Tosibox Central Lock Instruction Manual

Tosibox Central Lock Instruction Manual

EASY QUICK SECURE

v1.4 English

The benets of Tosibox

Take in use only in 5 minutes

High sophisticated information

security

Flexible and scaling architecture

Operates trustworthy in all internet

interfaces

1. Introduction 2. Setup

The purpose of this document is to illustrate the
deployment of Tosibox Central Lock and its most
important properties. The creation and administration
of Keys for Central Lock and the user interface are also
presented here.

Please note that this document concentrates only on the
properties of Central Lock. The basics of Key and Lock
products are explained in the Key and Lock user manual.

1.1 Central Lock in brief

The Central Lock operates on the same basic properties as
the Lock, but has better throughput and encryption capacity.
This allows the building of large-scale systems that provide
simultaneous access to as many as 4000 Locks and Keys and
the devices behind them.

The Central Lock also has three additional features not found
in the Lock, but are usually needed in more complex network
systems. These are:

Concurrent usage of sites with overlapping IP addresses

»

Collecting audit log data »
Monitoring and alert services to detect and notify the user »

about connection problems

Basic requirements

The deployment of Central Lock has a few basic requirements
to operate. It needs:

A wired network1.
One non-rewalled public IP-address2.
An Internet connection with speed of at least 10/10 Mbit/s.3.

Physical installation

After the basic requirements of deployment are met, you can
start the physical installation of the Central Lock. Please check
that the following items are included in the sales package:

Ethernet cable – RJ45, 1 m1.
Power cord2.
Extension power cord3.

The steps of physical installation:

Proper mechanical mounting of device1.
Plugging in the power cord2.
Connecting the network cable to the WAN port of the 3.

Central Lock

Serialization

Powering on the Central Lock starts the deployment. After 2
minutes, the Key can be inserted to the Central Lock’s USB port.
Once the LED light in the Key stops blinking, the serialization is
completed and the Key can be removed from the Central Lock.

Conguration

Conguring the Central Lock is done from the Web user

interface (see chapter Web User Interface). The Internet

connections for the Central Lock are congured in the WAN

settings of the Network tab. The protocol can be set to a

xed IP-address or a DHCP-client, in which case the address is
fetched from a DHCP server. By assigning the protocol to the

static address, the IP-address and subnet mask are written to

the elds below. When a static address is used, it is important

to set the address of the domain name server.

Deployment

After the serialization and conguration are done, the

deployment of Central Lock is completed and Locks, Keys and
network devices can be added to the system.

3. System Description

3.4 Connecting Central Lock to LAN

The Central Lock can be connected to an existing LAN network
in two ways. It can be used as a router or it can be connected
alongside an existing router. ** If the Central Lock is used as a

router, a DHCP server must be assigned to the specic LAN. In

this situation the remote sites can be accessed from the LAN
network of the Central Client. In the other situation, when the

Central Lock is not acting as a router, the DHCP server is usually

disabled. In this case, accessing remote sites requires opening
a Key connection to the Central Lock or static routes must be

congured to the user’s computer.

3.5 Administration of Keys

It is possible to create a backup from a Key serialized to the
Central Lock (see Lock and Key manual). Serializing new Sub
keys also works in the same way as other Tosibox products. The
Backup and Sub Keys of the Central Lock can be administrated
from the Key user interface through the Manage Keys menu.

The Master Key has full privileges and it can be used to
serialized additional Keys to Locks for deployment. An empty

Key that is rst serialized with a Lock becomes the Master Key

for that Lock, and additional Master Keys can be created with
the Key backup function.

A sub Key has restricted rights and it cannot be used to serialize
additional Keys nor take new Locks into use. Key grouping can
be used to help manage a large number of Keys. The groups
are visible only in the Key user interface. A single Key can
belong to only one group and it is currently not possible to
create nested groups. **’/

3.1 Overview

The Central Lock makes it possible to build a system consisting
of large number of Tosibox Locks and Keys.

