TRENDnet TK-IP101 User Manual

TK-IP101 User Guide R1.2

About this manual

This User Guide is the complete reference to the TK-IP101, its functional features and usage.
The Complete User Guide could be found only on the TK-IP101 Support CD-ROM disc.

TK-IP101 documentation List

Quick Installation Guide Print-out / TK-IP101 support CD-ROM disc
User Guide TK-IP101 Support CD-ROM disc
How to generate your own set of Certificates TK-IP101 Support CD-ROM disc

FCC Statement

This equipment has been tested and found to comply with the regulations for a Class B digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy and, if
not installed and used in accordance with this User Guide, may cause harmful interference to
radio communications. Operation of this equipment in a residential area is likely to cause harmful
interference in which case, the user will be required to correct the interference at his/her own
expense.

CE Statement

This is a Class B product in a domestic environment, this product may cause radio interference,
in which case the user may be required to take adequate measures.

- -

2

TK-IP101 User Guide R1.2

TABLE OF CONTENTS

1 INTRODUCTION .............................................................................................................................. 1

1.1 PRIMARY FEATURES .................................................................................................................... 4

General features ............................................................................................................................. 4

TCP/IP remote connection .......................................................................................................... 4

Thin-client Viewer Program ........................................................................................................ 4

Hi-Speed PPP Connection ............................................................................................................ 4

Power ON-OFF Control Support ................................................................................................ 5

Security .............................................................................................................................................. 5

User Management .......................................................................................................................... 5

1.2 SYSTEM ARCHITECTURE ............................................................................................................ 6

1.3 TK-IP101 EXTERNAL VIEWS .................................................................................................... 7

TK-IP101 Front View ...................................................................................................................... 7

TK-IP101 Rear View ....................................................................................................................... 8

TK-IP101 Power Socket ................................................................................................................ 8

2 TK-IP101 INTALLATION ................................................................................................................ 9

2.1 PHYSICAL CONNECTIONS .......................................................................................................... 9

2.2 CONFIGURE YOUR SERVERS FOR CONNECTIONS TO TK-IP101 ......................................... 10

2.3 MORE TIPS FOR SERVER DESKTOP CONFIGURATION ........................................................... 12

2.4 CONFIGURE TK-IP101 NETWORK SETTINGS ....................................................................... 14

2.5 CONFIGURE PORT BASE SETTING FOR TK-IP101 ................................................................. 16

2.6 CONFIGURE YOUR FIREWALL/ROUTER FOR ACCESSING TK-IP101 ACROSS INTERNET ..... 18

2.7 INSTALL CERTIFICATES ON TK-IP101 .................................................................................. 19

3 MAKING A VIEWER CONNECTIO N ......................................................................................... 24

3.1 INSTALL WIN32 VIEWER ON THE CLIENT COMPUTER .......................................................... 24

3.2 INSTALL JAVA VIEWER ON THE CLIENT COMPUTER ................................................................ 24

3.3 IMPORT CERTIFICATES TO TK-IP101 VIEWER ON THE CLIENT COMPUTER ......................... 25

Import client certificate to Win32 Viewer ........................................................................... 26

Import the certificates for the Java-based TK-IP101 Viewer ....................................... 26

3.4 SPECIFY THE VIEWER CONNECTION OPTION BEFORE MAKING A CONNECTION ................. 26

ENCODING ............................................................................................................................................... 27

LOCAL CURSOR SHAPE .......................................................................................................................... 27

MISC ........................................................................................................................................................ 27

DISPLAY................................................................................................................................................... 27

3.5 ESTABLISH THE VIEWER CONNECTION .................................................................................... 27

3.6 MOUSE CURSORS SYNCHRONIZATION ................................................................................... 29

3.7 SAVE THE CONNECTION OPTIONS .......................................................................................... 30

3.8 WIN32 VIEWER CHARACTERISTICS ....................................................................................... 30

3.9 TITLE BAR INFORMATION ........................................................................................................ 34

3.10 THE SELECT COMPUTER BOX ................................................................................................... 34

3.11 VIEWER QUICK MENU .............................................................................................................. 36

3.12 JAVA VIEWER CHARACTERISTICS ........................................................................................... 40

