Settings remote database access
Hardware Inspector Client/Server provides a single database for all branches which makes IT asset management easy and clear. All you need is to map ports on the DSL modem connected to the internet and on the proxy server which enables LAN users to share a single public IP address.
Take a look at an example of concurrent access to the database both via the Internet and local network.
In the central office there is a server with two network interfaces. The first is listening to the local network of an organization, its IP address is192.168.1.1. The second network interface with address 192.168.2.1 is connected to the DSL modem.
The server has a proxy server through which local users can be connected to the internet. On the server there is also Hardware Inspector Server which by default is listening to the IP address 192.168.2.1 port 14584 (and several others ports following in order – the number of ports is displayed in the "Settings" tab). For the sake of the example, let's say that Hardware Inspector Server uses ports 14584 and 14585 with IP address 192.168.2.1 (The IP address is in direction of the modem).
Port mapping settings in the modem
Even cheapest ADSL modem can redirect incoming TCP/IP packets to a certain port and IP address in the local network.
In this case we need to create a rule in the modem settings: packets coming in on ports 14584 and 14585 must be redirected to ports 14584 and 14585 of the local IP address 192.168.2.1.
In the client application installed in a branch office you need to specify the IP address of the central office provided and port 14584.
Port mapping settings in proxy server
We set Hardware Inspector Server to 192.168.2.1 which does not belong to the local network but listens to the modem. So we need to make settings to redirect packets from the local network to this address.
Create a rule in the settings of the proxy server to receive network packets coming in on 192.168.1.1:14584 and 192.168.1.1:14585 and redirect them to 192.168.2.1:14584 and 188.8.131.52:14585.
In the client application(s) installed in the main office you need to specify IP address 192.168.1.1. and port 14584.
Any solution which gives access to the resources of organization must provide high level of security.
We pay a great attention to these issues and have taken the following precautions:
- User authentication by password and unique server code.
- Random settings for the port which is used for incoming connections.
- Traffic compression and encryption for protection against sniffers.
- Multilevel access permission to workplace tree nodes, device types and program features which allows to restrict branch users' access only to their workplaces.
- More restricted access to database tables compared to Hardware Inspector (file access).
- Exchange protocol is our inside solution and is not publicly documented which makes its analysis more complicated.
Also you can take other precaution measures such as:
- Modem settings to restrict the range of external IP addresses to which port mapping rules are applied. It means that Hardware Inspector Server can be accessed only from the specified IP range.
- VPN network for connecting local networks of branches to the local network of the main office.
- Launch of Hardware Inspector Server under local account with restricted access permission to the server resources. For example, you can permit access only to harddrive folders necessary for work of Hardware Inspector Server.