3.2 Additional features

Features specic to the Central Lock can be found here.

Translation of networks with identical addresses. Using 1.
this feature it is possible to translate real IP addresses of

the Lock and its LAN devices to different, congurable IP

addresses. This feature enables using the same IP address
range for several Locks so that the Locks and their devices
can be used simultaneously with the Central Lock or a Key.

Audit log data collection and connection monitoring. The 2.
Central Lock collects log data about the events of serialized
Locks. This feature logs the events of the Central Lock
itself and also the events of any serialized Locks and sub
Locks. Log collection and monitoring can be enabled from
the Settings -> Industry settings view of both the Central
Lock and the Locks that are expected to report events.
Only Locks from which log data is desired should have the
logging enabled.

Connection monitoring and alerts. The Central Lock can be 3.
set to send email alerts for connections being established
and closed. The alerts can be set for any or all serialized
Locks. Activating alerts does not require any additional
services and can be done from the Settings -> Alerts view.

In other respects the functionality and usage of the Central
Lock is identical with other Lock devices in the Tosibox product
family. Please see Lock documentation for more detail.

3.3 System

Central Lock allows using up to 4000 serialized Locks and
Keys simultaneously. First the Key is serialized with all Locks
to be connected. The serialization process is presented in the
Key and Lock User Manual. Serializing a Key to the Central
Lock is carried out in the same way, but during the process

the connection type is dened as L2 or L3. In the case of a L2

connection, a Lock to Sub Lock relationship is created, which
means that both Locks are in the same network. Selecting L3
creates a routed connection where the Lock and the Central
Lock have their own IP sub networks. If the L3 connection
is chosen, the Key connection type must also be L3. Every
serialized Key uses a bridged (L2) or routed (L3) connection.

The bridged Key connection allows access to a specic LAN

network only. The routed L3 Key connection allows the selection
of multiple LAN networks that are bound and routed.

The desired connection type is selected in the Web user
interface by clicking the Edit Tosibox Devices button. The
default connection type for Keys serialized to a Central Lock is
L3. More Keys to the Central Lock can be serialized in the same
way as they are to a Lock.

4. Web User Interface

You can login to the Central Lock Web user interface
with an Internet browser using any LAN port address
that your computer belongs to or by using address
http://172.17.17.17 when directly plugged in to the service
port. There is a single access level, admin, and the default
password has been delivered along with the installation of
the Central Lock.

4.1 Status view

The Status view presents basic information about the

network conguration and all serialized Locks, Keys and

network devices.

Clicking Show/hide IP ranges either shows or hides
information about static and dynamic IP address ranges of
the LAN network. New devices are added either manually
by clicking the New network device button or automatically
by clicking the Scan for LAN devices button, which searches
for all the devices inside the LAN networks of the Central
Lock. The network device list can be cleared by clicking
Remove all devices.

The Edit Tosibox devices button (located near the bottom)
opens a view where you can rename items, prevents access
to key connected devices that are connected to a Lock’s

network, select an L2 or L3 connection type, dene a static

IP address for the Key and select LAN(s) accessible by the
Key. **

4.2 Settings view

The Settings tab makes it possible to change the password
of the admin account, restart the Central Lock, remove all
the serializations of the Central Lock, change the industrial
settings, set email alarms and update the software.

The industrial setting makes it possible to:

Change automatic discovery of the LAN devices

»

Allow remote support from Tosibox Ltd. »
Enable logging »
Prevent network device access to the Internet »
Prevent VPN access from Tosibox to the Mobile Client »

Prevent trafc between the Sub Locks serialized to the »

Central Lock

Limit LAN device trafc to certain MAC or IP addresses

»

Force computers using the Key to route all Internet »

trafc through the Central Lock

4.3 Network view

The Central Lock network settings can be edited in the
Network tab. The Interfaces view shows the settings for
LAN and Internet connections. A section inside the LAN

interface allows for DCHP server conguration. The
Static routes view displays all congured static routes.