3.13 COMMON VIDEO DISPLAY PROBLEM TROUBLESHOOTING .................................................... 40

4 TK-IP101 UNIT MANAGEMENT OVER A SECURE HTTPS BRO WSER CO N N E CTION 44

4.1 WEB-BASED MANAGEMENT INTERFACE ................................................................................. 44

4.2 DOWNLOAD – DOWNLOAD PROGRAMS FOR VIEWERS .......................................................... 46

4.3 VIEWER – VIDEO SERVER NAME & KEYBOARD TYPE SETTINGS ......................................... 47

i

TK-IP101 User Guide R1.2

4.4 DATE & TIME – DATE, TIME, GLOBAL TIME ZONE SUPPORT AND NTP SERVER

SYNCHRONIZATION

4.5 VIDEO SERVER – MISCELLANEOUS SETTINGS FOR VIDEO SERVERS .................................. 51

4.6 POWER CONTROL – MISCELLANEOUS SETTINGS FOR VIDEO SERVERS .............................. 53

4.7 COMPUTERS – MISCELLANEOUS SETTINGS FOR VIDEO SERVERS ....................................... 54

4.8 SERVER LOG – LOGGING SERVER EVENTS ............................................................................ 56

4.9 VIDEO MODES – KEEPING, MODIFYING AND AUGMENTING YOUR VIDEO MODE DATA
BASE 57

4.10 ALARMS – E-MAIL NOTIFICATIONS AND SNMP LOGGING SUPPORT .................................. 59

4.11 KVMS – KEEPING AND ADDING YOUR KVM DATA BASE .................................................... 63

4.12 LAN TCP/IP – PORT AND IP SETTINGS ............................................................................... 67

4.13 WAN PPP – PPP SERVER AND CLIENT ................................................................................. 69

4.14 USER STATUS – SHOW THE CURRENTLY CONNECTED USERS ............................................. 73

4.15 USER MANAGEMENT – MANAGE USER ACCOUNTS, RADIUS ACCOUNTING AND REMOTE

AUTHENTICATIONS ................................................................................................................................. 74

4.16 SECURITY – CERTIFICATES INSTALLATION, VIEWER ENCRYPTION AND PASSWORD

POLICIES ................................................................................................................................................. 79

4.17 MAINTENANCE – FLASH IMAGE VERSION INFORMATION, SOFTWARE UPGRADE,

CONFIGURATION BACKUP AND UPLOAD ............................................................................................... 83

4.18 LOGOUT – LOG OUT THE WEB MANAGEMENT ................. ERROR! BOOKMARK NOT DEFINED.

4.19 APPLY SETTINGS – VALIDATE NEW SETTINGS ...................................................................... 87

................................................................................................................................. 49

- -

ii

1 INTRODUCTION

The name of TK-IP101 is derived from an acronymic combination from it full
name, 1-Port KVM Switch over IP
powerful machine in itself. Though lightweight in size and compact in form factor,

TK-IP101 is nevertheless a heavy-weight in its functional versatility, rock-solid

robustness and formidable security. It supports full 1024-bit PKI authentication,
256-bit SSL data encryption, LDAP, RADIUS as well Active Directory authenticat
and RADIUS

Dominant yet cost-effective solution for remote server management
scenarios

With the ubiquity of the DSL/Cable technology and the bandwidth availability
therewith, the IP-based KVM technology has emerged as a dominant player in the
new landscape of remote servers management. Today, the IP-based KVM Extender
has been regarded as a better and more cost-effective solution to address the critical
issue of remote servers management, which could only be partially tacTK-IP101d in
the past by expensive yet redundant software solutions or Enterprise Management

System. And TK-IP101 is a robust and versatile solution to address the needs of

modern remote server management scenarios.

Total server control from BIOS level up anytime anywhere

TK-IP101 gives users total control from preboot stage such as the BIOS-level CMOS
setting up to the GUI applications and daily maintenance routines such as power

cycling (power control unit required). And all these could be nicely done on your
admin desk using an ordinary web-browser management interface and a thin-client
software viewer. All you need for accessing your computer is to login the TK-IP101
and download the viewer program and get yourself connected to a whole bunch of
servers in seconds. A truly anytime anywhere access for the server administrator!

Versatile backup connection featuring a PPP Server or PPP Client

To provide the necessary redundancy of a second backup system while your network
might no longer works in critical situation, TK-IP101 also allows an easy and
convenient PPP connection over the dial-in modem phone line. It could serve as a
PPP server to accept a peer computer to make PPP connection request over either a
direct cable connection or a dial-in modem phone line. On the other hand, TK-IP101
could also serve as a PPP client to dial-in to your ISP or enterprise PPP server to
connect to internet, making a truly anytime access for remote client anywhere on
the Internet. Thus, the PPP server/client features in TK-IP101 allow users a second
backup system, which offers a direct cable/modem dial-in access to your connected
servers via PSTN while your network is down.

accounting.

, which well explains the functionality of this

ion

- -

1

TK-IP101

Edge of critical Advantage over other remote server management solution

The advantages of using TK-IP101, as compared to the conventional software

remote control solution is that: The hardware-based remote control solution such as
TK-IP101 is able to access the server regardless of the server states while software
remote control solution is non-functional while the server is still in the POST or
preboot stage or in a “blue screen of death”. TK-IP101 also offers power on/off
alternatives if used with a remote power control unit.

