myUTN User Manual Linux
Contents
1. cece eee e eee eens 48 4 2 How to Assign an Identifier Shown in the Display Panel myUTN 800 only lt 0cscscaestaeccedderaescsasceeeeaerielencaeset 49 4 3 How to Configure the Device Time cece cece eee cence 50 4 4 How to Configure the UTN SSL Port ccc cece cence eee 50 4 5 How to Assign a Name to a USB Port cece eee eee eee ees 51 4 6 How to Deactivate a USB Port only myUTN 80 and later 52 4 7 How to Use the Notification Service only myUTN 80 and later 52 4 8 How to Get Error Messages via the Display Panel myUTN 800 only sce cresetes rice res bdeaes bigeraghtexcesteanne 54 4 9 How to Configure Acoustic Signals myUTN 800 only 55 myUTN User Manual Linux 3 4 10 How to Use the UTN Server in VLAN environments only myUTN 80 and later cece eee e cece cece ence eens 57 5 Working with the SEH UTN Manager eeeees 60 5 1 How to Find UTN Servers USB Devices in the Network 61 5 2 How to Add UTN Servers USB Devices to the Selection List 62 5 3 How to Connect a USB Port including USB Device to a Client 63 5 4 How to Cut the Connection between the USB Port including USB Device and the Client cece cece eee eee n cence eens 65 5 5 How to Request an Occupied Device 0 cece cece eee eee 66 5 6 How to Automate Port Connections and Program Starts 67 5 7 How to Get Information about the U2. Configuring IPv4 Parameters via the myUTN Control Center Proceed as follows 1 Start the myUTN Control Center 33 Requirements myUTN User Manual Linux Network Settings 2 Select NETWORK IPv4 3 Configure the IPv4 parameters see table 2 534 4 Click Save amp Restart to confirm The settings are saved Table 2 IPv4 Parameters Parameters Description DHCP Enables or disables the protocols DHCP BOOTP and BOOTP ARP PING ARP PING Protocols offer various possibilities to save the IP address in the UTN server See Saving the IP Address in the UTN Server 274 We recommend disabling these options once an IP address has been assigned to the UTN server IP Address IP address of the UTN server Subnet mask Subnet mask of the UTN server Gateway Gateway address of the UTN server Configuring IPv4 Parameters via the SEH UTN Manager MI The SEH UTN Manager complete version is installed on the client see 29821 M The UTN server is shown in the selection list see gt 62 Proceed as follows 1 Start the SEH UTN Manager 2 Select the UTN server from the selection list 3 Select UTN Server Set IP Address from the menu bar The Set IP Address dialog appears 4 Enter the relevant TCP IP parameters Click OK The settings are saved Sa 34 What are the Advantages of IPv6 What is the Structure of an IPv6 Address myUTN User Manual Linux Network Settings 3 2 How t
3. The advantage of this procedure is that only the RADIUS server needs a certificate Therefore no PKI is needed Moreover TTLS sup ports most authentication protocols MI The UTN server is defined as user with user name and password on a RADIUS server Proceed as follows 7 Start the myUTN Control Center Select SECURITY Authentication Select TTLS from the Authentication method ist Enter the user name and the password that are used for the configuration of the UTN server on the RADIUS server Select the settings intended to secure the communication in the TLS channel To make the connection more secure you can also install the root CA certificate of the certification authority that has issued the certificate of the authentication server RADIUS on the UTN server see Installing the CA Certificate in the UTN Server B92 Afterwards select the root CA certificate from the list EAP root certificate Click Save amp Restart to confirm The settings are saved 97 Benefits and Purpose Mode of Operation Requirements myUTN User Manual Linux Security Configuring PEAP PEAP Protected Extensible Authentication Protocol validates the identity of devices or users before they gain access to network resources You can configure the UTN server for the PEAP network authentication This ensures that the UTN server gets access to pro tected networks In the case of PEAP compare EAP TTL
4. The encryption strength and thus the safety of the connection is defined via the encryption level Each encryption level is a collection of so called cipher suites A cipher suite is a standardized sequence of four cryptographic algo rithms that are used to establish a secure connection Depending on their cipher strength in bit cipher suites are grouped to form an encryption level Which cipher suites are supported by the UTN server i e are part of an encryption level depends on the SSL TLS protocol used When establishing a secure connection a list of supported cipher suites is sent to the communicating party A cipher suite is agreed upon that will be used later on The strongest cipher suite that is supported by both parties will be used by default If there is no cipher suite that is supported by both parties no SSL TLS connection will be established The communicating parties of the UTN server e g browser must support the cipher suites of the selected encryption level in order to successfully establish a connection When problems occur select a different level or reset the parameters of the UTN server see gt E106 76 Types of Connection HTTP HTTPS myUTN User Manual Linux Security The following encryption levels can be selected e Compatible Cipher suites with an encryption of 40 to 256 bit are used e Low Only cipher suites with a low encryption of 56 bit are used Fast connection e Medium O
5. 52 e How to Get Error Messages via the Display Panel myUTN 800 only gt 54 e How to Configure Acoustic Signals myUTN 800 only gt 255 e How to Use the UTN Server in VLAN environments only myUTN 80 and later gt 57 4 1 ll How to Determine a Description You can assign freely definable descriptions to the UTN server This gives you a better overview of the devices available in the network Proceed as follows 1 Start the myUTN Control Center 2 Select DEVICE Description 3 Enter freely definable names for Host name Description and Contact person 4 Click Save to confirm 48 Device Settings amp The data is saved Q DEE To assign names to USB ports see gt 51 4 2 Howto Assign an Identifier Shown in the Display Panel myUTN 800 only The Dongleserver myUTN 800 can be mounted in a 19 server rack In order to identify a certain myUTN 800 if several are mounted in a rack an identifier is shown in the display panel on the front side of the Dongleserver By default the identifier DS is displayed You can assign a freely definable identifier Proceed as follows 1 Start the myUTN Control Center 2 Select DEVICE Description 3 Enter a freely definable description into the Identifier display panel box Max 2 characters A Z 0 9 g75 Click Save to confirm The data is saved oF L Status Activity Abb 6 Display panel myU
6. mg e Parameterliste IPv6 116 e Parameter List Bonjour gt 2117 e Parameter List SSL Connections 5118 e Parameter List myUTN Control Center security gt e Parameter List USB device type blocking 12119 e Parameter List TCP port access gt e Parameter List UTN port B121 B119 e Parameter List Encryption 8121 e Parameter List USB port access only myUTN 80 and later 8121 e Parameter List USB port 38122 B118 e Parameter List DNS gt B122 e Parameter List SNMP gt 8B123 e Parameter List Date Time gt mg 124 e Parameter List Description gt B124 e Parameter List Authentication gt B125 e Parameter List POP3 only myUTN 80 and later gt 8126 e Parameter List SMTP only myUTN 80 and later gt 2126 e Parameter List Notification only myUTN 80 and later gt 127 e Parameter List Display panel myUTN 800 only 12130 e Parameter list SD card myUTN 800 only gt 2131 To view the Parameterwerte anzeigen gt 108 current parameter values of your UTN server see 114 myUTN User Manual Linux Tabelle 14 Parameter List IPv4 Parameters ip_addr IP address ip_mask Subnet mask ip_gate Gateway ip_dhcp DHCP ip_bootp BOOTP ip_auto ARP PING
7. ow to Request an Occupied Device gt 266 ow to Automate Port Connections and Program Starts gt 2167 ow to Get Information about the USB Port and USB Device 569 ow to Manage Selection Lists for Several Participants gt 70 60 What Do You Want To Do Requirements Requirements myUTN User Manual Linux Working with the SEH UTN Manager 5 1 Howto Find UTN Servers USB Devices in the Network In order to display the existing UTN servers and their connected USB devices in the network list the network needs to be scanned The network can be scanned via multicast and or freely definable ranges The default setting is multicast search in the local network segment O Defining Search Parameters gt 161 O Scanning the Network 261 Defining Search Parameters MI The SEH UTN Manager complete version is installed on the client see 2821 Proceed as follows 1 Start the SEH UTN Manager 2 Select Program Options from the menu bar The Options dialog appears Select the Network Scan tab Tick IP Range Search and define one or more network ranges Click OK The settings are saved EO w amp Scanning the Network MI The SEH UTN Manager complete version is installed on the client see gt E21 Proceed as follows 1 Start the SEH UTN Manager 2 Select Selection List Edit from the menu bar The Edit Selection List dialog appears 3 Click Scan The netw
8. MI You are logged on to the system as administrator Proceed as follows 1 Start the SEH UTN Manager 72 Requirements Requirements myUTN User Manual Linux bo EONS Working with the SEH UTN Manager Compose the selection list see How to Add UTN Servers USB Devices to the Selection List 3862 Select Program Options from the menu bar The Options dialog appears Select the Selection List tab Tick Global selection list Click OK The setting will be saved All users of a client use the same selection list Providing User Specific Selection Lists MI The SEH UTN Manager complete version is installed on the client see gt E21 MI You are logged on to the system as administrator Proceed as follows 1 2 ENAN Start the SEH UTN Manager Select Program Options from the menu bar The Options dialog appears Select the Selection List tab Tick User selection list Click OK The setting will be saved Each user uses their own selection list The selection lists of the users will be saved as ini files in user specific directories see User Specific Selection List gt 871 lt gt The administrators share one selection list Providing Users with a Predefined Selection List MI The SEH UTN Manager complete version is installed on the client see 2821 73 myUTN User Manual Linux Working with the SEH UTN Manager MI You are logged on to the
9. If the UTN server can no longer be reached using the myUTN Control Center restart the device see gt 8109 9 Clear Test mode 10 Click Save amp Restart to confirm The settings are saved The port access control is active Access to the ports is restricted 81 USB Port Key Control USB Port Device Assignment myUTN User Manual Linux Security 6 5 How to Control Access to USB Devices only myUTN 80 and later Via the USB ports you can control the access to the USB devices that are connected to the UTN server Two security methods are available for each USB port Both security methods can also be used in combi nation In the course of the key control a key is specified for the USB port via the myUTN Control Center By setting the key the USB device that is connected to the USB port is protected against unwanted access Neither the USB port nor the connected USB device will be displayed in the SEH UTN Manager This means that a user will not be able to make changes to the port or to establish a connection between the client and the USB port To make the USB port and the connected USB device available the user must enter the key for the USB port on the client This is done via the SEH UTN Manager By changing the key in the myUTN Con trol Center the user can once again lose its permission to access the USB device Device assignment means that a USB device is permanently assigned to each USB port via the
10. smtp_encrypt on off off Defines the signing and Full encryption encryption of emails Signing of off signing emails on encrypt Tabelle 33 Parameter List Notification only myUTN 80 and later Parameters Value Default Description trapto_1 valid IP address 0 0 0 0 Defines the SNMP trap trapto_2 address of the recipient Address 127 myUTN User Manual Linux Appendix Parameter List Parameters Value Default Description trapcommu_1 max 64 characters public Defines the SNMP trap trapcommu_2 a z A Z 0 9 community of the recipient Community trapdev on off off Enables disables the sending Send trap if USB of SNMP traps after a USB devices are device was connected connected or to removed from the UTN disconnected server trappup on off off Enables disables the sending Send trap if UTN of SNMP traps when the UTN server is server is restarted restarted trapact on off off Enables disables the sending Send trap if USB of SNMP traps after a USB ports are port was activated deactivated activated or deactivated trap_pwr on off off Enables disables the sending Send trap if of SNMP traps when one of power supply is the power supplies of the UTN interrupted or server is interrupted or estab established lished myUTN 800 only trap_sdinout on off off Enables disables the sending Send trap if SD of SNMP traps after an SD card is connected card was connected or disconnected to removed from the UTN serv
11. 2 Select NETWORK DNS 3 Configure the DNS parameters see table 4 438 4 Click Save to confirm The settings are saved 37 SNMPv1 SNMPv3 myUTN User Manual Linux Network Settings Table 4 DNS Parameters Parameters Description DNS Enables disables the name resolution via a DNS server Primary DNS server Defines the IP address of the primary DNS server Secondary DNS server Defines the IP address of the secondary DNS server The secondary DNS server is used if the first one is not available Domain name suffix Defines the domain name of an existing DNS server 3 4 How to Configure SNMP SNMP Simple Network Management Protocol has become the standard protocol for the administration and monitoring of network elements The protocol controls communication between the moni tored devices and the monitoring station SNMP allows you to read and edit management information pro vided by the network elements e g UTN server The UTN server sup ports versions 1 and 3 of SNMP The SNMP community is a basic form of access protection A large number of SNMP managers are grouped together in the community The community is then assigned read write access rights The gen eral community string is public The community string for SNMPv1 is transferred in plain text and does not provide sufficient protection SNMPv3 is a continuation of the SNMP standard which provides improved applications
