Tosibox Central Lock Instruction Manual

Tosibox Central Lock Instruction Manual
EASY QUICK SECURE
v1.4 English
The benets of Tosibox
Take in use only in 5 minutes
High sophisticated information
security
Operates trustworthy in all internet
interfaces
1. Introduction 2. Setup
The purpose of this document is to illustrate the deployment of Tosibox Central Lock and its most important properties. The creation and administration of Keys for Central Lock and the user interface are also presented here.
Please note that this document concentrates only on the properties of Central Lock. The basics of Key and Lock products are explained in the Key and Lock user manual.
1.1 Central Lock in brief
The Central Lock operates on the same basic properties as the Lock, but has better throughput and encryption capacity. This allows the building of large-scale systems that provide simultaneous access to as many as 4000 Locks and Keys and the devices behind them.
The Central Lock also has three additional features not found in the Lock, but are usually needed in more complex network systems. These are:
Concurrent usage of sites with overlapping IP addresses
»
Collecting audit log data » Monitoring and alert services to detect and notify the user »
about connection problems
Basic requirements
The deployment of Central Lock has a few basic requirements to operate. It needs:
A wired network1. One non-rewalled public IP-address2. An Internet connection with speed of at least 10/10 Mbit/s.3.
Physical installation
After the basic requirements of deployment are met, you can start the physical installation of the Central Lock. Please check that the following items are included in the sales package:
Ethernet cable – RJ45, 1 m1. Power cord2. Extension power cord3.
The steps of physical installation:
Proper mechanical mounting of device1. Plugging in the power cord2. Connecting the network cable to the WAN port of the 3.
Central Lock
Serialization
Powering on the Central Lock starts the deployment. After 2 minutes, the Key can be inserted to the Central Lock’s USB port. Once the LED light in the Key stops blinking, the serialization is completed and the Key can be removed from the Central Lock.
Conguration
Conguring the Central Lock is done from the Web user
interface (see chapter Web User Interface). The Internet
connections for the Central Lock are congured in the WAN
settings of the Network tab. The protocol can be set to a
xed IP-address or a DHCP-client, in which case the address is fetched from a DHCP server. By assigning the protocol to the
static address, the IP-address and subnet mask are written to
the elds below. When a static address is used, it is important
to set the address of the domain name server.
Deployment
After the serialization and conguration are done, the
deployment of Central Lock is completed and Locks, Keys and network devices can be added to the system.
3. System Description
3.4 Connecting Central Lock to LAN
The Central Lock can be connected to an existing LAN network in two ways. It can be used as a router or it can be connected alongside an existing router. ** If the Central Lock is used as a
router, a DHCP server must be assigned to the specic LAN. In
this situation the remote sites can be accessed from the LAN network of the Central Client. In the other situation, when the
Central Lock is not acting as a router, the DHCP server is usually
disabled. In this case, accessing remote sites requires opening a Key connection to the Central Lock or static routes must be
congured to the user’s computer.
3.5 Administration of Keys
It is possible to create a backup from a Key serialized to the Central Lock (see Lock and Key manual). Serializing new Sub keys also works in the same way as other Tosibox products. The Backup and Sub Keys of the Central Lock can be administrated from the Key user interface through the Manage Keys menu.
The Master Key has full privileges and it can be used to serialized additional Keys to Locks for deployment. An empty
Key that is rst serialized with a Lock becomes the Master Key
for that Lock, and additional Master Keys can be created with the Key backup function.
A sub Key has restricted rights and it cannot be used to serialize additional Keys nor take new Locks into use. Key grouping can be used to help manage a large number of Keys. The groups are visible only in the Key user interface. A single Key can belong to only one group and it is currently not possible to create nested groups. **’/
3.1 Overview
The Central Lock makes it possible to build a system consisting of large number of Tosibox Locks and Keys.
3.2 Additional features
Features specic to the Central Lock can be found here.
Translation of networks with identical addresses. Using 1. this feature it is possible to translate real IP addresses of
the Lock and its LAN devices to different, congurable IP
addresses. This feature enables using the same IP address range for several Locks so that the Locks and their devices can be used simultaneously with the Central Lock or a Key.
Audit log data collection and connection monitoring. The 2. Central Lock collects log data about the events of serialized Locks. This feature logs the events of the Central Lock itself and also the events of any serialized Locks and sub Locks. Log collection and monitoring can be enabled from the Settings -> Industry settings view of both the Central Lock and the Locks that are expected to report events. Only Locks from which log data is desired should have the logging enabled.
Connection monitoring and alerts. The Central Lock can be 3. set to send email alerts for connections being established and closed. The alerts can be set for any or all serialized Locks. Activating alerts does not require any additional services and can be done from the Settings -> Alerts view.
In other respects the functionality and usage of the Central Lock is identical with other Lock devices in the Tosibox product family. Please see Lock documentation for more detail.
3.3 System
Central Lock allows using up to 4000 serialized Locks and Keys simultaneously. First the Key is serialized with all Locks to be connected. The serialization process is presented in the Key and Lock User Manual. Serializing a Key to the Central Lock is carried out in the same way, but during the process
the connection type is dened as L2 or L3. In the case of a L2
connection, a Lock to Sub Lock relationship is created, which means that both Locks are in the same network. Selecting L3 creates a routed connection where the Lock and the Central Lock have their own IP sub networks. If the L3 connection is chosen, the Key connection type must also be L3. Every serialized Key uses a bridged (L2) or routed (L3) connection.
The bridged Key connection allows access to a specic LAN
network only. The routed L3 Key connection allows the selection of multiple LAN networks that are bound and routed.
The desired connection type is selected in the Web user interface by clicking the Edit Tosibox Devices button. The default connection type for Keys serialized to a Central Lock is L3. More Keys to the Central Lock can be serialized in the same way as they are to a Lock.