Rock-solid stability and ultra-security yet with flexibility and convenience to
use

The TK-IP101 distinguishes itself among its peer products not only in its rock-solid
stability in durable performance, but also in its industry-standard security features
such as full 1024-bit PKI Authentication and 256-bit SSL data encryption. Together
with 3 levels of viewer connection security levels in combination with 3 types of
password policies and three categories of user privileges, all these make TK-IP101 a
ultra-powerful IP Extender machine with ultra-flexibility for a customized balance
between data safety and user convenience. On the other hand, the robustness and
the ease of maintenance of the embedded systems involve zero costs for the unit
management and maintenance.

Global Time Zone and Timer Servers Support

To make TK-IP101 really comfortable with all the global time zones it will be
deployed in, it is vital to provide a convenient Global Time Zone support since it will
give a correct time stamp to all logging events, alert e-mail notifications and won’t
leave server administrators in troubles with calculating the time differences he will
inevitably encounter with servers in different time zones. Additionally, TK-IP101 also
supports NTP time servers and keep its time always sync with the timer servers you
specify. The TK-IP101 is even sophisticated enough to take care of the daylight
saving time in each and every Time Zone/Region, thus saving troubles for updating
time frame with daylight saving specifics every six months.

Upgrade and Configuration Backup is just a breeze

TK-IP-101 is fully Web-enabled to allow software upgrade and configuration
upload/backup over the Web Management Interface. All you need to do is to upload
the files to TK-IP-101 over Web interface and voila it’s freshly restarted and begins

- -

2

working with those latest update functionalities and features-all within minutes and
can be performed across oceans-by a remote SUPERADMIN!

Advantages Galore

With TK-IP101, the server administrator can access enterprise server room or data
center on his own seat without toils and troubles of going anywhere from across the
street to oversea. And organizations can enjoy a uniquely centralized and very cost­effective control over its dispersed servers in different branch offices, even around
the world, thus saving money for outsourcing costs.

- -

3

1.1 Primary features

General features

▪ Full-featured IP-based Remote Control Solution for server management
▪ Provides remote control for several servers when connected to a conventional

KVM Switch

▪ Simultaneous access from multiple users
▪ No user limitation
▪ Facilitate centralized control
▪ Total control over the remote server from BIOS level up to GUI applications
▪ Remote Power On/Off support
▪ Total transparency of control
▪ Ultra-security using full 1024-bit PKI Authentication / 256-bit SSL encryption
▪ Work with LDAP / RADIUS / Active Directory Servers
▪ Ethernet 10/100 and serial PPP connections

TCP/IP remote connection

▪ Web Management Interface for all settings and upgrade/backup features
▪ Support Telnet session and FTP service (disabled by default for more security)

Thin-client Viewer Program

▪ Win-32 viewer and Java viewer for cross-platform compatibility
▪ Connection options configurable for optimized performance
▪ Shared, Non-Shared and View Only sessions
▪ Easy download and installation
▪ Multiple viewer instances can be run on a same client computer
▪ Automatic video optimization

Hi-Speed PPP Connection

▪ PPP Connection support over serial RS-232 interface up to 1 Mbps
▪ PPP server enabling for PPP connection across a pair of modems for secure or

backup direct access

▪ PPP client enabling for PPP connection to the internet with a modem

- -

4

Video server

▪ Support up to 1280 x 1024 @ 60 Hz resolution
▪ 8/16-bit color
▪ 3 Video Quality settings
▪ 3 Video Compression schemes
▪ 8-bit color reduction
▪ JPEG Compression option for low bandwidth internet connections
▪ Configurable database to set up new or unknown VGA modes
▪ Virtually compatible to any KVM Switch through simple configuration

Power ON-OFF Control Support

▪ Remote power ON-OFF control over serial interface
▪ Serial commands configurable to fit all serial power control devices
▪ Power ON-OFF privilege only for the SUPERADMIN users

Security

▪ 1024-bit Public key Authentication using certificates generated by an external CA
▪ 256-bit SSL Encryption for keyboard, mouse and video signal transmissions
▪ Remote authentication support for LDAP or RADIUS servers
▪ RADIUS accounting support
▪ 3 SSL security levels :

o No authentication – No encryption
o Server Authentication – SSL encryption
o Server & Client authentication – SSL encryption

▪ 3 password policies :

o No Password
o One global password for all users
o One different password for each user

▪ Linux operating system offers robust virus resistance

Alarms and Notifications

▪ Alert e-mail notification and SNMP trap messages for critical server events such

as No Video, Blue Screen and NumLock Test Failure

User Management

▪ User login either by querying the local user database or by connection to remote

LDAP or RADIUS server

▪ 3 user privileges :

o SUPERADMIN – to access complete set of management features and
o ADMIN – partial set of management and all user features

o USER – only user features

Global Time Zone Support

▪ Time support for all continents and major cities
▪ Time synchronization by connection to any NTP time servers
▪ Automatic Daylight Saving management

user features, including Power ON-OFF remote servers

- -

5

1.2 System Architecture

The TK-IP101 is based on an embedded Linux platform for computing power and
rugged stability. The TK-IP101 employs a High speed Processor to ensure excellent
video quality and fast keyboard / mouse response across the Internet, even when
bandwidth availability is limited.