12. Value valid IP address valid IP address valid IP address on off on off on off Default 169 254 0 0 16 255 255 0 0 0 0 0 0 Appendix Parameter List Description Specifies the IP address of the UTN server Specifies the subnet mask of the UTN server Specifies the gateway address of the UTN server Enables disables the DHCP protocol Enables disables the BOOTP protocol Enables disables the IP address assignment via ARP PING Tabelle 15 Parameter List IPv4 VLAN only myUTN 80 and later Parameters ip4vlan_mgmt IPv4 management VLAN ip4vlan_mgmt_id VLAN ID ip4vlan_mgmt_any Access from any VLAN ip4vlan_mgmt_un tag Access via LAN untagged Value on off 0 4096 1 4 characters 0 9 on off on off Default off Description Enables disables the forward ing of IPv4 management VLAN data ID for the identification of the IPv4 management VLAN 0 4096 Enables disables the administrative access web to the UTN server via IPv4 client VLANs If this option is enabled the UTN server can be administrated via all VLANs Enables disables the administrative access to the UTN server via IPv4 packets without tag If this option is disabled the UTN server can only be administrated via VLANs 115 Appendix Parameter List Parameters Value Default Description ipv4vlan_on_1 on off off Enables disables the oe forwarding of IPv
13. You can enter a maximum of 64 characters Email address Specifies an email address You can enter a maximum of 40 characters Optional entry Organization name Specifies the company that uses the UTN server You can enter a maximum of 64 characters Organizational unit Specifies the department or subsection of a company You can enter a maximum of 64 characters Optional entry Location Specifies the locality where the company is based You can enter a maximum of 64 characters State name Specifies the state in which the company is based You can enter a maximum of 64 characters Optional entry Domain component Allows you to enter additional attributes Optional entry Country Specifies the country in which the company is based Enter the two digit country code according to ISO 3166 Examples DE Germany GB Great Britain US USA Issued on Specifies the date from which on the certificate is valid Expires on Specifies the date from which on the certificate becomes invalid RSA key length Defines the length of the RSA key used 512 bit fast encryption and decryption 768 bit 1024 bit standard encryption and decryption 2048 bit slow encryption and decryption myUTN User Manual Linux 89 Requirements myUTN User Manual Linux Security Creating a Certificate Request for a Requested Certificate As preparation for using a certificate which is issued by a certifica tion authority for the UTN se
14. vidual functions The following table gives an overview siehe Tabelle 37 8134 Z The table shows the features that are basically available In addition individual features will not be displayed or will be displayed as inac tive This depends on the embedded UTN server model the settings of the product specific security mechanisms myUTN User Manual Linux 133 myUTN User Manual Linux Appendix SEH UTN Manager Function Overview Tabelle 37 SEH UTN Manager Function Overview Linux Global User Specific Selection List Selection List Adminis Adminis trative trative rights rights User User l utn utn rw r users User users INI INI Selection List Edit Selection List Export Selection List Refresh UTN server Configure UTN server Set IP Address UTN server Set USB Port Keys UTN server Add UTN server Remove UTN server Refresh Port Activate Port Deactivate Port Request Port Remove Port Settings EAE NARA NN SN S a a S SS a Nn Nek amp amp nN i amp amp amp x SES AIRS sy 1 SSI i Selection List Refresh Selection List Edit Port Activate Port Deactivate Program Options dialog JN lt JN lt o E lt J x x s Network Scan Multicast Search v x v x x Network Sca
15. Attached devices 0 16 Port Name Status VLAN i No device connected 2 No device connected No device connected No device connected No device connected No device connected No device connected ES EJ ee E ananaw i No device connected Copyright 2015 SEH Computertechnik GmbH Abb 2 myUTN Control Center START The available menu items are located in the navigation bar top After selecting a menu item simple mouse click the available sub menu items are displayed at the left After selecting a submenu item the corresponding page with its content is displayed at the right You can set the language via the menu item START Simply select the relevant flag The manufacturer s contact details and additional information regarding the product are displayed under Product amp Company The Sitemap provides an overview of and direct access to all pages of the myUTN Control Center All other menu items refer to the UTN server s configuration They are described in the Online Help of the myUTN Control Center To start the Online Help click the 2 icon 20 Administration Methods 2 2 Administration via the SEH UTN Manager Area of Application The software tool SEH UTN Manager handles the access of the USB devices The SEH UTN Manager shows the availability of all UTN servers and USB devices that exist in the network and establishes a connection between the client and the USB port of the UTN server
16. Network Settings access point and the UTN server do not match It is therefore recom mended to use hexadecimal WEP keys In contrast to WEP WPA Wi Fi Protected Access offers enhanced mechanisms for exchanging keys The exchange key is only used at the beginning of a session Afterwards a session key is used The key is regenerated periodically The WPA mechanism requires an authen tication at the beginning of a connection In the Personal Mode authentication is done via the Pre Shared Key PSK The PSK is a password with 8 63 alphanumerical characters The Enterprise Mode uses the EAP authentication method An individual 128 bit key is used for data encryption after the authentication The encryption methods TKIP Temporal Key Integ rity Protocol and AES Advanced Encryption Standard are available for the encryption of data Proceed as follows 1 Start the myUTN Control Center 2 Select NETWORK WLAN 3 Configure the WLAN parameters see table 9 246 4 Click Save amp Restart to confirm The settings are saved Eon If the UTN server changes the network it may receive a new IP address If this is the case the connection to the myUTN Control Center is interrupted 45 Network Settings Tabelle 9 WLAN Parameters Parameters Description Mode Defines the communication mode The communication Communication mode mode defines the network structure in which the UTN server will be installed Two
17. RA containing the required information With a prefix from the range of the global unicast addresses the UTN server can compose its own address It simply replaces the first 64 bits prefix FE80 with the prefix that was sent in the RA Requirements M The IPv6 parameter has been activated MI The Automatic configuration parameter has been activated o To configure the assignment of IPv6 addresses see gt 35 SEH UTN Manager You can manually enter the desired IPv4 address and save it in the UTN server using the SEH UTN Manager To configure an IPv4 address via the SEH UTN Manager see gt 234 myUTN Control Center You can manually enter the desired IP address and save it in the UTN server using the myUTN Control Center e To configure an IPv4 address via the myUTN Control Center see D9833 e To configure an IPv6 address via the myUTN Control Center see gt 35 mg mg myUTN User Manual Linux 16 Requirements myUTN User Manual Linux General Information ARP PING The assignment of the IP address to the hardware address can be done via the ARP table The ARP table is an internal system file in which the assignment is temporarily saved about 15 min This table is administered by the ARP protocol By means of the arp and ping commands you can save the IP address in the UTN server If the UTN server already has an IP address the arp and ping commands cann
18. damages to people and devices see 9812 Carry out the hardware installation The hardware installation comprises the connection of the UTN server to the network the USB device and the power supply see Quick Installation Guide Make sure that an IP address is stored in the UTN server see 29614 Install and start the software tool SEH UTN Manager on your Windows client see 27 Add the UTN servers that you want to use to the selection list see 2862 Activate the connection between your client and the USB port to which the USB device is connected see 2863 The connection will be established The USB device can be used by the client Why IP Addresses How Does the UTN Server Obtain IP Addresses Automatic Methods of IP Address Assignments Manual Methods of IP Address Assignments myUTN User Manual Linux General Information 1 6 Saving the IP Address in the UTN Server An IP address is used to address network devices in an IP network TCP IP network protocols require the storing of the IP address in the UTN server so that the device can be addressed within the network The UTN server is able to assign itself an IP address during the initial installation Boot protocols are used to assign an IP address auto matically to the UTN server Upon delivery the boot protocols BOOTP and DHCP are enabled Once the UTN server is connected to the network it checks whether an IP address can be obtaine
19. e CA certificates are certificates that have been issued for a certi fication authority CA They are used for verifying certificates that have been issued by the respective certification authority e S MIME certificates pem file are used to sign and encrypt the emails that are sent by the UTN server The corresponding private key must be installed as an own certificate in the PKCS 12 format as p12 file in the intended email program Mozilla Thunderbird etc Only then can the emails be verified and displayed in the case of encryption only myUTN 80 and later The following certificates can be installed at the same time in the UTN server 1 self signed certificate 1 client certificate i e 1 requested certificate OR 1 PKCS 12 certificate 1 32 CA certifcates 1 S MIME certificate only myUTN 80 and later All certificates can be deleted separately Client certificates status Self signed certificate Installed Q B Client certificate Not installed Certificate request Not generated S MIME certificate Not installed CA certificates status Owner Issuer EAP Common name Hash Common name Hash Root Abb 12 myUTN Control Center Certificates 87 What Do You Want To Do Requirements myUTN User Manual Linux Security O Displaying Certificates gt 288 Creating a Self Signed Certificate gt 88 O Creating a Certificate Request for a Requested Certificate 1290 O Inst
20. the access protection remains active until the UTN server is rebooted Specifies the port types to be locked UTN ports TCP ports all ports IP ports Enables disables an excep tion from the port locking Defines elements that are excluded from port locking using the IP address Enables disables an excep tion from the port locking Defines elements that are excluded from port locking using the hardware address 120 myUTN User Manual Linux Tabelle 22 Parameter List UTN port Parameters Value Default utn_port 1 9200 9200 UTN port 1 4 characters 0 9 utn_sslport 1 9443 9443 UTN SSL port 1 4 characters 0 9 Tabelle 23 Parameter List Encryption Parameters Value Default utn_sec_1 on off off utn_sec_20 USB port Appendix Parameter List Description Defines the number of the UTN port Defines the number of the UTN SSL port Description Enables disables the SSL TLS encryption of the USB port If the encryption is enabled the payload between the cli ents and the USB devices that are connected to the USB ports will be transferred in an encrypted way Tabelle 24 Parameter List USB port access only myUTN 80 and later Parameters Value Default utn_heartbeat 1 1800 180 1 4 characters 0 9 utn_accctrt_1 ids utn_accctrt_20 key Method keyids max 64 characters blank utn_keyval_1 a z A Z 0 9 utn_keyval_20 Key Descript
21. via Email Syntax and Format of an Instruction myUTN User Manual Linux Administration Methods 2 3 Administration via E Mail only myUTN 80 and later You can administer the UTN server via email and thus via any com puter with Internet access An email allows you to e send UTN server status information e define UTN server parameters or e perform an update on the UTN server M A DNS server has been configured on the UTN server see gt 837 MI In order to receive emails the UTN server must be set up as user with its own email address on a POP3 server MI POP3 and SMTP parameters have been configured on the UTN server see 91141 If you want to administer the UTN server you must enter the rele vant Instructions into the subject line of your email Proceed as follows 1 Open an email program 2 Write a new email 3 Enter the UTN server address as recipient 4 Enter an instruction into the subject line see Syntax and Format of an Instruction 9830 5 Send the email The UTN server receives the email and carries out the instruction Note the following syntax for instructions in the subject line cmd lt command gt lt comment gt 30 Administration Methods Security with TAN Parameter Changes myUTN User Manual Linux The following commands are supported Commands 07o ioli Description lt command gt get status Sends the status page of the UTN server get parameters S
