongest encryption
supported by both parties will always be chosen.
• Low: Only cipher suites with a low encryption are used. (Fast data transfer)
•Medium
• High: Only cipher suites with an strong encryption are used. (Slow data transfer)
When a secure connection is established, the protocol to be used and a list of supported cipher suites are sent to
the communication partner. A cipher suite is agreed upon that will be used later on. The strongest cipher suite
that is supported by both parties will be used by default.
WAR NIN G
If the communication partner of the UTN server does not support the protocol selected and/or if there is no cipher suite that is supported by both parties, the SSL/
TLS connection will not be established.
If problems occur, select different settings or reset the parameters of the UTN server
95.
If you want the UTN server and its communication partner to automatically negotiate
the settings, set both options to Any. With these settings, the chances that a secure
connection can be established are the highest.
1. Start the dongleserver Control Center.
2. Select SECURITY – SSL/TLS.
3. In the Encryption protocol area, select the desired protocol.
WAR NIN G
Current browsers do not support SSL. If you use an up-to-date browser and set the
combination SSL and HTTPS only to access the dongleserver Control Center (
74), a connection cannot be established.
Use TLS (and not
SSL).
70
USB Dongleserver User Manual Windows
4. In the Encryption level area, select the desired level.
WAR NIN G
Current browsers do not support cipher suites from the Low level. If you use an
up-to-date browser and set the combination Low and HTTPS only to access the
dongleserver Control Center ( 74), a connection cannot be established.
Use an encryption level as high as possible.
WAR NIN G
The SEH UTN Manager does not support the encryption level Low. If you set up
Low in combination with an encrypted USB connection ( 72), a connection
cannot be established.
Use an encryption level as high as possible.
5. To confirm, click Save.
The setting will be saved.
Detailed information about the individual SSL/TLS connections (e.g. supported cipher
suites) can be found on the details page under Security – SSL/TLS – Details.
71
USB Dongleserver User Manual Windows
UTN port
UTN SSL port
UTN server
SSL/TLS connection
6.2 How to Encrypt the USB Connection
To secure the USB connections, encrypt the entire data transfer (user data, control data and protocol data) between the clients and the USB devices connected to the UTN server.
The protocols SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are used for encryption.
The encryption strength is defined via the encryption protocol and level 70.
WAR NIN G
The SEH UTN Manager does not support the encryption level Low. If you set up
Low in combination with an encrypted USB connection, a connection cannot be
established.
Use an encryption level as high as possible.
If connections are encrypted, client and UTN server communicate over the encrypted UTN port. By default, that
is port 9443. If the port is already in use on your network, e.g. for another application, you can change the port
number 38.
Figure 6.2-1: UTN server – SSL/TLS connection in the network
1. Start the dongleserver Control Center Control Center.
2. Select SECURITY – USB.
3. Enable the Encrypt USB communication (SSL/TLS) option.
4. To confirm, click Save.
The data transfer between the clients and the USB devices will be encrypted.
72
USB Dongleserver User Manual Windows
The encrypted connection will be displayed client-side in the SEH UTN Manager under
Properties.
Figure 6.2-2:SEH UTN Manager – encryption
73
USB Dongleserver User Manual Windows
6.3 How to Encrypt the Connection to the dongleserver Control Center
You can protect the connection to the dongleserver Control Centerby encrypting it with the SSL (Secure Sockets
Layer) protocol and its successor TLS (Transport Layer Security).
• HTTP: un
• HTTPS: encrypted connection
The encryption strength is defined via the encryption protocol and level 70. When an encrypted connection is to be established, the client asks for a certificate via a browser ( 81). This certificate must be accepted
by the browser; read the documentation of your browser software.
1. Start the dongleserver Control Center.
2. Select SECURITY – Control Center.
3. In the Connection area, tick HTTP/HTTPS or HTTPS only.
4. To confirm, click Save.
The setting will be saved.
encrypted connection
WAR NIN G
Current browsers do not support low security settings. With them a connection
cannot be established.
Do not
level Low.
use the following combination: Encryption protocol HTTPS and encryption
74
USB Dongleserver User Manual Windows
6.4 How to Protect Access to the dongleserver Control Center
(User Accounts)
By default, anyone who can find the UTN server on the network can access the dongleserver Control Center. To
protect the UTN from unwanted configuration changes, you can set up two user accounts:
• Administrator: Complete access to the dongleserver Control Center. The user can see all pages and change
settings.
• Read-only user: Very restricted access to the dongleserver Control Center. The user can only see the 'DASHBOARD' page.