LAN/WAN Configurations

TK-IP101 connected to a single server

- -

6

1.3 TK-IP101 External Views

TK-IP101 Front View

TK-IP101 Front-panel

PS/2 Keyboard port
This is where you connect the PS/2 keyboard for local console.

PS/2 Mouse port
This is where you connect the PS/2 mouse for local console.

Console Management Port (RJ-12)
This is where you connect the serial console cable for advanced console
management of TK-IP101 unit via a serial terminal emulation utility such as
Windows HyperTerminal.

Status LEDs

The 10/100Mbps LED is lit as solid orange when the current digital link is running on

100Mbps speed.

The Link/Act LED gives off solid green light when a network link is established and

flashes whenever network transmission are perceived on the digital port.

The Power LED indicates the Power On status when it is lit as solid green.
The Video LED indicates the normal functioning of video server when it is blinking.

Restore-to-Default Button

The Restore-to-Default button is a tiny recessed button located to the right of the

LED indicators, and can only be accessed by prying down with a pointed needle tip.
To depress the recessed button for over 4 seconds, and upon release, it will restore
TK-IP101 to factory default – the default IP settings and user account settings that
come with factory default settings.

- -

7

TK-IP101 Rear View

TK-IP101 Rear Panel

PC/KVM port (HDB-15, integrated with PS/2 Keyboard and mouse signals)
The PC port connector is where you should connect to either a single PS/2 computer

or a single PS/2 KVM Switch, using the 3-in-1 slim KVM cables w/ an integrated
HDB15 connector. However, if you are using USB-enabled computer or USB KVM
Switch, you should additionally use a USB cable to connect to a USB port on your
computer for keyboard/mouse connection.

Monitor Port (HDB-15)
This is where you should plug in the Monitor for your local console on TK-IP101.

USB port (USB Type B)
This USB port provides USB keyboard/mouse connections to a USB-enabled PC, or to
a USB KVM Switch. Thus, if you are connecting any USB-enabled PC or USB KVM
Switch, please use a USB cable to make the connection.

Ethernet Port (RJ-45)
The Ethernet port, or digital port, offers anytime anywhere access of TK-IP101 and
subsequently the conventional KVM Switch(es) and servers/computers connected
behind it to the remote login clients lover LAN/Internet.

Serial Control Port (RJ-12)
The serial control port allows you to connect to either an external modem or a power

control unit or to a cascaded chain of power control units. When added with an
external modem to its serial control port, TK-IP101 could serve either as a PPP
server to allow direct cable connection or dial-in connection from its peer computers,
or as a PPP client to dial-in to the ISP or an enterprise PPP server. Furthermore,
through serial commands sent over its serial control port, TK-IP101 can perform
remote power on/off and power cycling task via the (cascaded) power control
module(s).

TK-IP101 Power Socket

You should use the DC9V 2A Adapter provided within the package. Use of any other
adapter will nullify the warranty.

- -

8

2 TK-IP101 INTALLATION

2.1 Physical Connections

Step 1. Power on the TK-IP101: Connect the TK-IP101 Power adapter and power

on TK-IP101.

Step 2. Set up a local console on TK-IP101: If a local console (that is a physical

keyboard, mouse and monitor connected to the TK-IP101) is required, connect the
keyboard and mouse to the TK-IP101 local console ports (that is keyboard, mouse
and monitor port specifically).

Step 3-a. Single Server Mode: If you need to connect to only one

computer/server. Just connect to the PC/KVM port directly to the PC, using the 3-in­1 Slim KVM combo cable and/or the USB cable that come with the TK-IP101 packing
box.

TK-IP101 configuration – Single server mode

- -

9

Step 3-b. Multiple Server Mode: If you need to connect to multiple

computers/servers, you should use a KVM switch in between the TK-IP101 and your
connected computers/servers. Just connect to the PC/KVM port o the console port of
your KVM switch using the 3-in-1 Slim KVM combo cable and/or the USB cable (if it
is a USB KVM switch) that come with the TK-IP101 packing box. And the KVM switch
will in turn be connected to the multiple computers/servers.