22. Flash Drive Flash Drive Port 1 Available 1 Available Flash Drive Buttons for managing the port Display area for the connection properties Abb 3 SEH UTN Manager Main Dialog Functions The SEH UTN Manager offers the following features Adding UTN Servers to the Selection List gt 62 Connecting the USB Port to the Client gt 63 Disconnecting the USB Port from the Client gt 65 Requesting Occupied USB Ports gt E166 Automating Port Connections and Program Starts 267 Assigning an IPv4 Address to UTN Servers 234 28 myUTN User Manual Linux Administration Methods e Starting the myUTN Control Center gt 19 e Granting Access to Locked USB Ports gt 283 e Managing Selection Lists for Several Participants gt 70 Detailed information on how to use the SEH UTN Manager can be found in the Online Help To start the Online Help select Help Online Help from the menu bar Functions in the SEH UTN Manager can be shown as inactive or not shown at all This depends on e the embedded UTN server model e the type and location of the selection list e the user s rights and the group memberships on the client e the settings of the product specific security mechanisms e the operating system of the client nA For further information see SEH UTN Manager Funktions ber sicht 92144 29 Functionalities Requirements Sending Instructions
23. IPv6 functionality of the UTN server Automatic configuration Enables disables the automatic assignment of the IPv6 address for the UTN server 36 Network Settings myUTN User Manual Linux Parameters Description IPv6 address Defines a UTN server IPv6 unicast address assigned manually in the format n n n n n n n n Every n represents the hexadecimal value of one of the eight 16 bit elements of the address An IPv6 address may be entered or displayed using a shortened version when successive fields contain all zeros 0 In this case two colons are used Router Defines the IPv6 unicast address of the router The UTN server sends its Router Solicitations RS to this router Prefix length Defines the length of the subnet prefix for the IPv6 address The value 64 is preset Address ranges are indicated by prefixes The prefix length number of bits used is added to the IPv6 address and specified as a decimal number The decimal number is separated by 3 3 How to Configure the DNS DNS is a service that translates domain names into IP addresses Using DNS names can be assigned to IP addresses and vice versa If a DNS server is available in your network you can use DNS for your UTN server If you use a domain name during the configuration process you must first enable and configure DNS DNS is used for the configura tion of the time server for example Proceed as follows 1 Start the myUTN Control Center
24. PKCS 12 format are used to save private keys and their respective certificates and to protect them by means of a password gt If a PKCS 12 certificate has already been installed on the UTN server you must first delete it see S93 M The certificate must be in base64 format Proceed as follows Start the myUTN Control Center Select SECURITY Certificates Click PKCS 12 certificate Click Browse Enter the PKCS 12 certificate Enter the password Click Install The PKCS 12 certificate is saved in the UTN server ENMARWNS Saving S MIME Certificates in the UTN Server only myUTN 80 and later S MIME certificates pem file are used to sign and encrypt the emails that are sent by the UTN server a 1 es If a S MIME certificate has already been installed on the UTN server you must first delete it see gt 593 91 Requirements myUTN User Manual Linux Security Proceed as follows Start the myUTN Control Center Select SECURITY Certificates Click S MIME certificate Click Browse Specify the S MIME certificate Click Install The S MIME certificate is saved in the UTN server EFEAAA WN DP Installing the CA Certificate in the UTN Server In order to check the identity of the communicating parties of the UTN server it is necessary to validate their certificates For this the root CA certificates of the certification authorities that have issued the certificates of said
25. Parameters via the Reset Button LEDs the reset button and various ports can be found on the UTN server These components are described in the Quick Installation Guide Using the reset button you can reset the UTN server s parameter val ues to their default setting Proceed as follows 1 Press the reset button for 5 seconds The UTN server restarts The Dongleserver myUTN 800 beeps when restarting The parameters are reset 107 Maintenance What Happens During an Update When Is an Update Recommended Where Dol Find the Update Files 7 3 Howto Perform an Update You can carry out software and firmware updates on the UTN server Updates allow you to benefit from currently developed features In the course of an update the old firmware software will be over written and replaced by the new firmware software The parameter default settings of the device remain unchanged An update should be undertaken if functions do not work properly and if a new software or firmware version with new functions or bug fixes has been released by SEH Computertechnik GmbH Check the installed software and firmware version on the UTN server You will find the version number on the myUTN Control Cen ter Current firmware and software files can be downloaded from the homepage of SEH Computertechnik GmbH http www seh technology com services downloads html Every update file has its own readme file Take
26. Syntaxand Note the following syntax Commands utnm c command string lt command gt The executable file utnm can be found in usr bin myUTN User Manual Linux 140 Appendix Additional Tool utnm The following commands are supported Command Description c command string Runs a command The command is specified in greater detail by the command string The following command or strings can be used activate UTN server port number command command Activates the connection to a USB port and the string connected USB device e deactivate UTN server port number Deactivates the connection to a USB port and the connected USB device The command string eject will be used when a USB mass storage device is connected to the USB port The command string plugout will be used for all other USB devices plugin UTN server port number Activates the connection to a USB port and the connected USB device plugout UTIN server port number Deactivates the connection to a USB port and the connected USB device Corresponds to the plugging out of the device Note The command string deactivate is to be preferred e eject UTN server port number for USB mass storage devices Ejects the USB device connected to the USB port The port connection will only be deactivated if the communication has been terminated properly Note The command string deactivate is to be preferred
27. TLS connection start with https Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY Device access 3 In the Connection area tick HTTP HTTPS or HTTPS only 4 Click Save to confirm The setting will be saved 6 3 Howto Control the Access to the myUTN Control Center User Accounts You can limit the access to the myUTN Control Center This is done with the help of user accounts There a two types of user accounts for which a name and password have to be defined The accounts have different rights e Administrator Complete access to the myUTN Control Center The user can see all pages and administrate e Read only user Very restricted access to the myUTN Control Center The user can only see the START page gt The user accounts are also used for SNMP see gt 38 A user account allows for multiple logins i e the account can be used by a single user or by a group of users Up to 16 users can be logged in at the same time 78 Login Session Timeout TCP Port Access Control myUTN User Manual Linux Security If the access control is active a login screen is displayed when the myUTN Control Center is started You can choose between two login screens e list of users User names are displayed Only the password must be entered e name and password request Neutral login screen in which user name and password are to be entered For stronger security you
28. and a signature The use of certificates allows for various security mechanisms Use certificates in your UTN server e to check the identity of the UTN server in the network see Configuring EAP TLS gt 295 e to authenticate the UTN server if the email communication is protected POP3 SMIP via SSL TLS gt 541 e to authenticate the UTN server client if the data transfer between the clients and the UTN server is encrypted via SSL TLS gt B101 e to authenticate the UTN server client if the administrative access to the myUTN Control Center is protected via HTTPS SSL TLS E If you use certificates it is advisable to restrict the administrative access to the myUTN Control Center so that the certificate on the UTN server cannot be deleted by unauthorized persons see gt 77 Both self signed and externally signed certificates can be used with the UTN server The following certificates can be distinguished e Upon delivery a self signed certificate the so called default certificate is stored in the UTN server It is recommended that you replace the default certificate by a self signed certificate or requested certificate as soon as possible e Self signed certificates have a digital signature that has been created by the UTN server e A requested certificate is created by a certification authority CA for the UTN server on the basis of a certificate request 86 myUTN User Manual Linux Security
29. and a user based security model Distinguish ing features of SNMPv3 include its simplicity and security concept ay For SNMPv3 a name and password for the SNMP user have to be defined The user accounts used for this are those that are used for the myUTN Control Center access see gt 4178 38 Requirements myUTN User Manual Linux Network Settings M Only for SNMPv3 The user accounts have been defined see gt 78 Proceed as follows 1 Start the myUTN Control Center 2 Select NETWORK SNMP 3 Configure the SNMP parameters see table 5 239 4 Click Save to confirm The settings are saved Table 5 SNMP parameters Parameters Description SNMPv1 Enables disables SNMPv1 Read only Enables disables the write protection for the community Community SNMP community name The SNMP community is a basic form of access protection in which several participants with the same access rights are grouped together SNMPv3 Enables disables SNMPv3 Hash Defines the hash algorithm Access rights Defines the access rights of the SNMP user Encryption Defines the encryption method 3 5 How to Configure Bonjour Bonjour allows the automatic recognition of computers devices and network services in TCP IP based networks The UTN server uses the following Bonjour functions e Checking the IP address assigned via ZeroConf e Assignment of host names to IP addresses 39 Network Settings e Location of server
30. automatic backup feature It saves the parameter values exception passwords and certificates installed on the UTN server automatically to a con nected SD card After a parameter or certificate change the backup will be updated automatically If the SD card is lost or stolen your environment becomes vulner able certificates passwords Therefore you have to take all nec essary precautions for protecting the myUTN 800 if you use the automatic backup 103 What Do You Want To Do myUTN User Manual Linux Maintenance Upon delivery the SD card is already inserted into the SD card reader and ready for use installation or formatting are not required By means of the backup the whole configuration can be quickly and easily loaded to other UTN servers e g when exchanging a UTN server Parameter values passwords and certificates will be loaded automatically from the SD card to a Dongleserver myUTN 800 after a cold start of the UTN server Displaying Parameter Values gt 2104 Saving the Parameter File 2104 Loading the Parameter file onto the UTN Server gt 105 Automatic backup myUTN 800 only gt 8105 E O O O Displaying Parameter Values Proceed as follows 1 Start the myUTN Control Center 2 Select MAINTENANCE Parameter backup 3 Click the icon Q The current parameter values are displayed ER e Se A detailed description of the parameters can be foun
31. can use a session timeout If there is no activity during the timeout defined the connection to the myUTN Control Center is terminated automatically Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY Device access 3 Define the two user accounts To do this in the area User accounts enter a User name and Password respectively You can show the typing if you want to make sure that there are no typing errors in the password 4 Tick Restrict Control Center access 5 Choose the login screen type list of users or name and password 6 Tick Session timeout and into the Session duration box enter the time in Minutes after which the timeout is to be effective Optional Click Save to confirm The settings are saved N 6 4 Howto Control Access to the UTN Server TCP Port Access Control You can control the access to the UTN server To do so various TCP port types on the UTN server can be locked Network elements that have permission to access the UTN server can be defined as excep tions and excluded from locking The UTN server only accepts data packets from network elements defined as exceptions 79 Security Levels Exceptions Test Mode myUTN User Manual Linux Security The port types to be blocked must be defined in the Security level area The following categorization can be selected e Lock UTN access locks UTN ports e Lock TCP access locks TCP ports HITP HTTPS
32. communicating parties are installed on the UTN server Up to 32 CA certificates can be installed Thus multi level public key infrastructures PKIs are supported Example The UTN server offers a number of authentication methods to verify its identity in a network If you use the authentication method EAP TLS 95 you must install the root CA certificate of the certification authority that has issued the certificate of the authentication server RADIUS on the UTN server M The certificate must be in base64 format Proceed as follows 1 Start the myUTN Control Center Select SECURITY Certificates Click CA certificate Click Browse Specify the CA certificate Click Install The CA certificate will be saved in the UTN server EAAAWN 92 Requirements myUTN User Manual Linux Security Deleting Certificates Do not delete the certificate CA self signed PKCS 12 if only HTTPS is defined as the permitted connection type for the web access to the myUTN Control Center If the corresponding certifi cate is deleted the myUTN Control Center can no longer be reached In this case you have to reset the parameters of the UTN server see gt E106 M A certificate is installed on the UTN server Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY Certificates 3 Select the certificate to be deleted via the icon Q The certificate is displayed Click Delete The certificate is d