In the Routes and MACs view there are all the routes
and MAC addresses known by the Central Lock. The

DHCP view lists active DCHP leases of the Central Lock

and IP addresses bound to the MAC address.

4.4 Logs view

The Logs tab contains the log events from the Central
Lock and its serialized locks. Log events can be

ltered by event type, text match and date. Logging
is congured via Central Lock’s Settings -> Industry

settings view and from the same view of the serialized
Locks.

5. Maintenance Instructions

5.1 Checklist for different situations

The Key’s connection window does not show the
connections:

The computer is not connected to the Internet.

»

The Key is not serialized to the Lock.

»

The Lock does not have an Internet connection or is not

»

connected to the Tosibox AC adapter

The Lock connection in the window remains yellow:

The Key has found a Lock, but a VPN connection has not

»

yet been established.

The Internet browser opened by the Key does not show the
device connections or the Lock connection in the window
remains red:

Make sure the controlled devices are connected to the

»

Lock.
In case the controlled device is connected to the Lock

»

wirelessly, use the Ethernet Service Port to
Log in to the Lock. Check that the wireless connection is

»

enabled and that the Lock and the Controlled device has
the same password and encryption settings.

Make sure the controlled device has a DHCP-service. If not,

»

add the device in the device list of the Lock and specify the
IP-address of the device.

6. Central Lock Use Case examples

Infoscreens

Car washing machine

Customer

(Mobile Client)

Customer

(Sub key)

Tosibox

Central Lock

Service person

(Master Key)

Tosibox
Lock #3

Tosibox
Lock #2

Tosibox
Lock #1

Internet

Infoscreen #1

Infoscreen #2

Infoscreen #3

Tosibox

Central Lock

Tosibox
Lock #3

Tosibox
Lock #2

Tosibox
Lock #1

Internet

Car washing

machine #1

Car washing

machine #1

Car washing

machine #1

Control room

Production line

Service people worldwide

Remote users

Tosibox Key

Lock serializing and

naming in production

Tosibox

Mobile Client

Remote user

(customer)

Central Locks on multiple sites

Offi ce HQ

Tosibox
Central Lock
Sweden

Service co #1

Tosibox
Lock #5

Tosibox
Lock #6

Tosibox
Lock #4

Tosibox
Lock #3

Tosibox
Lock #2

Tosibox
Lock #1

Internet

Service co #2

Service co #3

Remote users worldwide

Tosibox
Central Lock
Finland

Multiple customer croups

Internet

Sub Key

Sub Key

Customer

Group 2

Customer

Group 1

Offi ce/HQ

Sub Key

Sub Key

Master backup

Key

Sub Key

Company X

Layer 3

7. Technical Data 8. Glossary

Properties

One 1 Gbit/s WAN ports

»

Four 1 Gbit/s LAN ports

»

Over 700 Mbit/s encryption throughput

»

1000 concurrent remote connections per LAN network

»

Encryption and authentication PKI, 1024/2048 bit RSA

»

Data encryption TLS, Blowsh-128-CBC/AES-256-CBC

»

Physical properties:

1U (rack unit) for19” rack cabinet (rack rails included)

»

Length 430 mm / width 483 mm / height 43 mm

»

Environmental conditions:

Operational temperature +10... +30

»

Humidity 20% ... 80% non-condensing

»

Power consumption max 250 W

»

Input voltage 90 ... 264 V AC

»

Input frequency 47 --- 63 Hz

»

DHCP

Dynamic Host Conguration Protocol

Gbit/s

Gigabits per second

Hz

Hertz

IP

Internet Protocol

LAN

Local Area Network

LED

Light-Emitting Diode

Mbit/s

Megabits per second

mm

Millimetre

PKI

Public Key Infrastructure

TLS

Transport Layer Security

USB

Universal Serial Bus

V

Voltage

VPN

Virtual Private Network

W

Watt

WAN

Wide Area Network

L2

Layer 2, bridged connection type

L3

Layer 3, routed connection type