If you have set up user accounts, a login screen is displayed when the dongleserver Control Center is started. You
can choose between two login screens:
• Neutral screen: Login screen in which user name and password are to be entered. (better protection)
• List of users: User names are displayed. Only the password has to be entered.
A user account allows for multiple logins, i.e. the account can be used by a single user or by a group of users. Up
to 16 users can be logged in at the same time.
Important:
The user accounts for dongleserver Control Center access are also used for SNMP
89. Consider this when setting up user accounts.
For stronger security, you can use a session timeout. If there is no activity within a defined timeout, the user will
automatically be logged out.
1. Start the dongleserver Control Center Control Center.
2. Select SECURITY – Control Center.
3. Define the two user accounts. To do this, in the area User accounts enter a User name and Password respectively.
You can show the typing if you want to make sure that there are no typing errors in
the password.
4. Tick Restrict Control Center access.
5. Under Login window shows, select the type of login screen: Neutral screen or List of users.
6. Tick the Session timeout option and enter in the box the time in minutes after which the an inactive user
should be automatically logged out.
7. To confirm, click Save.
The settings will be saved.
75
USB Dongleserver User Manual Windows
6.5 How to Block UTN Server Ports (TCP Port Access Control)
You can restrict access to the UTN server by blocking ports using 'TCP port access control'. If a port is blocked, the
protocols and/or services using this port cannot establish a connection with the UTN server. Thus attackers have
less room for attack.
The security level defines which port types are blocked:
• UTN access (blocks UTN ports)
• TCP access (blocks TCP ports: HTTP/HTTPS/UTN)
• All ports (blocks IP ports)
You have to define exceptions so that your desired network elements, e.g. clients or DNS servers, can establish a
connection with the UTN server.
WAR NIN G
The ‘ test mode’ is active by default so that you can test your settings without locking yourself out. Your settings will be active until the UTN is restarted, afterwards
access is no longer restricted.
After you have successfully tested your settings, you have to deactivate the test
mode so that access control is permanent.
1. Start the dongleserver Control Center.
2. Select SECURITY – TCP port access.
3. Tick Port access control.
4. In the Security level area, select the desired protection
5. In the Exceptions area, define the network elements that are to have access to the UTN server. To do this, enter the IP or MAC (hardware) addresses and tick the options.
Important:
• MAC addresses are not delivered through routers!
• The use of wildcards (*) allows you to define subnetworks.
6. Make sure that the Test mode is enabled.
7. Click Save & Restart to confirm.
The settings will be saved.
The port access control is activated until the device is restarted.
8. Check the port access and if it is possible to reach the dongleserver Control Center.
Important:
If it is not possible to reach the dongleserver Control Center, restart the UTN server
98.
9. Deactivate the Test mode.
10. Click Save & Restart to confirm.
The settings will be saved.
76
USB Dongleserver User Manual Windows
6.6 How to Control Access to USB Devices
You can restrict the access to the USB ports and the connected USB devices:
• USB port key control: Up to two keys are defined for the USB port. Each key can be assigned a validity period
(always, expiration date, weekly period). Both the USB port and the connected USB device are shown in the
SEH UTN Manager, but no connection can be established. To do so, the key must first be entered in the SEH
UTN Manager.
• USB port device assignment: A certain USB device is assigned to a USB port. This is achieved by linking the USB
port and USB device through the vendor ID (short VID) and product ID (short PID) of the USB device. The combination of VID and PID is specific to a certain USB device model which means that only USB devices of this
specific model can be used on the USB port. This way you can assure, that (security) settings cannot be circumvented by connecting USB devices to other ports.
Power off unused ports to increase security 90.
You can either use one of the two security methods, or both in combination.
• Setting Up USB Port Keys 77
• Entering a USB Port Key (Unlocking a USB Device) 78
• Configuring USB Port Device Mapping 78
Setting Up USB Port Keys
The USB port keys are defined in the dongleserver Control Center.
1. Start the dongleserver Control Center.
2. Select SECURITY – USB.
3. In the USB port table for the desired USB port, click the Change icon.
The USB Port page appears.
4. Go to the Method list and click Port key control.
5. For Key 1, click the Generate button, or enter a freely definable key in the box (max. 64 ASCII characters).
6. Select a period from the Validity list and define the time window if necessary:
- off (always invalid, use 'off' if you want to keep the key but temporarily disable it)
- always (permanently valid)
- expires on (valid until hour X on day Z)
- weekly (valid on X days from hour Y to Z)
7. Optional: For Key 2, repeat steps 5. and 6.
8. To confirm, click Save.
The settings will be saved. Access to the USB device is protected.
To deactivate the feature, go to the Method list and select ---.