33. confirm The settings are saved 56 Benefits and Purpose What Do You Want To Do myUTN User Manual Linux Device Settings 4 10 How to Use the UTN Server in VLAN environ ments only myUTN 80 and later The UTN server supports the use of VLAN Virtual Local Area Net works It is useful to divide a physical network into VLANs for per formance and security reasons If a VLAN spans multiple switches you can use so called VLAN trunks VLT A VLT is used to forward data from different VLANs via a single connection Both individual ports and bundled ports can be used The UTN server supports the forwarding of VLAN data via its USB ports To do this the VLANs must be known to the UTN server After this the USB ports used for the forwarding of the data must be linked to the specified VLANs The VLANs can be used to control the access to dongle protected software myUTN 80 myUTN 800 or USB devices myUTN 250 This way a specified group of network participants can be provided with a certain amount of dongle protected software licenses or USB devices Example 6 engineers have access to 3 dongle protected CAD software licenses 3 accountants have access to one dongle protected account ing software The access by a participant to software that is not intended for this participant is excluded Note A USB port can be con nected with only one participant at a time Abb 7 USB por
34. follows 1 Start the myUTN Control Center 2 Select SECURITY USB port access 3 Select the entry from the Method list of the relevant USB port 4 Click Save to confirm The USB port access control will be disabled The connected USB devices can be operated 84 myUTN User Manual Linux Security 6 6 Howto Block USB Device Types USB devices are grouped into classes according to their function For example input devices such as keyboards belong to the group Human Interface Device HID USB devices may present themselves as HID class USB devices but actually are used for abuse known as BadUSB In order to protect the UTN server you can block input devices which belong to the HID class Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY Device access 3 Tick clear Disable input devices HID class in the USB devices area 4 Click Save to confirm 5 The setting will be saved 85 What are Certificates Benefits and Purpose Which Certificates are Available myUTN User Manual Linux Security 6 7 Howto Use Certificates Correctly The UTN server has its own certificate management This section explains how certificates are used and when the use of certificates is recommended Certificates can be used in TCP IP based networks to encrypt data and to authenticate communication partners Certificates are elec tronic messages containing a key public key
35. install the package DKMS is installed on the client Programm Start Ubuntu To start the SEH UTN Managers in the launcher call UTN Manager via Dash search amp or type utnmanager in the command line interface Terminal Oracle The SEH can be started in several ways e Under Applications System Tools select UTN Manager e In the console Terminal run the command utnmanager e Using Alt F2 call the dialog Run Application In the box enter utnmanager and click Run Changing Versions If the minimal oder complete version of the SEH UTN Manager is already installed on your system and you want to change to the other version you must first uninstall the existing version Update You can get information about the update status of the SEH UTN Manager If an update is available the installation file can be copied to the computer and the program can be installed In the case of 27 myUTN User Manual Linux Administration Methods updates the default settings are modified according to the existing version Program Structure After the program start you will see the main dialog with the fol lowing elements The dialog may vary depending on which elements you have chosen to be shown or hidden Buttons for editing the selection list Menu bar Selection List Administratur SEH UTN anager Program Selection List UTN er Port Help A Server Device v Status A e 192 168 0 140 bo
36. myUTN User Manual Linux Security MI The UTN server is defined as user with user name and password on a RADIUS server Proceed as follows 1 2 3 4 D Start the myUTN Control Center Select SECURITY Authentication Select FAST from the Authentication method list Enter the user name and the password that are used for the configuration of the UTN server on the RADIUS server Select the settings intended to secure the communication in the channel Click Save amp Restart to confirm The settings are saved 100 myUTN User Manual Linux Security 6 9 Howto Encrypt Data Transfer You can encrypt the data transfer between the clients and the UTN server and the connected USB devices gt Only payload will be encrypted Control and log data will be trans mitted without encryption Encrypted connection means that client and UTN server communi cate via the UTN SSL port The port number 9443 is preset To change the port number see gt 250 UTN port UTN SSL port lt UTN server H Me Re Se SSL TLS connection ee KoB par Abb 13 UTN Server SSL TLS Connection in the Network To use an SSL TLS connection you must enable the encryption at the relevant USB port The cipher strength is defined via the encryption level gt 76 Proceed as follows Start the myUTN Control Center Select SECURITY Encryption Enable the encryption at the USB port Click Save to confir
37. or reject the prolongation will appear lt gt You have the option of being informed about the availability of the port after the automatic disconnection For this purpose set up a notification if the USB port is available see gt E69 Auto Disconnect allows a large number of network participants to access a small amount of USB ports including the connected USB devices and avoids idle times MI The SEH UTN Manager complete version is installed on the client see 929821 M The UTN server is displayed in the Automatic Device Disconnect area see gt 62 MI You are logged on to the system as administrator mg O Proceed as follows 1 Start the SEH UTN Manager 2 Select Program Options from the menu bar The Options dialog appears 3 Select the Automatisms tab 4 In the Auto Disconnect area tick Status for the relevant UTN server 5 Define the desired time range 10 525 minutes 68 What Do You Want To Do Requirements Requirements myUTN User Manual Linux Working with the SEH UTN Manager 6 Optionally tick Prolongation 7 Click OK The setting will be saved 5 7 Howto Get Information about the USB Port and USB Device You can view the status information of the USB port and the USB device You can also configure automatic messages You will be noti fied when a USB port and the connected USB device become avail able after they have been in use O Displa
38. server for receiving emails The port number 110 is preset When using SSL TLS enter 995 as port number POP3 Security Defines the authentication method to be used APOP SSL TLS When using SSL TLS the cipher strength is defined via the encryption level gt B76 POP3 Check mail every Defines the time interval in minutes for retrieving emails from the POP3 server POP3 Ignore mail Defines the maximum email size in Kbyte to be exceeding accepted by the UTN server 0 unlimited POP3 User name Defines the user name used by the UTN server to log on to the POP3 server POP3 Password Defines the password used by the UTN server to log on to the POP3 server Configuring SMTP MI The UTN server is set up as user with its own email address on a SMTP server Proceed as follows 1 Start the myUTN Control Center 2 Select NETWORK Email 3 Configure the SMTP parameters see table 8 3843 4 Click Save to confirm The settings are saved 42 Network Settings Table 8 SMTP Parameters Parameters Description SMTP Server name Defines the SMTP server via the IP address or the host name The host name can only be used if a DNS server was configured beforehand SMTP Server port Defines the port number used by the UTN server to send emails to the SMTP server The port number 25 is preset SMTP TLS Enables disables TLS The security protocol TLS Transport Layer Security serves to encrypt the tr
39. system as administrator E Proceed as follows 1 Start the SEH UTN Manager 2 Compose the selection list for the user see How to Add UTN Servers USB Devices to the Selection List 3562 3 Select Program Options from the menu bar The Options dialog appears 4 Select the Selection List tab Tick User selection list 6 Click OK The setting will be saved 7 Select Selection List Export from the menu bar The Export to dialog appears 8 Save the file SEH UTN Manager ini using the following path SHOME config SEH Computertechnik GmbH SEH UTN Manager ini See User Specific Selection List gt 71 Each user has access to their own predefined selection list n Protecting the user specific selection list When using predefined user specific selection lists we recommend protecting the selection list against modifications by the user The selection list of a user is stored as SEH UTN Manager ini file in the following location SHOME config SEH Computertechnik GmbH SEH UTN Man ager ini See User Specific Selection List gt 71 Use the control panel of the operating system to turn ini files into read only files To do this you need administrative rights on the cli ent If an SEH UTN Manager ini file becomes read only all functions of the SEH UTN Manager that relate to the selection list will be dis abled 74 What Information Do You Need myUTN User Manu
40. to a USB device that is protected by means of the USB port key control an appropriate key must be entered on the client via the SEH UTN Manager Proceed as follows 1 2 3 Start the SEH UTN Manager Select the UTN server from the selection list Select the command Set USB Port Keys from the UTN server menu bar The Set USB Port Keys dialog appears Enter the key for the relevant USB port Click OK The access to the USB port is shared The USB port and the connected USB device are shown in the selection list and can be operated 83 myUTN User Manual Linux Security Specifying the Device Assignment on the USB Port To prevent manipulations by switching the USB devices on the UTN server you can permanently assign USB devices to the USB ports Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY USB port access 3 Select the entry Device assignment from the Method list of the relevant USB port 4 Click Reallocate device The USB device box shows the vendor and product ID of the USB device 5 Click Save to confirm The settings are saved Only the assigned USB device can be operated on the USB port If the USB port is to create an assignment with a newly connected USB device click Reallocate device again and save your settings Disabling the USB Port Access Control You can disable the access control to the USB ports as well as the connected USB devices Proceed as
41. to use a subnet mask you can configure the relevant parameter in the UTN server via the myUTN Control Center Default Name The default name of the UTN server is made up of the two letters IC and the device number The device number consists of the last six numbers of its hardware address myUTN User Manual Linux 112 Compound USB Device myUTN User Manual Linux Appendix Glossary Default name pa IC0001ff Device number The default name can be found in the myUTN Control Center A compound USB device consists of a hub and one or more USB devices that are all integrated into a single housing Dongles are often compound USB devices If a compound USB device is connected to a USB port of the UTN server in the myUTN Control Center and the selection list of the SEH UTN Manager all integrated USB devices will be displayed on the USB port When the port connection is activated all displayed USB devices will be connected to the user s client It is not possible to activate a port connection to only one of the USB devices 113 What Information Do You Need myUTN User Manual Linux 8 2 Parameter List Appendix Parameter List This chapter gives an overview of all available parameters of the UTN server The parameter list gives details about the functions and val ues of the individual parameters e Parameter List IPv4 8115 e Parameter List IPv4 VLAN only myUTN 80 and later 92115
42. to which the USB device is connected The software is installed on all clients that are meant to access a USB device in the network Mode of Operation After the SEH UTN Manager is started the network will be scanned for connected UTN servers The network range to be scanned is freely definable After the network scan all UTN servers found together with the connected USB devices will be shown in the network list The required UTN servers will be selected and added to the selection list The devices in the selection list can be configured or connected to the client What Information e Automatisms gt 21 Do vouliecs SEH UTN Manager Versions gt 22 e Installation gt 23 e Programm Start gt 27 e Changing Versions gt 27 e Update gt 27 e Program Structure gt 28 e Functions gt 28 Automatisms The SEH UTN Manager supports among other things the following automatisms e Auto Connect This function enables the automatic activation of a permanent connection to a port and the connected USB device when you start the operating system myUTN User Manual Linux 21 What Are the Differences Between the Versions myUTN User Manual Linux Administration Methods e Auto Disconnect This functionality allows for the automatic deactivation of a USB port and the connected USB device after a time defined e Additional Tool utnm This tool is used for the