4. Web User Interface
You can login to the Central Lock Web user interface with an Internet browser using any LAN port address that your computer belongs to or by using address http://172.17.17.17 when directly plugged in to the service port. There is a single access level, admin, and the default password has been delivered along with the installation of the Central Lock.
4.1 Status view
The Status view presents basic information about the
network conguration and all serialized Locks, Keys and
network devices.
Clicking Show/hide IP ranges either shows or hides information about static and dynamic IP address ranges of the LAN network. New devices are added either manually by clicking the New network device button or automatically by clicking the Scan for LAN devices button, which searches for all the devices inside the LAN networks of the Central Lock. The network device list can be cleared by clicking Remove all devices.
The Edit Tosibox devices button (located near the bottom) opens a view where you can rename items, prevents access to key connected devices that are connected to a Lock’s
network, select an L2 or L3 connection type, dene a static
IP address for the Key and select LAN(s) accessible by the Key. **
4.2 Settings view
The Settings tab makes it possible to change the password of the admin account, restart the Central Lock, remove all the serializations of the Central Lock, change the industrial settings, set email alarms and update the software.
The industrial setting makes it possible to:
Change automatic discovery of the LAN devices
»
Allow remote support from Tosibox Ltd. » Enable logging » Prevent network device access to the Internet » Prevent VPN access from Tosibox to the Mobile Client »
Prevent trafc between the Sub Locks serialized to the »
Central Lock
Limit LAN device trafc to certain MAC or IP addresses
»
Force computers using the Key to route all Internet »
trafc through the Central Lock
4.3 Network view
The Central Lock network settings can be edited in the Network tab. The Interfaces view shows the settings for LAN and Internet connections. A section inside the LAN
interface allows for DCHP server conguration. The Static routes view displays all congured static routes.
In the Routes and MACs view there are all the routes and MAC addresses known by the Central Lock. The
DHCP view lists active DCHP leases of the Central Lock
and IP addresses bound to the MAC address.
4.4 Logs view
The Logs tab contains the log events from the Central Lock and its serialized locks. Log events can be
ltered by event type, text match and date. Logging is congured via Central Lock’s Settings -> Industry
settings view and from the same view of the serialized Locks.
5. Maintenance Instructions
5.1 Checklist for different situations
The Key’s connection window does not show the connections:
The computer is not connected to the Internet.
»
The Key is not serialized to the Lock.
»
The Lock does not have an Internet connection or is not
»
connected to the Tosibox AC adapter
The Lock connection in the window remains yellow:
The Key has found a Lock, but a VPN connection has not
»
yet been established.
The Internet browser opened by the Key does not show the device connections or the Lock connection in the window remains red:
Make sure the controlled devices are connected to the
»
Lock. In case the controlled device is connected to the Lock
»
wirelessly, use the Ethernet Service Port to Log in to the Lock. Check that the wireless connection is
»
enabled and that the Lock and the Controlled device has the same password and encryption settings.
Make sure the controlled device has a DHCP-service. If not,
»
add the device in the device list of the Lock and specify the IP-address of the device.
6. Central Lock Use Case examples
Infoscreens
Car washing machine
Customer
(Mobile Client)
Customer
(Sub key)
Tosibox
Central Lock
Service person
(Master Key)
Tosibox Lock #3
Tosibox Lock #2
Tosibox Lock #1
Internet
Infoscreen #1
Infoscreen #2
Infoscreen #3
Tosibox
Central Lock
Tosibox Lock #3
Tosibox Lock #2
Tosibox Lock #1
Internet
Car washing
machine #1
Car washing
machine #1
Car washing
machine #1
Control room
Production line
Service people worldwide
Remote users
Tosibox Key
Lock serializing and
naming in production
Tosibox
Mobile Client
Remote user
(customer)
Central Locks on multiple sites
Offi ce HQ
Tosibox Central Lock Sweden
Service co #1
Tosibox Lock #5
Tosibox Lock #6
Tosibox Lock #4
Tosibox Lock #3
Tosibox Lock #2
Tosibox Lock #1
Internet
Service co #2
Service co #3
Remote users worldwide
Tosibox Central Lock Finland
Multiple customer croups
Internet
Sub Key
Sub Key
Customer
Group 2
Customer
Group 1
Offi ce/HQ
Sub Key
Sub Key
Master backup
Key
Sub Key
Company X
Layer 3
7. Technical Data 8. Glossary
Properties
One 1 Gbit/s WAN ports
»
Four 1 Gbit/s LAN ports
»
Over 700 Mbit/s encryption throughput
»
1000 concurrent remote connections per LAN network
»
Encryption and authentication PKI, 1024/2048 bit RSA
»
Data encryption TLS, Blowsh-128-CBC/AES-256-CBC
»
Physical properties:
1U (rack unit) for19” rack cabinet (rack rails included)
»
Length 430 mm / width 483 mm / height 43 mm
»
Environmental conditions:
Operational temperature +10... +30
»
Humidity 20% ... 80% non-condensing
»
Power consumption max 250 W
»
Input voltage 90 ... 264 V AC
»
Input frequency 47 --- 63 Hz
»
DHCP
Dynamic Host Conguration Protocol
Gbit/s
Gigabits per second
Hz
Hertz
IP
Internet Protocol
LAN
Local Area Network
LED
Light-Emitting Diode
Mbit/s
Megabits per second
mm
Millimetre
PKI
Public Key Infrastructure
TLS
Transport Layer Security
USB
Universal Serial Bus
V
Voltage
VPN
Virtual Private Network
W
Watt
WAN
Wide Area Network
L2
Layer 2, bridged connection type
L3
Layer 3, routed connection type
Loading...