77
USB Dongleserver User Manual Windows
Entering a USB Port Key (Unlocking a USB Device)
When USB port key control is enabled, both the USB port and the connected USB device are shown in the SEH
UTN Manager, but no connection can be established.
To gain access to the protected USB device, the key must be entered on the client in the SEH UTN Manager. Since
the port key applies only to the user account currently in use on the client, you must enter it into each client user
account that should have access to the USB device (user port key). The connection can then be established.
1. Start the SEH UTN Manager.
2. In the selection list, select the UTN server.
3. In the menu bar, select UTN Server – Set User Port Keys.
The Enter User Port Key dialog appears.
4. Enter the key for the relevant USB port.
5. Click OK.
Access is granted.
Important:
If you are using Auto-Connect ( 56) in combination with USB port keys, you
must enter the key separately as the Auto-Connect port key. These apply systemwide.
In the menu bar, select UTN Server – Enter Auto-Connect Port Key.
Configuring USB Port Device Mapping
1. Start the dongleserver Control Center.
2. Select SECURITY – USB.
3. In the USB port table for the desired USB port, click the Change icon.
The USB Port page appears.
4. Go to the Method list and click Device Assignment.
5. Click Assign device.
The USB device box shows the VID and PID of the USB device.
6. To confirm, click Save.
The settings will be saved. Only the assigned USB device model can be operated on the USB port.
To deactivate the feature, go to the Method list and select ---.
To assign a different USB device to the USB port, connect the USB device to the USB
port and repeat the USB port device mapping.
Configuring USB Port Keys in Combination with USB Port Device Mapping
Combine the USB port key control and USB port device mapping security methods to use only the USB devices of
the assigned USB device model on the USB port and further restrict access to them (over time periods).
1. Start the dongleserver Control Center.
2. Select SECURITY – USB.
3. In the USB port table for the desired USB port, click the Change icon.
The USB Port page appears.
4. Go to the Method list and click Port key control/Device mapping.
5. For Key 1, click the Generate button, or enter a freely definable key in the box (max. 64 ASCII characters).
78
USB Dongleserver User Manual Windows
6. Select a period from the Validity list and define the time window if necessary:
- off (always invalid, use 'off' if you want to keep the key but temporarily disable it)
- always (permanently valid)
- expires on (valid until hour X on day Z)
- weekly (valid on X days from hour Y to Z)
7. Optional: For Key 2, repeat steps 5. and 6.
8. Click Assign device.
The USB device box shows the VID and PID of the USB device.
9. To confirm, click Save.
The settings will be saved.
To deactivate the feature, go to the Method list and select ---.
79
USB Dongleserver User Manual Windows
6.7 How to Block USB Device Types
USB devices are grouped into classes according to their function. For example, input devices such as keyboards
belong to the group 'Human Interface Device' (HID).
USB devices may present themselves as HID class USB devices while they are actually used for abuse (known as
'BadUSB').
In order to protect the UTN server, you can block input devices of the HID class.
1. Start the dongleserver Control Center.
2. Select SECURITY – USB.
3. Tick/clear Disable input devices (HID class).
4. To confirm, click Save.
The setting will be saved.
80
USB Dongleserver User Manual Windows
6.8 How to Use Certificates
The UTN server has its own certificate management. Digital certificates are data sets, which confirm the identity
of a person, object, or organization. In TCP/IP networks they are used to encrypt data and to authenticate communication partners.
The UTN needs a certificate for:
• participating in the authentication mechanisms EAP-TLS, EAP-TTLS and PEAP 86
• protecting email communication (POP3/SMTP via SSL/TLS) 28
• protecting the connection between the clients and the connected USB devices 72
• protecting the connection to the dongleserver Control Center Control Center (with HTTPS) 74
The following certificates can be used in the UTN server:
• 1 self-signed certificate
Certificate generated by the UTN server and signed by the UTN server itself. The certificate confirms the UTN
server's identity.
• 1 client certificate, i.e. 1 requested certificate or
The client certificate confirms the identity of the UTN server with the help of an additional trustworthy authority which is the certification authority (short CA).
- Requested certificate: As first step, a certificate request is generated on the UTN server and then the request
is sent to a certification authority. In the second step, the certification authority creates a certificate based
on the request for the UTN server and signs it.
- PKCS#12 certificate Exchange format for certificates. You have a certification authority generate a certificate
which is stored in password-protected PKCS#12 format for the UTN server. Then you transport the PKCS#12
file to the UTN server and install it (and thus the certificate in it).
• 1 S/MIME certificate
The UTN server uses the S/MIME Certificate to sign and encrypt emails which is sends. The corresponding private key (PKCS#12 format) has to be installed as certificate of it's own in the email program (Microsoft Outlook
etc.) so that emails can be verified and, if necessary, decrypted.