43. 0 64 1 2 characters 0 9 on off Value on off max 64 characters a z A Z 0 9 Default 64 on Default on Default name Appendix Parameter List Description Defines the IPv6 unicast address of the router The UTN server sends its Router Solicitations RS to this router Defines the length of the sub net prefix for the IPv6 address Address ranges are indicated by prefixes The prefix length number of bits used is added to the IPv6 address and specified as a decimal number The deci mal number is separated by Te Enables disables the auto matic assignment of the IPv6 address for the UTN server Description Enables disables the Bonjour service Defines the Bonjour name of the UTN server 117 myUTN User Manual Linux Appendix Parameter List Tabelle 18 Parameter List SSL Connections Parameters Value Default Description security 1 4 Encryption 1 characters 2 Defines the encryption level to be used for SSL TLS connec tions 1 low 56 bit 2 medium 128 bit 3 high 128 256 bit 4 compatible 40 256 bit Do not use the encryption level Low if only HTTPS is defined as the permitted connection type for the web access to the myUTN Control Center Tabelle 19 Parameter List myUTN Control Center security Parameters AET http_allowed on off Connection sessKeys on off Restrict Control Center access sessKeyUList o
44. 2 Special Case Compound USB Device Requirements myUTN User Manual Linux Working with the SEH UTN Manager 5 3 Howto Connect a USB Port including USB Device to a Client A USB device that is connected to the UTN server can be connected to the client To this purpose the user establishes a connection between the client and the USB port of the UTN server to which the USB device is connected The USB device can then be used by the client as if the USB device was directly connected to the client When connecting certain USB devices to a USB port of the UTN server the selection list displays several USB devices on this port These are so called compound USB devices They consist of a hub and one or more USB devices that are all integrated into a single housing If the connection is established to a port with a connected com pound USB device all USB devices shown will be connected to the user s client In this case each integrated USB device occupies a vir tual USB port of the UTN server The number of these virtual USB ports is limited depending on the UTN server model If the limit is reached no further USB devices can be used on this UTN server Table 12 Virtual USB ports Number of virtual Number of virtual UTN server USB ports UTN server USB ports myUTN 50a 6 myUTN 250 12 myUTN 80 16 myUTN 800 40 MI The SEH UTN Manager complete version is installed on the client see 2821 Mi The USB port is shown in the selecti
45. 4 client ipv4vlan_on_20 VLAN data VLAN ipv4vlan_addr_1 valid IP address 192 168 Specifies the IP address of the 0 0 UTN server within the IPv4 ipv4vlan_addr_20 client VLAN IP address ipv4vlan_mask_1 valid IP address 255 255 Specifies the subnet mask of 255 0 the UTN server within the ipv4vlan_mask_20 IPv4 client VLAN Subnet mask ip4vlan_gate_1 valid IP address 0 0 0 0 Gateway address of the IPv4 client VLAN ip4vlan_gate_20 Gateway ipv4vlan_id_1 0 4096 0 Specifies the ID for the 1 4 characters 0 9 identification of the IPv4 client ipv4vlan_id_20 VLAN VLAN ID Tabelle 16 Parameterliste IPv6 Parameters Value Default Description ipv6 on off on Enables disables the IPv6 IPv6 functionality of the UTN server ipv6_addr nin nin ninin n ae Defines a UTN server IPv6 IPv6 address unicast address assigned manually in the format n n n n n n n n Every n represents the hexa decimal value of one of the eight 16 bit elements of the address An IPv6 address may be entered or displayed using a shortened version when successive fields con tain all zeros 0 In this case two colons are used myUTN User Manual Linux 116 myUTN User Manual Linux Parameters ipv6_gate Router ipv6_plen Prefix length ipv6_auto Automatic configuration Tabelle 17 Parameter List Bonjour Parameters bonjour Bonjour bonjour_name Bonjour name Value nininininininin
46. 7 Ber SMEOCOMINESE triel telse WIN server port number Automatically activates the port connection if the USB device is connected to the USB port but not in use getlist UIN server Shows an overview of the USB devices including port number vendor ID product ID manufacturer name product name device class and status that are connected to the UTN server state UTN server port number Displays the status of the USB device connected to the USB port hor Shows the help page helip myUTN User Manual Linux 141 Appendix Additional Tool utnm Command Description k USB port key Specifies a USB port key or In the course of the port key control a key is specified for key USB port key the USB port via the myUTN Control Center so that the USB device that is connected to the USB port is protected against unwanted access gt 86 In order to gain access to this USB device the appropriate key must be entered Note The key cannot be configured via this command Entering the key allows access to the USB device The key must be entered each time the connection is activated mr or Separates the output of the command string getlist with machine readable tabulators nw or Suppresses warning messages no warnings o or Shows the output in the command line Oe Oita p port number or Uses an alternative UTN port port port number Client and UTN server communicate via the UTN port If a non defaul
47. A SER USB Device Server myUTN 50a Dongleserver myUTN 80 myUTN 55 Dongleserver myUTN 800 myUTN 250 User Manual Linux Manufacturer SEH Computertechnik GmbH Suedring m Scan this QR code meCard 33647 Bielefeld using your smart phone Germany Phone 49 0 521 94226 29 Fax 49 0 521 94226 99 Document Support 49 0 521 94226 44 Type User Manual Linux Email info seh de Title USB Device Server Web http www seh de Version 3 5 Online Links to Important Websites Free Guarantee Extension http www seh technology com guarantee Support Contacts amp Information http www seh technology com support Sales Contacts amp Information http www seh technology com sales Downloads http www seh technology com services downloads html nterCon is a registered trademark of SEH Computertechnik GmbH SEH Computertechnik GmbH has endeavored to ensure that the information in this documentation is correct If you detect any inaccuracies please inform us at the address indicated above SEH Computertechnik GmbH will not accept any liability for any error or omission The information in this manual is subject to change without notification All rights are reserved Copying other reproduction or translation without the prior written consent from SEH Computertechnik GmbH is prohibited 2015 SEH Computertechnik GmbH All trademarks registered trademarks logos and product names are property of their respective o
48. AC or Ethernet address The manufacturer has defined this address in the hardware of the device The address consists of 12 hexadecimal 111 Appendix Glossary numbers The first six numbers represent the manufacturer while the last six numbers identify the individual device Hardware address A L 00 c0 eb 00 01 ff V JN Y J Manufactu Device rer number The hardware address can be found on the housing or in the SEH UTN Manager The use of separators within the hardware address depends on the platform In Linux werden are used IP Address The IP address is the unique address of each node in a network i e an IP address may occur only once on a local network The system administrator usually assigns the IP address The address must be saved in the UTN server to make sure that it can be addressed within the network Hostname The host name is an alias for an IP address The host name uniquely identifies the UTN server in the network and makes it easier to remember Gateway Using a gateway you can address IP addresses from external net works If you want to use a gateway you can configure the relevant parameter in the UTN server via the myUTN Control Center Subnet Mask With the help of the subnet mask large networks can be split up into subnetworks In this case the user IDs of the IP addresses are assigned to the various subnetworks The UTN server is configured not to use subnetworks by default If you want
49. C address 111 ARP PING 17 Authentication 44 94 Auto Backup 103 Auto Connect 21 67 Auto Disconnect 22 68 Automatisms 21 67 Auto Connect 21 67 Auto Disconnect 68 Auto Disonnect 22 utnm 22 139 Backup 103 Backup copy 103 BIOS Mode 135 Bonjour 39 BOOTP 15 Button Reset 106 Restart 109 C CA certificate 87 Certificate 86 Create 88 Display 88 Installation 90 Certificate request 90 Certificates Delete 93 Anhang Index Channel 46 Cipher Suite 76 Communication mode 46 Complete version 22 Compound USB device 63 113 Console 139 D Default certificate 86 Default name 112 Default settings 106 Descriptions 48 Device number 112 DHCP 15 Display panel 49 54 132 DKMS Dynamic Kernel Module Support 26 DNS Domain Name Service 37 Documentation 8 E EAP 94 EAP FAST 99 EAP MD5 95 EAP TLS 95 EAP TTLS 96 Email 30 53 Encryption 101 Encryption Level 76 Error states 54 132 F File lt default name_parameter txt gt 103 Frequency range 46 G Gateway 112 145 myUTN User Manual Linux Global Selection List 71 H Hardware address 111 Host name 112 Hotline 11 Identifier 49 IEEE 802 1X 94 Improper Use 12 Infrastructure mode 46 Installation Hardware 13 SEH UTN Manager 23 Intended Use 12 IP Address 112 IP address save 14 IPv4 33 IPv4 client VLAN 58 IPv4 management VLAN 58 IPv6 35 M MAC address 111 Maintenance 103 Minimal version 22 Mode 46 Multicast Se
50. Do You Want To Do O Configuring EAP MD5 gt 295 O Configuring EAP TLS gt 8B95 O Configuring EAP ITLS gt 296 O O Configuring PEAP gt 98 Configuring EAP FAST gt 99 myUTN User Manual Linux 94 Security Benefits and Purpose Mode of Operation Requirements Benefits and Purpose Mode of Operation myUTN User Manual Linux Configuring EAP MD5 EAP MD5 validates the identity of devices or users before they gain access to network resources You can configure the UTN server for the EAP MD5 network authentication This ensures that the UTN server gets access to protected networks EAP MD5 describes a user based authentication method via a RADIUS server The UTN server must be defined as user with user name and password on a RADIUS server The authentication method EAP MD5 must then be enabled on the UTN server and the user name and password need to be entered MI The UTN server is defined as user with user name and password on a RADIUS server Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY Authentication 3 Select MD5 from the Authentication method ist 4 Enter the user name and the password that are used for the configuration of the UTN server on the RADIUS server 5 Click Save amp Restart to confirm The settings are saved Configuring EAP TLS EAP TLS Transport Layer Security validates the identity of devices or users befor
51. LED yellow blinks periodically and e the status LED green is not active The UTN server is not operational in the BIOS mode In this case please contact the SEH support team see Support und Service gt 511 myUTN User Manual Linux 135 Possible Cause Possible Cause Possible Cause myUTN User Manual Linux Appendix Troubleshooting Some functions in the SEH UTN Manager are hidden enabled or appear dimmed O Your user account does not have the required administrative rights This leads to restricted user rights in the SEH UTN Manager see SEH UTN Manager Function Overview gt B133 O A function is not supported by the connected USB device Start the SEH UTN Manager as administrator For more information refer to the documentation of your operating system USB devices are not shown in the SEH UTN Manager Eliminate possible error sources Check first if the USB device is con nected to the UTN server O The SEH UTN Manager and the firmware software on the UTN server are incompatible Update the SEH UTN Manager gt 28 and the firmware software S115 O Several compound USB devices 113 are connected to the UTN server Each integrated USB device occupies a virtual USB port of the UTN server The number of these virtual USB ports is limited depending on the UTN server model If the limit is reached no further USB devices can be used on this UTN server gt 12165 O The U
52. Manual Linux Security 7 Click Save amp Restart to confirm The settings are saved Configuring EAP FAST EAP FAST Flexible Authentication via Secure Tunneling validates the identity of devices or users before they gain access to network resources You can configure the UTN server for the EAP FAST net work authentication This ensures that the UTN server gets access to protected networks EAP FAST uses as in the case of EAP TTLS see gt 96 a channel in order to protect the data transfer The main difference is that EAP FAST does not require certificates for authentication purposes The use of certificates is optional PACs Protected Access Credentials are used to build the channel PACs are credentials that comprise up to three components e A shared secret key that contains the preshared key between the UTN server and the RADIUS server e An opaque part that is provided to the UTN server and presented to the RADIUS server when the UTN server wishes to obtain access to network resources e Other information that may be useful to the client Optional EAP FAST uses two methods to generate PACs e The manual delivery mechanism can be every mechanism that the administrator configures and considers to be safe for the network e In the case of the automatic delivery an encrypted channel is established in order to protect the UTN server authentication as well as the delivery of the PACs 99 Requirements