Now that you have set up your local console on TK-IP101, you can now configure
your connected servers just by using the ready access provided by TK-IP101’s local
console.

2.2 Configure Your Servers for Connections to TK-IP101

Mouse acceleration is not supported in TK-IP101. Therefore, you must turn off
mouse acceleration on all your connected servers.

Turn off mouse acceleration & “Snap to” option

Windows XP Platform

Access Control Panel/Mouse. On the Mouse Properties tab, select the Pointer Options

page :

1. Adjust the pointer speed slide bar to the exact middle.

2. Uncheck the Enhance pointer precision option.

3. Uncheck the Automatically move pointer to the default button in a
dialog box

Click OK.

Windows 2000 Platform

Access Control Panel/Mouse. On the Mouse Properties tab, select the Pointer Options

page :

1. Adjust the pointer speed slide bar to the exact middle

2. Select the Acceleration as None

- -

10

3. Uncheck the Move pointer to the default button in dialog box

Click OK.

Windows 98

Access Control Panel/Mouse. On the Mouse Properties tab, select the Motion page.
Under the Pointer Speed category:

1. Adjust the pointer speed slide bar to the slowest (leftmost) position.

Click OK.

The mouse setting page on different Windows platforms might be quite different, some gives mouse
acceleration option and some don’t. If you see any mouse acceleration option, please uncheck it. If there is
no mouse acceleration available on the setting page, you can adjust the mouse speed slide bar to either x1 or
the slowest position (such as on Linux platforms). But sometimes, it requires a middle position on the speed
slide bar to make mouse synchronization on the viewer side, for example, Windows XP requires a middle
position on mouse speed. Anyway, the worst case is that you have to make some trial and error to make your
mouse acceleration off and the speed as x 1 (could be at the slowest position or the middle position).

- -

11

D D D D

D

D D

D D D

D

D

D D D

D D D

2.3 More Tips for Server Desktop

Configuration

There are several aspects that have to be taken into consideration and maybe
configured on your computers or servers for best performance:

(1) Resolution modes should refrain from too much peculiarity and better

adopt ones that are within TK-IP101’s standard support.

(2) Turn off the Menu special transition effects on your operating system

(especially on Windows XP, if you are using any) such as fade for best

video refreshing effect, especially when you are using Medium or Low
Video Quality as your video filter setting on TK-IP101.

(3) Adjust the server desktop backgrounds as containing preferably plain,

solid colors with simple designs (only for improving video refreshing
speed when bandwidth is critically limited. No need to do so when
bandwidth is ample)

Configure Display Resolution on your Server

TK-IP101 supports most display modes up to 1280 x 1024. However, you might encounter some
display problems when your display card is outputting an unusual display mode. These possible problems
are either no video or abnormal display on viewer screen.

To simplify the display factor before connection to TK-IP101, we suggest you use more standard display
modes such as: 800 x 600 @ 72Hz/75Hz, 1024 x 768 @ 72Hz/75Hz, etc. For the suggested display modes,
please refer to the following table.

640 x 400 640 x 480 800 x 600

56Hz
60Hz
61Hz
64Hz
70Hz
72Hz
74Hz
75Hz
76Hz
78Hz
84Hz
85Hz

100Hz

Note: These are suggested display modes for server desktop connected TK-IP101. However, the actual feasible display
modes for as specific server desktop will be dependent on its display card. Some display modes listed here might not be
feasible with some display card. Try to do some trials to determine the best display mode for your desktop on TK­IP101 viewer.

Disable special transition effects on the screen outputs of your connected servers

Go to Control Panel/ Display / Appearance / Effects. And then uncheck the option to disable transition
effects such as Fade for the menus and tool tips. You should perform the same check on each of your
connected servers.

D

D

1024 x

768

D

1152 x

864

1280 x

1024

D

- -

12

On Windows platforms such as Windows 98, 2000, XP and 2003 Server, some transition effects might
yield undesirable video refreshing artifacts, especially when you are using Medium or Low Video Quality as
your video filter settings. To avoid undesirable artifacts from appearing on your screen, please turn off the
special transition effects.

Choose plain and solid server desktop backgrounds for your connected servers.

To optimize the bandwidth efficiency and speed up video performance across
bandwidth-limited environment, one should preferably adopt a server desktop which
should be as plain as a color background with a solid and light-colored graphics.
Complex patterns or color gradients should be avoided, if bandwidth is critical in
your application, since they will create more bandwidth demands for their
transmission across internet.

- -

13

2.4 Configure TK-IP101 Network Settings

Step 1. Connect your TK-IP101 to the Ethernet LAN.