• 1–32 CA certificates, also known as root CA certificates.
Certificates which are issued for a certification authority and confirm its identity. They are used for verifying
certificates that have been issued by the respective certification authority. In case of the UTN server these are
the certificates of communication partners to verify their identity (chain of trust). Thus multi-level public key
infrastructures (PKIs) are supported.
1 PKCS#12 certificate
Important:
Upon delivery, a default certificate is stored in the UTN server. This certificate is
issued by SEH Computertechnik GmbH for each device specifically.
• Having a Look at Certificates 82
• Saving a Certificate Locally 82
• Creating a Self-Signed Certificate 82
• Request and Install Certificate (Requested Certificate) 83
• Installing a PKCS#12 Certificate 84
• Installing an S/MIME Certificate 84
• Installing a CA Certificate 84
• Deleting Certificates 85
81
USB Dongleserver User Manual Windows
Having a Look at Certificates
A certificate is installed on the UTN server.
1. Start the dongleserver Control Center.
2. Select SECURITY – Certificates.
3. Select the certificate via the icon .
The certificate is displayed.
Saving a Certificate Locally
A certificate is installed on the UTN server.
1. Start the dongleserver Control Center.
2. Select SECURITY – Certificates.
3. Save the certificate using the icon .
The certificate is stored on your local client.
Creating a Self-Signed Certificate
Important:
Only one self-signed certificate can be installed on the UTN server.
To create a new certificate, you must first delete the existing certificate 85.
1. Start the dongleserver Control Center.
2. Select SECURITY – Certificates.
3. Click Self-signed certificate.
4. Enter the relevant parameters; table 6.8-1 82.
5. Click Create/Install.
The certificate will be created and installed. This may take a few minutes.
Table 6.8-1: Parameters for the Creation of Certificates
Parameters Description
Common name Freely definable certificate name. (max. 64 characters)
Use the IP address or host name of the UTN server,
so that you can clearly match device and certificate.
Email address Email address of the person responsible for the UTN server.
(max. 40 characters; optional)
Organization name Name of the company which uses the UTN server.
(max. 64 characters)
Organizational unit Name of a department or subsection in the company.
(max. 64 characters; optional)
Location Location of the company.
(max. 64 characters)
State name State where the company is based.
(max. 64 characters)
82
USB Dongleserver User Manual Windows
Parameters Description
Domain component Allows you to enter additional attributes.
(Optional entry)
SAN (multi-domain) Allows you to enter Subject Alternative Names (SAN). Used to specify additional
host names (e.g. domains).
(Optional entry, max. 255 characters)
Country Country where the company is based. Enter the two-digit country code accord-
ing to ISO 3166.
Examples: DE = Germany, GB = Great Britain, US = USA
Issued on Date from which on the certificate is valid.
Expires on Date from which on the certificate becomes invalid.
RSA key length Defines the length of the RSA key used:
- 512 bit (fast encryption and decryption)
- 768 bit
- 1024 bit (standard encryption and decryption)
- 2048 bit (slow encryption and decryption)
Request and Install Certificate (Requested Certificate)
A certificate that has been issued by a certification authority for the UTN server can be used in the UTN server.
To do this, your first create a certificate request and then send it to the certification authority. Based on the re-
quest, the certification authority then creates a certificate specifically for the UTN server. You install this certificate
in the UTN server.
Important:
You can only install a requested certificate that has been issued based on the certificate request created on the UTN server.
If the files do not match, you have to request a new certificate which is based on
the current certificate request. If you want to start over, you must delete the certificate request 85.
1. Start the dongleserver Control Center.
2. Select SECURITY – Certificates.
3. Click Certificate request.
4. Enter the required parameters; table 6.8-1 82.
5. Click Create a request.
The certificate request will be created. This may take a few minutes.
6. Select Upload and save the requests in a text file.
7. Click OK.
8. Send the text file as certificate request to a certification authority.
The certification authority creates the certificate and gives it to you.
Important:
The certificate must be in 'base64' format.
9. Click Requested certificate.
10. Enter the password into the Password box.
83
USB Dongleserver User Manual Windows
11. Click Install.
The requested certificate is installed in the UTN server.
Installing a PKCS#12 Certificate
Important:
If a PKCS#12 certificate has already been installed in the UTN server, you must first
delete the certificate 85.
The certificate has 'base64' format.
1. Start the dongleserver Control Center.
2. Select SECURITY – Certificates.
3. Click PKCS#12 certificate.
4. Specify the PKCS#12 certificate in the Certificate file box.
5. Enter the password.
6. Click Install.
The PKCS#12 certificate will be installed in the UTN server.