53. S see gt 96 an encrypted TLS Transport Layer Security channel is established between the UTN server and the RADIUS server Only the RADIUS server authenti cates itself using a certificate that was signed by a CA The TLS channel is then used to establish another connection that can be protected by means of additional EAP authentication meth ods e g MSCHAPv2 The advantage of this procedure is that only the RADIUS server needs a certificate Therefore no PKI is needed PEAP uses the advan tages of TLS and supports various authentication methods including user passwords and one time passwords MI The UTN server is defined as user with user name and password on a RADIUS server E Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY Authentication 3 Select PEAP from the Authentication method ist 4 Enter the user name and the password that are used for the configuration of the UTN server on the RADIUS server 5 Select the settings intended to secure the communication in the TLS channel 6 To make the connection more secure you can also install the root CA certificate of the certification authority that has issued the certificate of the authentication server RADIUS on the UTN server see Installing the CA Certificate in the UTN Server 24592 Afterwards select the root CA certificate from the list EAP root certificate 98 Benefits and Purpose Mode of Operation myUTN User
54. SB Port and USB Device 69 5 8 How to Manage Selection Lists for Several Participants 70 6 SOCOIILY s cccivoeriokshsbakiaswase sneered EEE anes 75 6 1 How to Define the Encryption Level for SSL TLS Connections 76 6 2 How to Encrypt the Connection to the myUTN Control Center 77 6 3 How to Control the Access to the myUTN Control Center User ACCOUNTS aiste renoneer E E E EEEE EEEE NORE ETA 78 6 4 How to Control Access to the UTN Server TCP Port Access Control ccc cccccded di tesstenspeetdscsekeneses 79 6 5 How to Control Access to USB Devices only myUTN 80 and later sssssssnnnnnnennnnnnnenenenen 82 6 6 How to Block USB Device Types cece eee eee e eee e ee enee 85 6 7 How to Use Certificates Correctly ccc cece e cece e eee eee 86 6 8 Howto Use Authentication Methods 0 cece eee anes 94 6 9 How to Encrypt Data Transfer cece cece cece eee e eens 101 7 Maintenance sors bos inde eNews bw de iwe Sewn eseesdawads 103 7 1 How to Secure UTN Parameters Backup 00ceeeeeee 103 7 2 How to Reset the UTN Parameters to their Default Values 106 7 3 Howto Perform an Update 0 cece ccc e cence nen eee en ees 108 7 4 How to Restart the UTN Server 0 cece eee e eee e teen eees 109 BADDCNUIK ccs cacatoeeckadscavse rishi ESEE ENESES 110 Bl WGIOSSAIY enrete ER E sete are seman seer en ceneeee seer 111 8 2 Parameter List cc cc ccc
55. SB port is deactivated gt 52 The SEH UTN Manager displays several USB devices at one USB port O The connected USB device is a so called compound USB device It consists of a hub and one or more USB devices that are all integrated into a single housing When the connection to the port is established all displayed USB devices will be connected to the user s client and can be used 136 Possible Cause Possible Cause myUTN User Manual Linux Appendix Troubleshooting A connection to the UTN server cannot be established A common port will be used for the data transfer between the UTN server and the SEH UTN Manager that is installed on the client gt B52 O The port numbers are not identical The current port number cannot be transferred to the SEH UTN Managers that are installed on the clients The SNMPv1 parameter has been disabled see gt 39 O The communication is blocked by a firewall A connection to the USB port cannot be established O The access control for USB devices is enabled gt B86 O No driver software for the USB device is installed on the client O The USB port is already connected to another client A connection to the myUTN Control Center cannot be established Eliminate possible error sources First of all check the cabling connections the IP address of the UTN server gt 14 as well as the proxy settings of your browser If you still cannot establish any conne
56. Status email area Specify the interval Click Save to confirm e settings are saved 53 Requirements myUTN User Manual Linux Device Settings Configuring event notifications via email MI SMTP parameters have been configured on the UTN server see gt 841 MI A DNS server has been configured on the UTN server see gt 37 For the notification service you can specify up to two email recipi ents and the message types Proceed as follows Start the myUTN Control Center Select Device Notification Enter the recipient into the Email address box Tick the options with the desired message types Click Save to confirm The settings are saved EARWN gt S Configuring event notifications via SNMP traps For the notification service you can specify up to two SNMP trap recipients and the message types Proceed as follows 1 Start the myUTN Control Center 2 Select Device Notification 3 Inthe SNMP traps area specify the recipients via the IP address and the community 4 Tick the options with the desired message types 5 Click Save to confirm The settings are saved 4 8 Howto Get Error Messages via the Display Panel myUTN 800 only You can have error states be shown in the panel display on the front side of the Dongleserver myUTN 800 The following message types are possible 54 myUTN User Manual Linux Device Settings e only one power supply works e SD card errors read and wr
57. TN 800 myUTN User Manual Linux 49 UTC Time Zone Requirements UTN Port myUTN User Manual Linux Device Settings 4 3 Howto Configure the Device Time You can control the device time of the UTN server via a time server SNTP server in the network A timeserver is a computer networking device that reads the actual time from a reference clock and distrib utes this information to its clients In the UTN server the time server is defined via the IP address or the host name The UTN server uses UTC Universal Time Coordinated as a basis UTC is a reference time and used as a time standard The time received by the time server does not necessarily correspond to your local time zone Deviations from your location and the resulting time difference including country specific particularities such as Daylight Saving Time can be handled by means of the Time zone parameter M A time server is integrated into the network Proceed as follows 1 Start the myUTN Control Center 2 Select DEVICE Date Time an 3 Tick Date Time 4 Enter the IP address or the host name of the time server into the Time server box The host name can only be used if a DNS server was configured beforehand 5 Select the code for your local time zone from the Time zone list 6 Click Save to confirm The settings are saved 4 4 Howto Configure the UTN SSL Port A common port will be used for the data transfer between the UTN serv
58. TN Manager The administrator can also cut the connection via the myUTN Con trol Center In addition the connection for some automatisms can be automatically disconnected gt 67 O Cutting the Device Connection via the SEH UTN Manager gt EI65 O c D ting the Device Connection via the myUTN Control Center 65 mH S Cutting the Device Connection via the SEH UTN Manager M The SEH UTN Manager complete version is installed on the client see 2821 Mi The USB port is shown in the selection list see gt 862 MI The USB port is connected to your client Proceed as follows 1 Start the SEH UTN Manager 2 Select the port from the selection list 3 Select Port Deactivate from the menu bar The connection will be deactivated Cutting the Device Connection via the myUTN Control Center E Proceed as follows 1 Start the myUTN Control Center 2 Select START 3 Choose the active connection from the Attached devices list and click the amp icon 65 Working with the SEH UTN Manager 4 Confirm the security query The connection will be deactivated 5 5 How to Request an Occupied Device You can request a USB device that is being actively used by another user To this purpose send a release request for the USB port to which the USB device is connected The other user will be informed about your request via a popup win dow The user can then terminate the connection to t
59. TP only myUTN 80 and later Parameters Value smtp_srv max 128 characters Server name Default blank Description Defines the SMTP server via the IP address or the host name The host name can only be used if a DNS server was configured beforehand 126 myUTN User Manual Linux Appendix Parameter List Parameters Value Default Description smtp_port 1 65535 25 Defines the port number used Server port 1 5 characters 0 9 by the UTN server to send emails to the SMTP server Defines the user name used by the UTN server to log on to the SMTP server smtp_usr User name max 128 characters blank smtp_pwd Password max 128 characters blank Defines the password used by the UTN server to log on to the SMTP server Defines the email address used by the UTN server to send emails Note Very often the name of the sender and the user name smtp_sender Sender name max 128 characters blank are identical smtp_ssl on off off Enables disables TLS TLS The security protocol TLS Transport Layer Security serves to encrypt the transmission between the UTN server and the SMTP server smtp_auth on off off Enables disables the SMTP Login authentication for the login smtp_sign on off off Enables disables the Security encryption and signing of S MIME emails via S MIME smtp_attpkey on off on Enables disables the Attach public key attachment of a public key to an email
60. USB port and thus the USB device This gives you a better overview of the USB devices available in the network Proceed as follows 1 Start the myUTN Control Center 2 Select DEVICE USB port 3 Enter the preferred name into the Port name field 4 Click Save to confirm 51 Benefits and Purpose myUTN User Manual Linux Device Settings The settings are saved 4 6 Howto Deactivate a USB Port only myUTN 80 and later You can enable or disable a USB port This is done by interrupting and re establishing the power supply The power supply for the USB ports is enabled by default Disable unused USB ports in order to ensure that unwanted USB devices cannot be connected to the network Deactivated USB ports cannot be seen in the SEH UTN Manager This function also allows you to turn a USB device off and on again without having to manually remove or reconnect it USB devices that are in an undefined state can be restarted by interrupting and re establishing the power supply of the USB port Proceed as follows 1 Start the myUTN Control Center 2 Select DEVICE USB port 3 Tick clear the option in front of the USB port 4 Click Save to confirm The power supply of the USB port is established or interrupted 4 7 Howto Use the Notification Service only myUTN 80 and later You can get notifications in the form of emails or SNMP traps from the UTN server By means of these notifications up to four recipie
61. UTN e Lock all locks IP ports In order to exclude network elements e g clients DNS server SNTP server from port locking they must be defined as exceptions To do so the IP addresses or MAC addresses hardware addresses of the net work elements with access rights must be entered in the Exceptions area Please note e MAC addresses are not delivered through routers e The use of wildcards allows you to define subnetworks The test mode allows you to check the configured access protec tion If the test mode is activated access protection remains active until the UTN server is rebooted After restarting the protection is no longer effective The test mode option is activated by default After a successful test you must deactivate the test mode so that access protection remains permanently active Proceed as follows 1 Start the myUTN Control Center SelectSECURITY TCP port access Tick Port access control Select the desired protection in the Security level area In the Exceptions area define the network elements which are excluded from port locking Enter the IP or MAC addresses and tick the options 6 Make sure that the test mode is enabled mA wR 80 myUTN User Manual Linux Security 7 Click Save amp Restart to confirm The settings are saved The port access control is activated until the device is restarted 8 Check the port access and configurability of the UTN server
62. activation and deactivation of port connections To this purpose commands are entered and run in the command line interface of the operating system As an alternative a script will be written SEH UTN Manager Versions The SEH UTN Manager is available in two versions e Complete version e Minimal version without graphical user interface The decisive difference in the complete version is the graphical user interface It shows you the program in form of graphic images and offers additional features searching for and administrating UTN servers simplified use of USB devices and much more The minimal version of the SEH UTN Manager can only be used via the command line interface The minimal version can for example be used to automate the activation deactivation of port connections with scripts see Zusatztool utnm gt 150 Ee n o l The complete version is recommended for general use The minimal version is to be used by experts only In both versions the service SEH UTN Service Daemon works in the background and becomes active after the system start Additionally the following user groups are distinguished e users with administrative rights administrator e users without administrative rights standard user The functions Auto Connect and Auto Disconnect can only be con figured by users with administrative rights 22 Administration Methods Installation In order to use the SEH UTN Manager the progra
63. al Linux Security 6 Security The following security mechanisms can be configured and activated according to your demands e How to Define the Encryption Level for SSL TLS Connections gt B76 e How to Encrypt the Connection to the myUTN Control Center B77 e e How to Control the Access to the myUTN Control Center User Accounts gt 78 e How to Control Access to the UTN Server TCP Port Access Control 2879 e How to Control Access to USB Devices only myUTN 80 and later gt 82 e How to Block USB Device Types gt 85 e How to Use Certificates Correctly gt E86 e How to Use Authentication Methods gt 94 e How to Encrypt Data Transfer 2101 The myUTN Control Center can also be protected by the SNMP and or VLAN security concept For further information see e How to Configure SNMP gt 838 e How to Use the UTN Server in VLAN environments only myUTN 80 and later gt 57 75 Encryption Level Cipher Suite Establishing Connections myUTN User Manual Linux Security 6 1 How to Define the Encryption Level for SSL TLS Connections The following connections on the UTN server can be encrypted via SSL TLS e Email POP3 gt 241 e Email SMTP gt 241 e Web access to the myUTN Control Center HTTPS gt 77 e Data transfer between the clients and the UTN server and the connected USB devices USB port 98101