The factory default network settings for TK-IP101 are as follows:

IP address: 192.168.1.200
Net mask: 255.255.255.0
Gateway: 192.168.1.254
DNS: 192.168.1.254

Step 2. Access TK-IP101 Web Browser Management interface by typing the following
in the address bar of your browser window on a remote client:

https://192.168.1.200:5908

Step 3. Then a login prompt will ask you for the account name the password. Use
the default account and password:

User Name: superuser

Password: superu

After logging in, you will see the TK-IP101 Web Browser Management Interface.

Internet Explorer 7 users, click “Continue to the website (not recommended)”.

Note: Due to added levels of browser security, Internet Explorers 7 users will see red in the

address bar and a “Certificate Error” warning; this is not an issue with the TK-IP101. This
product will continue to function properly. To avoid this event, please refer to this User’s
Guide for instruction on how to configure security setting and creating certificates

Internet Explorer 7.0 Certificate Error message.

- -

14

Certificate Error in Internet Explorer 7.0 browser.

Step 4. Go to the LAN TCP/IP page on the TK-IP101 Browser Management Interface

and modify your IP settings. Refer to Section 4.11, LAN TCP/IP – Port and IP

Settings.

Step 5. Apply the new setting by clicking Apply Settin gs.

Step 6. Verify TK-IP101’s network connection.
Connect to TK-IP101 by Web Management Interface using the new IP address.
Note that the IP address should be followed immediately by a colon and the port
base +8 for port number,

https://<IP_address>:<PortBase+8>.

For example, if the IP address is 192.168.1.7 and the port base number is 5900,
then you should enter

- -

15

https://192.168.1.7:5908

Remember that it’s a secure SSL encrypted connection, so you should type “https” instead of the usual

“http”. Otherwise, the connection will not be established.

2.5 Configure port base setting for TK-IP101

If you are satisfied with the default port base setting as 5900, you can skip this section.

The default port base for TK-IP101 connection is set at 5900. This means it will use
port 5900 (port base) for viewer connection and port 5908 (port base + 8) for https
web browser connection.

<Port base> – used for viewer connection

<Port base + 8> – used for secure browser connection

However, if you intend to use your own port base setting, just access the Web
Management interface and configure the port base as follows:

For example, if you choose 5970 as your port base, then you have:

5970 – used for viewer connection

5978 – used for secure browser connection

- -

16

Click Submit button and Apply Settings button to validate your new setting.

Now you have installed TK-IP101 within your Local Area Network environment, and
can try to establish a remote viewer connection…

- -

17

2.6 Configure your firewall/router for

accessing TK-IP101 across internet

To allow access to the TK-IP101 behind corporate firewall/router, please configure
the following settings on your firewall/router (not on your TK-IP101):

Step 1. Configure a virtual server on your router: you should configure (or ask

your net admin to configure for you!) a virtual server as mapped to the TK-IP101
local IP address.

Step 2. Open a port range: (<port_base> ~ <port_base_+_9>) both
inbound and outbound for the virtual server: you should open a port range

according to what you have configured as port base for TK-IP101 previously.
Taking previous example, if we configure TK-IP101 as having a port base of 5970,
then we should open port range 5970~5979 ( that is, <port_base> ~ <port_base
+9>) both for inbound and outbound, in which,
<port_base> = 5970 is the TK-IP101 viewer connection port

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

<port_base + 8> = 5978 is the browser SSL connection port
<port_base + 9> = 5979 is for viewer internal communication, etc.

For example:

Router internet IP ÅÆ virtual server (port range open) ÅÆ TK-IP101 local
IP

61.232.134.120 ÅÆ virtual server (port 5970~5979 open) ÅÆ 192.168.1.7

Once you haved configure a virtual server with appropriate port range open

(<port_base> ~ <port_base_+_9>), you can then try to access your TK-IP101

across internet by using in the public IP address and designated port number. For
example, in this case, we have

Browser access: https://

Viewer access: 61.232.134.120:5970

If you have domain name mapping to the public IP address, you can also use the domain
name, for example:

Browser access: https://

Viewer access: www.mycompany.com:5970

Once you have changed the port base of your TK-IP101, you should also modify the open port range on

your router accordingly, if you want internet access to come across.

61.232.134.120:5978

www.mycompany.com:5978

- -

18

2.7 Install Certificates on TK-IP101

You could use the default set of certificates (could be found on CD-ROM) to practice making some
PKI-authenticated connections as long as your network safety is not jeopardized. We advise that it is better to
do the practices within your Local Area Network, which is supposed to be well secured with adequate firewall
and other due precautions against network intrusions. Or if you have already obtained a set of certificates
with the file names and formats required by TK-IP101, you can then use them for TK-IP101 viewer
authentication. However, if you simply use the default set of certificates that comes with TK-IP101, anybody
who has a copy of the default certificates may establish a connection to your servers. . So we strongly
recommend that you obtain your own certificates for TK-IP101 or go forth to generate them using software
like XCA….. For certificate generation using XCA, please refer to

using XCA

First you have to have these certificates ready on your client computers for
uploading to TK-IP101 via a Web browser. If you haven’t obtained your own TK­IP101 certificates, you can use the default set of certificates (could be found on the
TK-IP101 support CD-ROM).