Installing an S/MIME Certificate
Important:
If an S/MIME certificate has already been installed in the UTN server, you must first
delete the certificate 85.
The certificate has 'pem' format.
1. Start the dongleserver Control Center.
2. Select SECURITY – Certificates.
3. Click S/MIME certificate.
4. Specify the S/MIME certificate in the Certificate file box.
5. Click Install.
The S/MIME certificate is installed in the UTN server.
Installing a CA Certificate
The certificate has 'base64' format.
1. Start the dongleserver Control Center.
2. Select SECURITY – Certificates.
3. Click CA certificate.
4. Specify the CA certificate in the Certificate file box.
5. Click Install.
The CA certificate is installed in the UTN server.
84
USB Dongleserver User Manual Windows
Deleting Certificates
WAR NIN G
To establish an encrypted (HTTPS 74) connection to the dongleserver Control
Center Control Center, a certificate (self-signed/CA/PKCS#12) is required. If you delete the corresponding certificate, the dongleserver Control Center can no longer
be reached.
In this case restart the UTN server 98. The UTN server then generates a new selfsigned certificate with which a secured connection can be established.
A certificate is installed on the UTN server.
1. Start the dongleserver Control Center.
2. Select SECURITY – Certificates.
3. Delete the certificate using the icon .
The certificate is deleted.
85
USB Dongleserver User Manual Windows
6.9 How to Configure Network Authentication (IEEE 802.1X)
Authentication is the proof and verification of an identity. With it your network is protected from abuse, because
only authorized devices have access.
The UTN supports authentication according to the IEEE 802.1X standard which is based on EAP (Extensible Authentication Protocol).
If you use authentication according to IEEE 802.1X in your network, the UTN server can participate:
• Configuring EAP-MD5 86
•Configuring EAP-TLS 86
• Configuring EAP-TTLS 87
• Configuring PEAP 87
•Configuring EAP-FAST 88
Configuring EAP-MD5
EAP-MD5 (Message Digest #5) is a user-based authentication via a RADIUS server. First, you have to create a user
(user name and password) on the RADIUS server for the UTN server. Afterwards you set up EAP-MD5 on the UTN
server.
A user account for the UTN server is set up on the RADIUS server.
1. Start the dongleserver Control Center.
2. Select SECURITY – Authentication.
3. From the Authentication method list, select MD5.
4. Enter the user name and the password of the user account that is set up for the UTN server on the RADIUS
server.
5. Click Save & Restart to confirm.
The settings will be saved.
Configuring EAP-TLS
EAP-TLS (Transport Layer Security) is a mutual, certificate based authentication via a RADIUS server. In this method, UTN server and RADIUS server exchange certificates through an encrypted TLS connection.
Both RADIUS and UTN server require a valid, digital certificate signed by a CA. This requires a PKI (Public Key Infrastructure).
WAR NIN G
Follow the instructions below in the given order. If you do not follow the order, the
UTN server might not be reachable in the network.
In this case, reset the parameters of the UTN serve 95.
1. Create a certificate request on the UTN server 81.
2. Create a certificate using the certificate request and the authentication server.
3. Install the requested certificate on the UTN server 81.
4. Install the root CA certificate of the certification authority that has issued the certificate of the authentication
server (RADIUS) is installed in the UTN server 81.
5. Start the dongleserver Control Center.
6. Select SECURITY – Authentication.
7. Select TLS from the Authentication method list.
8. From the EAP root certificate
9. Click Save & Restart to confirm.
The settings will be saved.
list, select the root CA certificate.
86
USB Dongleserver User Manual Windows
Configuring EAP-TTLS
In EAP-TTLS (Tunneled Transport Layer Security), a TLS-protected tunnel is used for exchanging secrets. The method consists of two phases:
1. Outer authentication: An encrypted TLS (Transport Layer Security) tunnel is created between UTN server and
RADIUS server. To do this, the RADIUS server authenticates itself to the UTN server using a certificate that was
signed by a CA.
2. Inner authentication: In the tunnel the authentication (via CHAP, PAP, MS-CHAP, or MS-CHAPv2) takes place.
A user account for the UTN server is set up on the RADIUS server.
For increased security during connection establishment (optional): The root CA certificate of the certification
authority that has issued the certificate of the authentication server (RADIUS) is installed in the UTN server
81.
1. Start the dongleserver Control Center.
2. Select SECURITY – Authentication.
3. Select TTLS from the Authentication method list.
4. Enter the user name and the password of the user account that is set up for the UTN server on the RADIUS
server.