64. alling the Requested Certificate in the UTN Server gt 90 O Installing the PKCS 12 Certificate in the UTN Server gt 291 O Saving S MIME Certificates in the UTN Server only myUTN 80 and later gt 291 O Installing the CA Certificate in the UTN Server gt 92 O Deleting Certificates gt 293 O mg Displaying Certificates Certificates installed on the UTN server and certificate requests can be displayed and viewed M A certificate is installed on the UTN server Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY Certificates 3 Select the certificate via the icon Q The certificate is displayed Creating a Self Signed Certificate gt If a self signed certificate has already been created on the UTN server you must first delete the certificate see gt 93 Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY Certificates 3 Click Self signed certificate an 4 Enter the relevant parameters see table 13 gt 289 88 Security 5 Click Create Install The certificate will be created and installed This may take a few minutes Table 13 Parameters for the Creation of Certificates Parameters Description Common name Is used to clearly identify the certificate It is advisable to use the IP address or the host name of the UTN server to allow a clear assignment of the certificate to the UTN server
65. ameter List DNS Parameters Value Default Description dns on off on Enables disables the name DNS resolution via a DNS server myUTN User Manual Linux 122 myUTN User Manual Linux Appendix Parameter List Parameters Value Default Description dns_domain max 255 characters blank Defines the domain name of Domain name a z A Z 0 9 an existing DNS server dns_primary valid IP address 0 0 0 0 Defines the IP address of the Primary DNS primary DNS server server dns_secondary valid IP address 0 0 0 0 Defines the IP address of the Secondary DNS secondary DNS server server The secondary DNS server is used if the primary DNS server is not available Tabelle 27 Parameter List SNMP Parameters Value Default Description snmpv1 on off on Enables disables SNMPv1 SNMPv1 snmpv1_ronly on off off Enables disables the write Read only protection for the community snmpvi_community max 64 characters public Defines the name of the Community a z A Z 0 9 SNMP community The SNMP community is a basic form of access protec tion in which several partici pants with the same access rights are grouped together snmpv3 on off on Enables disables SNMPv3 SNMPv3 any_rights None readonly Defines the access rights of Access rights readonly the SNMP user group 1 readwrite any_hash md5 md5 Specifies the hash algorithm Hash sha of the SNMP user group 1 any_cipher None Defines the encryption E
66. ansmission between the UTN server and the SMTP server The cipher strength is defined via the encryption level gt 276 SMTP Sender name Defines the email address used by the UTN server to send emails Note Very often the name of the sender and the user name are identical SMTP Login Enables disables the SMTP authentication for the login SMTP User name Defines the user name used by the UTN server to log on to the SMTP server SMTP Password Defines the password used by the UTN server to log on to the SMTP server SMTP Security S MIME Enables disables the encryption and signing of emails via S MIME SMTP Signing emails Defines the signing of emails A signature created by the sender allows the recipient to verify the identity of the sender and to make sure that the email was not modified An S MIME certificate is required for the signing of emails gt 286 SMTP Full encryption Defines the encryption of emails Only the recipient can open and read the encrypted email An S MIME certificate is required for the encryption gt 286 SMTP Attach public key Sends the public key together with the email Many email clients require the public key to be attached in order to view the emails myUTN User Manual Linux 43 What is WLAN WLAN Security WEP myUTN User Manual Linux Network Settings 3 7 How to Configure WLAN nur myUTN 55 The UTN server myUTN 55 is a WLAN device and is operated wire lessly in t
67. arch 61 myUTN 6 myUTN Control Center 19 Language 20 Start 19 Structure 20 N Network List 61 Network settings 33 Anhang Index Notification service 52 53 Email 54 SNMP trap 54 Notifications 52 P Parameter file 103 Parameter list 114 Parameters Default setting 106 Display 104 Load 105 Reset 106 Save 104 PEAP 98 PKCS 12 91 POP3 41 Port connection Activate 63 Automate 67 Deactivate 65 Port deactivation 52 Port name 51 Protection 75 Protocol BOOTP 15 DHCP 15 IPv4 33 IPv6 35 POP3 41 SMTP 41 SNMP 38 SNTP 50 SSL TLS 76 Purpose 6 R RADIUS 94 Release request 66 Remote maintenance 30 146 myUTN User Manual Linux Reset 106 Restart 109 Roaming 46 Roaming level 46 S S MIME certificate 87 Script 139 SD card 103 Security 75 Security level 80 SEH UTN Manager Changing versions 27 Function overview 133 Installation 23 Start 27 Structure 28 Update 27 Versions 22 Selection List 62 70 Self signed certificate 86 Service 11 SMTP 41 SNMP trap 53 SNMPv1 38 SNMPv3 38 SSID Service Set Identifier 46 SSL TLS connection 76 101 Subnet mask 112 Support 11 System Requirements 6 T TCP port access control 79 TCP IP 33 Test Mode 80 Time of the device 50 Time server 50 Time zone 50 Types of connection 77 93 Anhang Index U Update 108 USB devices Add 62 Connect 63 Disconnect 65 Request 66 Status information 69 USB Port Activate 63 Request 66 USB port Deactivate 52 65 Me
68. can be edited and configured according to your needs by adding and deleting the required UTN servers By means of the type and distribution of the selection list in combi nation with the user management the administrator can control the access to the UTN servers that are available in the network All users will at first use the same global selection list As an alterna tive the administrator can provide users with user specific selection lists by means of an ini file The access can be controlled by placing predefined selection lists into user specific directories Revoking write rights to the ini file will limit and control the access to functions of the SEH UTN Man ager for individual users In the following the selection list types will be described in greater detail 70 Working with the SEH UTN Manager SPE Global Selection List Abb 10 Global Selection List Global Selection List Properties of the global selection list e All users of a client use the same selection list e The users can only access the devices listed in the selection list e Unauthorized persons will not be able to access devices that are not listed in the selection list e The selection list can only be edited by administrators om User Specific Selection List Admin specific Selection List User specit ic Selection List saved as ini files in the user specific directories Abb 11 User Specific Selection List Propertie
69. cece cece eee eee e sete eeeeeees 114 myUTN User Manual Linux 8 3 8 4 8 5 8 6 8 7 8 8 myUTN User Manual Linux Information shown in the display panel myUTN 800 only 132 SEH UTN Manager Function Overview cee eee eee eee 133 Troubleshooting as nent ceesdernsesxteen tsar eemeneee cama resaexees 135 Additional Tool utnm s acepea ean peetee a54ed ene senses 139 Listof FiQU6Ss i cs ataunentataweses casas eensesnieracomeeeecates 144 WAN sect at eee tai ate ats ake a eee E see 145 What Information Do You Need Purpose System Requirements myUTN User Manual Linux General Information 1 General Information ll e myUTN S86 e Documentation gt B8 e Support and Service gt 211 e Your Safety gt B12 e First Steps gt 13 e Saving the IP Address in the UTN Server 914 mg 1 1 myUTN myUTN myUSB to Network allows you to access non net work ready USB devices e g hard disks printers etc in the net work The USB devices will be connected to the USB port of the UTN server gt The Dongleservers myUTN 80 and myUTN 800 are exclusively designed for the deployment of USB dongles The software tool SEH UTN Manager handles the access of the USB devices The software is installed on all clients that are meant to access a USB device in the network The SEH UTN Manager shows the availability of all UTN servers in the network and establis
70. ction the following safety mechanisms might be the cause O The access is protected via SSL TLS HTTPS gt 282 O The access is protected via SSL TLS HTTPS and you deleted the certificate CA self signed PKCS 12 Reset the parameter values of the UTN server to their default settings to get access 8111 Previous settings will be deleted O The TCP port access control is enabled gt 83 mp 137 Appendix Troubleshooting O The cipher suites of the encryption level are not supported by the browser gt 80 Password and or user name is no longer available Access to the myUTN Control Center can be restricted If the pass word and or user name is no longer available you can reset the parameter values of the UTN server to their default settings to get access 111 Previous settings will be deleted myUTN User Manual Linux 138 utnm Use Benefits and Purpose What Do You Want To Do Requirements myUTN User Manual Linux Appendix Additional Tool utnm 8 6 Additional Tool utnm The additional tool utnm has been developed for the myUTN prod ucts of SEH Computertechnik GmbH It is used for the activation and deactivation of USB ports including connected USB devices In order to activate or deactivate a USB port with utnm commands are entered and run in a special syntax in the console of the operat ing system As an alternative a script will be written for the USB port The script co
71. d from the boot protocols BOOTP or DHCP If this is not the case the UTN server assigns itself an IP address from the address range 169 254 0 0 16 which is reserved for ZeroConf Once the UTN server has automatically received an IP address via a boot protocol you can save a freely definable IP address in the UTN server The UTN server s assigned IP address can be determined and changed using the software tool SEH UTN Manager see gt 2118 Different methods for the assignment of the IP address are described in the following e ZeroConf gt 15 e BOOTP 9815 e DHCP gt 15 e Auto Configuration IPv6 Standard gt 16 e SEH UTN Manager gt B16 e myUTN Control Center gt 16 e ARP PING 9817 Requirements Requirements myUTN User Manual Linux General Information ZeroConf If no IP address can be assigned via boot protocols the UTN server assigns itself an IP address via ZeroConf For this purpose the UTN server picks an IP address at random from the address range 169 254 0 0 16 which is reserved for ZeroConf EE LT a You can use the domain name service of Bonjour for the name reso lution of the IP address see gt 39 BOOTP The UTN server supports BOOTP which means that the IP address of the UTN server can be assigned via a BOOTP server MI The BOOTP parameter has been enabled see gt B33 Mi A BOOTP server is available in the network If the UTN
72. d in the Para meterliste gt 8121 Saving the Parameter File Proceed as follows 1 Start the myUTN Control Center 2 Select MAINTENANCE Parameter backup 104 Requirements myUTN User Manual Linux Maintenance 3 Click the icon amp The current parameter values are displayed 4 Save the lt default name gt _parameters txt file on a local system with the help of your browser The parameter file is copied and secured Loading the Parameter file onto the UTN Server Proceed as follows Start the myUTN Control Center Select MAINTENANCE Parameter backup Click Browse Specify the lt default name gt _parameter txt file Click Import The parameter values in the file are applied to the UTN server EFaARWN DS myUTN 800 If you want to load the parameter values and certifi cates from an automatic backup on an SD card perform a cold start of the UTN server interrupt and re establish the power supply Automatic backup myUTN 800 only M An SD card is connected to the UTN server M The SD card has the file system FAT12 FAT16 or FAT32 MI 1 MB of free space is available on the SD card Proceed as follows Start the myUTN Control Center Select MAINTENANCE SD card Tick Parameter backup Click Save The settings are saved 105 When is Resetting Recommended What Do You Want To Do myUTN User Manual Linux Maintenance 7 2 Howto Reset the UTN Parameters
73. e of the certification authority that has issued the certificate of the authentication server RADIUS on the UTN server see Installing the CA Certificate in the UTN Server gt 92 e Enable the authentication method EAP ILS on the UTN server D Proceed as follows Start the myUTN Control Center Select SECURITY Authentication Select TLS from the Authentication method ist Select the root CA certificate from the list EAP root certificate Click Save amp Restart to confirm The settings are saved EAKRWNs Configuring EAP TTLS EAP TTLS Tunneled Transport Layer Security validates the identity of devices or users before they gain access to network resources You can configure the UTN server for the EAP TTLS network authentica 96 Mode of Operation Requirements myUTN User Manual Linux Security tion This ensures that the UTN server gets access to protected net works EAP TTLS consists of two phases In phase 1 a TLS encrypted channel between the UTN server and the RADIUS server will be established Only the RADIUS server authenticates itself using a certificate that was signed by a CA This process is also referred to as outer authentication In phase 2 an additional authentication method is used for the communication within the TLS channel EAP defined methods and older methods CHAP PAP MS CHAP and MS CHAPv2 are supported This process is also referred to as inner authentication