Certificates to be installed on TK-IP101:
(1) the root certificate (root.crt)
(2) the server certificate (server.crt), and
(3) the server private key (serverkey.pem)

Step 1: Access TK-IP101 Web Management Interface and go to the Security page.

(could be found on the TK-IP101 support CD-ROM).

How to Generate TK-IP101 Certificates

Step 2: Click the Browse Button and use the Choose File dialog box to browse to

your certificate files ….

- -

19

Step 3. Click UPLOAD button to upload the root certificate to TK-IP101. After the

uploading is completed, you can then see the prompt page for reboot.

Click Reboot and wait till TK-IP101 is booted up, then likewise try to import the
server.crt and the serverkey.pem.

You don’t have to reboot each time when you finish uploading one certificate. You could do one
complete reboot at the end when you finish uploading all of them. To return to the previous Security page
for uploading another certificate without going to immediate reboot, you just click the Security page
hyperlink on the left frame of the browser window.

- -

20

2.8 Select a Security Level for Viewer

Connection

Step 1. Go to the Security page on the TK-IP101 Web management interface and

select a viewer connection security level.
There are three security levels for choice:

• Level 1: No encryption (No SSL)

• Level 2: 256-bit encryption, no user certificate required for user authentication

• Level 3: 256-bit encryption, user certificate required for authentication (PKI)

Security level 1 offers a non-secured connection, and hence should be used with
caution when TK-IP101 is intended to be accessed through external network. For
level 1, there’s virtually no encryption.
Security Level 2 offers a secured SSL connection that provides encryption for mouse,
keyboard and video but uses no PKI-authentication.
Security Level 3 offers a secured SSL connection that provides encryption for mouse,
keyboard and video, and uses 1024-bit PKI-authentication.

The choice of a security level to be implemented for the TK-IP101 viewer connection is of most
importance, especially when your remote server connections requires a high security that can keep your
servers safe from unauthorized entries and/or network sniffers.

Step 1-a. If you choose to implement PKI authentication feature on TK-IP101

viewer, you have to select Level 3 viewer security connection on the Security page of
your TK-IP101 browser interface.

Then Enter the server password.

Here you should enter the password that has encrypted the server private key in the
server private key file, serverkey.pem. You should enter the correct server password

here in order to make successful viewer connection with TK-IP101 in level 3 security
setting. If you use the standard set of certificates provided on the Support CD ROM

disc, the password that encrypts the server private key is serverpwd

However, if you use your own set of certificates, you should get the correct server
password from the Certificate Authority that issues those certificates.

- -

21

Step 2. Go to the Apply Setting page and hit the Apply Setting button to validate

your selection.

2.9 Select a User Password Policy

Step 1. Select a User Password Policy.

TK-IP101 offers three types of password policies On the drop-down combo box, you
can select your password policy for viewer connections:

No Password
Global Password
User Password

No Password – the viewer will prompt you for no password. Anyone who is with the viewer
and passes the security level check of the viewer could well establish the connection.
Global Password
want to make viewer connections to TK-IP101.
User Password
each login user will be checked against his or her corresponding password before allowing
viewer connection.

Global user password
enter the password that is used when the global user password setting is enabled as
your active password policy.

Step 2. Go to the Apply Setting page and hit the Apply Setting button to validate

your selection.

– the viewer will prompt you for a global password, which is used by all who

– the viewer will prompt you with user-specific password. With this setting,

: If you adopt the Global Password Policy. Here you should

There are altogether nine ( 3 x 3) possible combinations of Viewer Security Levels + Password Policies
that are available for a flexibility to adapt to your security needs. The administrator can choose an optimized
combination of user password policy and the SSL / PKI Authentication according to his security/convenience
concern.