5. Select the settings which secure the communication in the TLS channel.
6. Increase the security during connection establishment (optional):
From the list EAP root certificate, select the root CA certificate.
7. Click Save & Restart to confirm.
The settings will be saved.
Configuring PEAP
With PEAP (Protected Extensible Authentication Protocol), an encrypted TLS (Transport Layer Security) tunnel is
established between the UTN server and the RADIUS server. To do this, the RADIUS server authenticates itself to
the UTN server using a certificate that was signed by a CA. The TLS channel is then used to establish another connection that can be protected by means of additional EAP authentication methods (e.g. MSCHAPv2).
The method is very similar to EAP-TTLS ( 87), but other methods are used to authenticate the UTN server.
A user account for the UTN server is set up on the RADIUS server.
For increased security during connection establishment (optional): The root CA certificate of the certification
authority that has issued the certificate of the authentication server (RADIUS) is installed in the UTN server
81.
1. Start the dongleserver Control Center.
2. Select SECURITY – Authentication.
3. Select PEAP from the Authentication method list.
4. Enter the user name and the password of the user account that is set up for the UTN server on the RADIUS
server.
5. Select the settings which secure the communication in the TLS channel.
6. Increase the security during connection establishment (optional):
From the list EAP root certificate, select the root CA certificate.
7. Click Save & Restart to confirm.
The settings will be saved.
87
USB Dongleserver User Manual Windows
Configuring EAP-FAST
EAP-FAST (Flexible Authentication via Secure Tunneling) is a specific EAP method developed by the company Cisco.
As with EAP-TTLS ( 87) and PEAP ( 87) a secure tunnel protects data transmission. However, the server does
not authenticate itself with a certificate. Instead it uses PACs (Protected Access Credentials).
A user account for the UTN server is set up on the RADIUS server.
1. Start the dongleserver Control Center.
2. Select SECURITY – Authentication.
3. Select FAST from the Authentication method list.
4. Enter the user name and the password of the user account that is set up for the UTN server on the RADIUS
server.
5. Select the settings intended to secure the communication in the channel.
6. Click Save & Restart to confirm.
The settings will be saved.
88
USB Dongleserver User Manual Windows
6.10 How to Configure SNMP
SNMP (Simple Network Management Protocol) is protocol for configuring and monitoring network elements. The
protocol controls communication between the monitored devices and the monitoring station (SNMP management tool). Information can be read and changed.
SNMP exists in 3 versions, the UTN supports version 1 and 2.
SNMPv1
SNMPv1 is the first and most simple SNMP version. A disadvantage is the insecure access control which is the community: a community groups monitoring station and monitored devices. This makes their administration easier.
There are two types of communities, read-only and read/write. For both the community name is also the password used between the monitoring station and the monitored devices. As it is transmitted as clear text, it does
not offer sufficient protection.
SNMPv3
SNMPv3 is the newest SNMP version. It contains enhancements and a new security concept which includes,
amongst other thins, encryption and authentication. Therefore, a SNMP user with name and password must be
created in the monitoring station. This user must then be specified in the UTN server.
Important:
The user accounts are also used to access the dongleserver Control Center and
thus are to be defined under SECURITY - Control Center, see ’How to Protect
Access to the dongleserver Control Center (User Accounts)’ 75.
SNMPv3 users are created in the monitoring station. (Only for SNMPv3.)
The SNMPv3 users from the monitoring station are specified on the UTN server 75. (Only for SNMPv3.)
1. Start the dongleserver Control Center.
2. Select SECURITY – SNMP.
3. Configure the SNMP parameters; table 6.10-1 89.
4. To confirm, click Save.
The settings will be saved.
Table 6.10-1:SNMP Parameters
Parameters Description
SNMPv1 Enables/disables SNMPv1.
Read-only Enables/disables the write protection for the community.
Community SNMP community name Enter the name as it is defined in the monitoring sta-
tion.
Important:
The default name is 'public'. This name is commonly used for read/
write communities. We recommend to change it as soon as possible to increase security.
SNMPv3 Enables/disables SNMPv3.
Hash Defines the hash algorithm.
Access rights Defines the access rights of the SNMP user.
encryption Defines the encryption method.
89
USB Dongleserver User Manual Windows
6.11 How to Disable a USB Port
By default all USB ports are active. You can deactivate (and re-activate ) the USB port by interrupting or restoring
the power supply.
Deactivate
• unused USB ports to ensure that unwanted USB devices cannot be connected to the network. (Deactivated
USB ports cannot be seen in the SEH UTN Manager.)
• a USB port and re-activate it to restart the connected USB device if it is in an undefinable condition. (The USB
device does not need to be removed and reconnected manually.)
