Harman 4820, 4800 user manual Virtual Private Networks VPN, Network Considerations and Limitations

DriveRack®Appendix

units utilizes IP broadcast packets. These packets will not travel through internet routers and even some high end core switches. In a larger more complex network, proxy is used to tell the software where on the network to look for the 4800/4820 devices. There only needs to be one proxy setup for each group of units that are on the same local network. The device that is the proxy will pass information to the other 4800/4820s that it sees on the network, which will allow them to connect to the System Architect software.

Follow these steps to set up a proxy connection:

1.Make sure that the 4800/4820 has been correctly configured for the network that it is on and that the PC that is running the System Architect software has a network connection to that 4800/4820 device. You should be able to ping from the Windows box to the 4800/4820.

2.Select Options from Tools menu in the System Architect Venue View. Under Manage Network Connections select Add Connection and enter the proxy IP address.

3.Click the Add Connection button again to add that proxy address. After a moment you will see your devices appear in the window. If the System Architect software can not establish a connection with the proxy you will receive a failure message after about one minute of trying to connect. Proxy can be used to allow remote access to monitor and make minor changes to any 4800/4820 that is accessible from the internet. There are some things that can not be done over a proxy connection. For example, it is not possible for you to change the IP or node addresses over a proxy connection. Proxy is not intended for initial setup of any 4800/4820 it can only be used for remote monitoring and maintenance.

A.10.5 - Virtual Private Networks (VPN)

Virtual private networks (VPN) provide an encrypted connection (or tunnel) between networks or between a network and a user over a public network (such as the Internet). Instead of using a dedicated, real-world connection such as a leased line, a VPN uses virtual connections through the public network. The advan- tage to a VPN is that your computer can be virtually connected to a local network even though it is physi- cally anywhere in the world where you have an internet connection. This can also be done in a safe manner not compromising your local network’s security. If you would like to manage your 4800/4820s remotely you should create a secure VPN connection.

There are many solutions on the market today that provide VPN access. These products offer different features, methods of VPN, complexity of setup and maintenance, as well as varying levels of security. It is beyond the scope of this manual to recommend a VPN solution that will best suit the needs of your network, although you will need a VPN that is capable of passing UDP and TCP traffic (most do). The 4800/4820 has been tested against several solutions and should work with all VPNs that meet these criteria. Please work with your system administrator and Internet service provider to find a VPN that will best fit your network. The 3Com OfficeConnect Secure Router (model # 3CR860-95) is one solution that has been tested, and is both inexpensive and simple to set up. It provides up to two concurrent VPN connec- tions. It works well with Microsoft Windows 2000 and XP built-in VPN interfaces.

A.10.6 - Network Considerations and Limitations

•Without a VPN, there can be no access from the outside world to any 4800/4820 that is behind a

Network Address Translation (NAT) router. (One-to-One NAT and port forwarding will not work.)

•The Network Wizard will not allow address changes on any 4800/4820 that is connected to the GUI via a proxy.

•When connecting to a 4800/4820 through a proxy, the locate tool will only work on the unit that is setup as the proxy, and not the devices that are connected through it.

•When connecting to a 4800/4820 through a proxy, only connect at a 10-Mbit rate; any device that is forced to 100-Mbit or above will not link up. This will work at both 10 half and 10 full duplex.