SSL / PKI

Authentication

No password

No SSL-No PKI N – N – N G – N – N U – N - N

SSL – No PKI N – S – N G – S – N U – S - N

SSL - PKI N – S – P G – S – P U – S - P

User Password Policy

Global

Password

User-specific

Password

G – Global Password U – User-specific Password
S – 256-bit SSL Encryption
P – 1024-bit PKI Authentication
N – Not available

Please note: Either Password Policy or Security Level (SSL/PKI authentication) settings should be used
with due precaution: If you adopts No Password Policy and No SSL encryption/No SSL authentication,
anyone with a viewer and knowledge of the access IP and port number of TK-IP101 can establish a remote
connection

- -

22

Now your TK-IP101 is ready for a PKI-authenticated plus SSL-encrypted viewer
connection! All you have to do is to distribute the followings to you remote connection

client:

1. Certifidcates: (as you have obtained from your CA (Certification Authority).
They are required only if you select level 3 viewer security)
root.crt
client_name.p12. (client_name is freely chosen)

2. Certificate password: (as you have obtained from your CA. It is required
only if you select level 3 viewer security)

clientpwd (if you use the default set of certificate provided on TK-IP101

CD-ROM)

3. User account and password: (as you have specified in the User Management
page. It is required only if you choose User Password Policy)

Superuser / superu
Admin / 123456
User / 123456
(If you use the default user accounts/passwords)

4. Global Password: (as you have specified in the Security Page. It is required
only if you use the Global Password Policy)
(You will be prompted when choosing it as your password policy on the
Security Page.)

- -

23

3 MAKING A VIEWER CONNECTION

The TK-IP101 provides a win32 viewer for Windows clients and a Java viewer for
cross-platform on any major operating systems.

3.1 Install Win32 Viewer on the Client

Computer

Go to the Download page to download the Win32 viewer, winview_install.exe. Install

the viewer program on the client computer that will connect to TK-IP101. After
installation, a desktop icon will be created on your client desktop.

3.2 Install Java Viewer on the client

computer

Before you can use the java viewer, KViewer.jar, on any OS platform, you should

first install the Java Runtime Environment, JRE 1.5.0 or higher, which is
downloadable from http://www.java.com.

To download Java Viewer, just go to the Download page of the Web Management
interface.

After all, to run the small java program, you don’t have to actually save the

disk, since it is small (only 70 KB), you can choose to open it directly wile download is completed.

- -

24

Kviewer.jar

to your local hard

On some client platforms such as Linux, after you have installed the JRE on your client platform, you

have to set the path information in order for the client system to know where the Java compiler program is.

3.3 Import certificates to TK-IP101 viewer on

the client computer

If you will be using only the non-PKI authenticated viewer connections to TK-IP101 (such as Level 1

No encryption and No Authentication

–

authentication by client

and proceed to the next.

To make full PKI authenticated viewer connection with TK-IP101, you need to import
client certificates to the Win32 viewer and Java Viewer on the client computer.

The Tk-IP101 is already preinstalled with a default set of certificates. You can use

the default client certificates provided on CD ROM. However, it also allows you to use
your own set of certificates.

Note that if you intend to use your own set of certificates instead of the default set of certificates, you
should not only import the client certificates to the win32 viewer/java viewer on remote client computer, but
you should also import the root certificate, server certificate and the server private key to the TK-IP101. To
import certificates to the TK-IP101, please go to the Security page of the TK-IP101 Web Management to
upload your own set of certificates. For details, please refer to

), you are not obliged to use or import any certificates. If so you can skip this section

Viewer Encryption and Password Policies

Generally, the naming requirements of these certificates are as follows:
[Certificates and private key for TK-IP101 to authenticate viewer user logins]
root.crt - TK-IP101 root certificate, mandatory file name
server.crt - TK-IP101 server certificate, mandatory file name
serverkey.pem – TK-IP101 server private key, mandatory file name

[Certificates for remote login users with viewer connections]

client_name1.p12 - client certificate, client name could vary
client_name2.p12 - client certificate, client name could vary

. . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Specifically, we should import client certificate(s) in .p12 format, to the win32 viewer

and Java Viewer on your client computer, using each of their own certificate import
utilities.

, and Level 2 –

.

256-bit SSL encryption and only server

Section 4.15, Security – Certificate Installation,

- -

25

First, you have to have your certificates ready, either on a removable media or you
can copy them to your local disk on the client computer.

Note that if you copy certificates to your local hard disk, you might need to delete them from your local
hard disk after finishing importation, so that others won’t have access to your certificate files. Although the
personal client certificate (that is, the
blame!

Note that the win32 viewer and the java viewer require separate certificate
importation utility to get the job done.

client_name1.p12

) is password-protected, more caution is never to

Import client certificate to Win32 Viewer

Run the importation utility by accessing Start/Programs/Trendnet /IP Viewer/Import
Certificates. Click Root Certificate to import root certificate and then click Client
Certificate to import client certificate.

Import the certificates for the Java-based TK-IP101 Viewer

Now you have imported certificates to the viewers on the client computer
and are now ready for making a viewer connection of any security level
setting ….

3.4 Specify the Viewer Connection Option

before Making a Connection

The viewer connection option interface provides you with several alternative options
to use in combination for optimization of your viewer connection.

- -

26