1. Start the dongleserver Control Center.
2. Select SECURITY – USB Port.
3. For the desired USB port, enable/disable the option in the column.
4. To confirm, click Save.
The USB port is disabled/enabled.
90
USB Dongleserver User Manual Windows Maintenance
7 Maintenance
You can maintain the UTN server in the following ways:
• How to Backup Your Configuration 92
• How to Reset Parameters to their Default Values 95
•How to Perform a Device Software Update 97
• How to Restart the UTN Server 98
91
USB Dongleserver User Manual Windows
7.1 How to Backup Your Configuration
The UTN server includes two backup functions that allow you to access a fixed configuration state at any time.
1. Parameter file:
All parameters are saved in the '<default-name>_parameters.txt' file (exception: passwords). You can view
this file on the UTN server and save it to your local client for backup. You can edit the parameter values in the
backed up file usin g a text ed itor . Afterward s, the edited file can be lo aded o nto one or more UTN servers. The
device(s) will then adopt the parameter values of the file. This allows you to quickly configure a large number
of UTN servers. You can find a detailed description of the parameters in the ’Parameter lists’ 105.
2. System backup: The entire system (settings, certificates, passwords, etc.) can be saved externally to a Web-
DAV server. With the dongleserver ProMax you can additionally save the system backup to the SD card. By inserting the SD card in another dongleserver ProMAX, you can transfer the system backup to this device. The
system backup is automatically updated after a change to the configuration.
WAR NIN G
If the SD card is lost or stolen, your environment becomes vulnerable (certificates,
passwords).
Therefore, you have to take all necessary precautions to protect the UTNserver if
you use the automatic backup.
• See Parameter Values 92
• Exporting the Parameter File via dongleserver Control Center 92
• Exporting the Parameter File via SEH Product Manager 92
• Loading the Parameter File dongleserver Control Center onto a UTN Server 93
• Loading the Parameter File via SEH Product Manager onto a UTNServer 93
• Automatic Backup (dongleserver ProMAX only) 94
See Parameter Values
1. Start the dongleserver Control Center.
2. Select MAINTENANCE – Backup.
3. In the Parameter File – Content area, click the View button.
The current parameter values are displayed.
Exporting the Parameter File via dongleserver Control Center
1. Start the dongleserver Control Center.
2. Select MAINTENANCE – Backup.
3. In the Parameter file – Backup area, click the Export button.
4. Save the '<default-name>_parameters.txt' file to your client using your browser.
The parameters file is backed up.
Exporting the Parameter File via SEH Product Manager
You can save the parameter file from one or more UTN servers to your local client.
The SEH Product Manager is installed on the client
The device is shown in the device list 17.
1. Start the SEH Product Manager.
The device list is displayed.
17.
92
USB Dongleserver User Manual Windows
2. Select the UTN server(s) in the device list.
3. In the menu bar, select Device – Backup.
The Parameter backup dialog appears.
4. Follow the instructions in the dialog.
The parameters are saved.
Loading the Parameter File dongleserver Control Center onto a UTN Server
1. Start the dongleserver Control Center.
2. Select MAINTENANCE – Backup.
3. In the Parameter file – Restore area, specify the '<default name>_parameters.txt' file in the Parameter file
box.
4. Click Import.
The UTN server adopts the parameter values from the file.
Loading the Parameter File via SEH Product Manager onto a UTNServer
You can load the parameter file onto one or more UTN servers.
WAR NIN G
Some parameters (e.g. a static IPv4 network configuration) must be assigned individually. Conflicts can occur if you load the parameter file on multiple UTN servers
at the same time.
Only upload parameter files to multiple UTN servers at the same time if the settings
are universal.
The SEH Product Manager is installed on the client 17.
The device is shown in the device list 17.
1. Start the SEH Product Manager.
The device list is displayed.
2. Select the UTN server(s) in the device list.
3. In the menu bar, select Device – Load parameter.
The Load parameter dialog appears.
4. Follow the instructions in the dialog.
The UTN server adopts the parameter values from the file.
93
USB Dongleserver User Manual Windows
Automatic WebDAV System Backup
System backup to a WebDAV server stores the UTN server system in a directory on the WebDAV server. The system
backup is automatically updated when you make changes to the system. To increase clarity on the WebDAV server, you can automatically create individual directories for days. All change backups from a single day are then
stored in a subdirectory of the backup directory.
In addition to the change backup, you can also save an additional daily system backup. This single backup is
stored on the WebDAV server every day at a time you specify.
A WebDAV server is available on your network.
A directory for system backup has been created on the WebDAV server.
1. Start the dongleserver Control Center.
2. Select MAINTENANCE – Backup.
3. In the System Backup – WebDAV area, enable the Change Backup option.
4. In the System Backup – WebDAV area, enter the directory on the WebDAV server where the backup files are
to be stored in the Server Directory box.
(Also defines the WebDAV server directory for manual system backup 94.)
5. Optional: In the System Backup – WebDAV area, enable the Individual Directories for Days option.
6. Optional: In the System Backup – WebDAV area, enable the Additional Individual Backups option and
specify the desired time.
7. To confirm, click Save.
The setting will be saved.
Manual WebDAV System Backup
You can manually backup the current system state to the WebDAV server.
1. Start the dongleserver Control Center.
2. Select MAINTENANCE – Backup.
3. In the System Backup – WebDAV area, enter the directory on the WebDAV server where the backup file is to
be stored in the Server Directory box.
(Also defines the WebDAV server directory for automatic system backup 94.)
4. In the System Backup – WebDAV area, click the Create manual backup now button.
The system backup is saved to the WebDAV server.
Automatic Backup (dongleserver ProMAX only)
An SD card is connected to the UTN server.
The SD card has the file system FAT12, FAT16 or FAT32.
1 MB of free space is available on the SD card.
(These requirements are fulfilled ex factory.)
1. Start the dongleserver Control Center.
2. Select MAINTENANCE – Backup.
3. In the System Backup – SD Card area, enable the Parameter Backup option.
4. Click Save.
The settings will be saved.
94
USB Dongleserver User Manual Windows
7.2 How to Reset Parameters to their Default Values
You can reset the UTN to its default values, e.g. if you want to install the UTN server in a different network. All settings will be set to factory settings. Installed certificates will not be deleted.
Important:
The connection to the dongleserver Control Center may be interrupted if the IP
address of the UTN server changes with the reset.
If required, determine the new IP address 22.
You can change the settings either via remote access (dongleserver Control Center and SEH Product Manager) or
using the Reset button on the UTN server.
If you lost the password for the dongleserver Control Center, you can reset the UTN
server using the reset button. You do not need a password to do so.
• Resetting Parameters from the dongleserver Control Center 95
WAR NIN G
dongleserver ProMAX: Remove the SD card from the UTN server before resetting
the parameters. Otherwise, the UTN server will adopt the parameter values stored
on it (automatic backup 92).
• Resetting Parameters from the SEH Product Manager 95
• Resetting Parameters via Reset Button 96
Resetting Parameters from the dongleserver Control Center
1. Start the dongleserver Control Center.
2. Select MAINTENANCE – Default settings.
3. Click Reset device.
A security query appears.
4. Confirm the security query.
The parameters are reset.
Resetting Parameters from the SEH Product Manager
The SEH Product Manager allows you to reset one or more UTN servers.
The SEH Product Manager is installed on the client 17.
The device is shown in the device list 17.
1. Start the SEH Product Manager.
2. In the device list, select the UTN server.
3. In the menu bar, select Device – Reset.
The Reset dialog appears.
4. Click Reset.
The parameters are reset.
95
USB Dongleserver User Manual Windows
Resetting Parameters via Reset Button
With the reset button you can reset the UTN server’s parameter values to their default settings.
1. Press the reset button for 5 seconds.
The UTN server restarts.
(The dongleserver ProMAX beeps when it restarts.)
The parameters are reset.
96
USB Dongleserver User Manual Windows
7.3 How to Perform a Device Software Update
You can update your UTN server with a software update. Software updates include new features and/or bug fixes.
You can find the version number of the software currently installed on the UTN server on the start page of the
dongleserver Control Center or in the device list in the SEH Product Manager.
Visit the SEH Computertechnik GmbH website for current software files:
https://www.seh-technology.com/services/downloads.html
Only the software in use is updated; settings will remain preserved.
Important:
Every update file comes with a 'readme' file. Read the 'readme' file and follow its
instructions.
• Update via dongleserver Control Center 97
• Update via SEH Product Manager 97
Update via dongleserver Control Center
1. Start the dongleserver Control Center.
2. Select MAINTENANCE – Update.
3. Specify the update file in the Update file box.
4. Click Install.
The update is executed. Afterwards, the UTN server restarts.
Update via SEH Product Manager
You can use the SEH Product Manager to update one or more UTN servers.
The SEH Product Manager is installed on the client 17.
The device is shown in the device list 17.
1. Start the SEH Product Manager.
The device list is displayed.
2. Select the UTN server(s) in the device list.
3. In the menu bar, select Device – Load software.
The dialog Load software appears.
4. Follow the instructions in the dialog.
The update is executed. Afterwards, the UTN servers restart.
97
Loading...