74. e parameter Description on the UTN server Email address of the UTN 7 server as configured on the To myutn company com POP3 server f 7 Subject cmd set parameters Command TAN nUn47ir79Ajs7 QKE AN Parameter and parameter value Abb 5 Administration via Email Example 2 myUTN User Manual Linux 32 What Information Do You Need What Do You Want To Do myUTN User Manual Linux Network Settings 3 Network Settings mg 33 35 e How to Configure IPv4 Parameters gt mg e How to Configure IPv6 Parameters gt e How to Configure the DNS gt 37 e How to Configure SNMP gt 38 e How to Configure Bonjour gt 39 e How to Configure POP3 and SMTP only myUTN 80 and later gt 84 e How to Configure WLAN nur myUTN 55 gt 44 3 1 How to Configure IPv4 Parameters TCP IP Transmission Control Protocol over Internet Protocol for wards data packets across several connections and establishes a con nection between the network participants The boot protocols DHCP and BOOTP belong to the TCP IP protocol family You can define various IPv4 parameters for an ideal integra tion of the UTN server into a TCP IP network For further informa tion about the assignment of IP addresses see 92114 O Configuring IPv4 Parameters via the myUTN Control Center gt 33 O Configuring IPv4 Parameters via the SEH UTN Manager gt 34
75. e they gain access to network resources You can con figure the UTN server for the EAP TLS network authentication This ensures that the UTN server gets access to protected networks EAP TLS describes a certificate based authentication method via a RADIUS server For this purpose certificates are exchanged between the UTN server and the RADIUS server An encrypted TLS connection between the UTN server and the RADIUS server is established in this process Both RADIUS server and UTN server need a valid digital cer tificate signed by a CA The RADIUS server and the UTN server must 95 Procedure Benefits and Purpose myUTN User Manual Linux Security validate the certificate After the mutual authentication was suc cessful the access to the network will be freed Since each device needs a certificate a PKI Public Key Infrastruc ture must be available User passwords are not necessary If you want to use the EAP TLS authentication you must observe the instructions below in the indicated order If this procedure is not adhered to the UTN server in the network may not be addressable In this case you have to reset the parameters of the UTN server see gt 1106 e Create a certificate request on the UTN server see gt 90 e Create a certificate using the certificate request and the authentication server e Install the requested certificate on the UTN server see gt 90 e Install the root CA certificat
76. ed can be found in the respective Quick Installation Guide myUTN User Manual Linux 7 Scope and Content Structure of the Documentation Document Features myUTN User Manual Linux General Information 1 2 Documentation This documentation describes several versions of the USB Device server as well as the Dongleservers This means that functions will be described that may not be applicable to your product Some illustra tions may differ from your device Refer to the data sheet of your UTN server model for information about the functional range of your product Please note the follow ing names of the product categories in this documentation e USB Deviceserver gt UTN server e Dongleserver gt UTN server e dongle gt USB device The myUTN documentation consists of the following documents User Manual Detailed description of the myUTN configuration and L administration System specific instructions for the R following systems ji Windows Mac Linux Quick Installation Guide Pe Information about security hardware installation and the et 2 initial operation procedure aama Online Help myUTN Control Center i RY The Online Help contains detailed information about how aaa A to use the myUTN Control Center x Online Help SEH UTN Manager V The Online Help contains detailed information about how x to use the software tool SEH UTN Manager This documentation has been desig
77. eleted A 93 Security 6 8 Howto Use Authentication Methods By means of an authentication a network can be protected against unauthorized access The UTN server can participate in various authentication procedures This section describes which procedures are supported and how these procedures are configured on the UTN server What is IEEE 802 1X The IEEE 802 1X standard provides a basic structure for various authentication and key management protocols IEEE 802 1X allows you to control the access to networks Before users gain access to a network via a network device they must authenticate themselves in the network After the authentication was successful the access to the network will be freed WhatisEAP The standard IEEE 802 1X is based upon the EAP Extensible Authen tication Protocol EAP is a universal protocol for many authentica tion procedures EAP allows for a standardized authentication procedure between the network device and an authentication server RADIUS First you must define the authentication procedure TLS PEAP TTLS etc to be used and configure it on all network devices involved What is RADIUS RADIUS Remote Authentication Dial In User Service is an authen tication and account management system that validates user login information and grants access to the desired resources The UTN server supports various EAP authentication methods in order to authenticate itself in a protected network What
78. ends the parameter list of the UTN server set parameters Sends parameters to the UTN server The syntax and values can be obtained from the parameter list see gt 8121 Parameter and value must be entered into the email body update utn Carries out an automatic update using the software that is attached to the mail help Sends a page containing information about the remote maintenance lt comment gt Freely definable text for descriptions The following applies for the instructions e not case sensitive e one or more space characters are allowed e max length is 128 byte e only the ASCII format can be read You will need a TAN for updates or parameter changes on the UTN server You will get a current TAN from the UTN server via email e g when receiving a status page Enter the TAN into the first line of the email body A space character must follow Parameter changes are integrated into the email body with the fol lowing syntax lt parameter gt lt value gt The syntax and values can be obtained from the parameter list see gt 2121 31 Administration Methods Example 1 This email causes the UTN server to send the parameter list to the sender of the email Email address of the UTN server as configured on the POP3 server myutn company com Subject cma get parameters j TO Command Abb 4 Administration via Email Example 1 Example2 This email configures th
79. er myUTN 800 only trap_sdunusable on off off Enables disables the sending Send trap if SD of SNMP traps if the SD card card cannot be is unusable myUTN 800 used only mailto_1 valid email address blank Defines the email address of mailto_2 max 64 characters the recipient for notifications Email address noti_dev_1 on off off noti_dev_2 Send email if USB devices are connected or disconnected Enables disables the sending of emails after a USB device was connected to removed from the UTN server 128 myUTN User Manual Linux Parameters Value noti_act_1 on off noti_act_2 Send email if USB port is activated or deactivated noti_pwr_1 on off noti_pwr_2 Send email if power supply is interrupted or established noti_sdinout_1 on off noti_sdinout_2 Send email if SD card is connected or disconnected noti_sdunusable_1 on off noti_sdunusable_2 Send email if SD card cannot be used noti_stat_1 on off noti_stat_2 Status email noti_pup_1 on off noti_pup_2 Send email if UTN server is restarted notistat_d al daily Interval su Sunday mo Monday tu Tuesday we Wednesday th Thursday fr Friday sa Saturday notistat_h 1 1 hour hh 2 2 hour 3 3 hour Default off off off off off off al Appendix Parameter List Description Enables disables the sending of emails after a USB port was activated deactivated Enable
80. er and the client Depending on the type of connection two port variants are available Unencrypted connection means that client and UTN server commu nicate via the UTN port The port number 9200 is preset 50 UTN SSL Port Requirements Tip myUTN User Manual Linux Device Settings Encrypted connection means that client and UTN server communi cate via the UTN SSL port The port number 9443 is preset In order to use an encrypted connection you must enable the port encryp tion see S101 Bails a OooooouououououououououoaoaoaoaoaoavaoO This UTN port or the UTN SSL port must not be blocked by a firewall If required you can change the port number on the UTN server MI In order that the SEH UTN Managers installed on the clients receive the current port number the SNMPv1 parameter must be activated see 1238 Proceed as follows 1 Start the myUTN Control Center 2 Select DEVICE UTN port 3 Enter the port number into the UTN port or UTN SSL port box 4 Click Save to confirm The settings are saved 4 5 How to Assign a Name to a USB Port You can assign any name to the USB port This port name will be dis played in the myUTN Control Center and the SEH UTN Manager If no port name is defined the name of the USB device connected will be displayed Some USB devices have cryptic or ambiguous names Assign a clear description e g the name of a corresponding software to the
81. erzeichnis gt e Index 92156 mg 139 155 TH myUTN User Manual Linux 110 What Information Do You Need myUTN Control Center SEH UTN Manager Hardware Address myUTN User Manual Linux Appendix Glossary 8 1 Glossary The glossary contains information about manufacturer specific software solutions and terms from the world of network technology Manufacturer Specific Software Solutions e myUTN Control Center 92111 e SEH UTN Manager gt B111 Network Technology e Hardware Address gt 1111 e IP Address 8112 e Host name gt 2112 e Gateway 92112 e Subnet Mask gt B112 e Default Name 915112 Miscellaneous e Compound USB Device 912113 The UTN server can be configured and monitored via the myUTN Control Center The myUTN Control Center is stored in the UTN server and can be displayed by means of a browser software z B Mozilla Firefox The software tool SEH UTN Manager handles the access of the USB devices The software is installed on all clients that are meant to access a USB device in the network The SEH UTN Manager shows the availability of all UTN servers in the network and establishes a connection between the client and the USB port including the con nected USB device The UTN server is addressable by means of its world wide unique hardware address This address is commonly referred to as the M
82. evices SEH Computertechnik GmbH will not accept any liability for per sonal injuries property damages and consequential damages result ing from the non observance of the mentioned safety regulations and warnings SEH Computertechnik GmbH will not accept any lia bility for loss of data property damages and consequential damages resulting from the non observance of the mentioned safety regula tions and warnings The UTN serveris used in TCP IP networks myUTN allows you to access non network ready USB devices in the network The UTN server has been designed for use in office environments All uses of the device that do not comply with the myUTN function alities described in the documentation are regarded as improper uses It is not allowed to make modifications to the hardware and software or to try to repair the device Before starting the initial operation procedure of the UTN server please note the safety regulations in the Quick Installation Guide The Quick Installation Guide is enclosed in the packaging Read and observe all warnings mentioned in this document Warn ings are found before any instructions known to be dangerous They are presented as follows Warning myUTN User Manual Linux General Information 1 5 First Steps This section provides all the information that you need for a fast operational readiness Proceed as follows 1 2 Read and observe the security regulations in order to avoid
83. he administrator user account Note Also is the password of the SNMP admin account Defines the user name for the read only user account Note Also is the user name of the SNMP user account Defines the password for the read only user account Note Also is the password of the SNMP user account Tabelle 20 Parameter List USB device type blocking Parameters Value utn_hid on off Disable input devices HID class Default on Tabelle 21 Parameter List TCP port access Parameters Value protection on off Port access control Default off Description De activates the blocking of input devices HID human interface devices on no blocking off blocking Description Enables disables the locking of the selected ports 119 myUTN User Manual Linux Parameters protection_test Test mode protection_level Security level ip_filter_on_1 ip_filter_on_8 IP address ip_filter_1 ip_filter_8 IP address hw_filter_on_1 hw_filter_on_8 MAC address hw_filter_1 hw_filter_8 MAC address Value on off protec_utn protec_tcp protec_all on off valid IP address on off valid hardware address Default on protec_ utn off blank off 00 00 00 00 00 00 Appendix Parameter List Description Enables disables the test mode The test mode allows you to test the parameters set using the access control If the test mode is activated
84. he USB device state is unknown 100 Unknown command TOn UTN server not found Either the UTN server does not exist or the DNS resolution failed 103 The port key is too long A USB device is to be activated Commands and syntax utnm c activate UTN server port number Results in utnm c activate 10 168 1 167 3 myUTN User Manual Linux 143 myUTN User Manual Linux Appendix List of Figures 8 7 List of Figures UTN Server in the Network sc2 c2t cteaedeadsbnaw ed neawns ea 7 myUTN Control Center START 0 00 eee eee eens 20 SEH UTN Manager Main Dialog 222 20 0 eee 28 Administration via Email Example 1 0 eee eee eee 32 Administration via Email Example 2 000 ee eee 32 Display panel myUTN 800 2 00 cee eee eee 49 USB port based assignment of VLANs 0222 2005 57 SEH UTN Manager Edit Selection List 0 62 SEH UTN Manager Activating the Device 64 Global Selection List csonssdaeshsesgeSidweedssdenaceeeesess 71 User Specific Selection List nannu nunana nenna 71 myUTN Control Center Certificates 0 0 00 eee eee 87 UTN Server SSL TLS Connection in the Network 101 SEH UTN Manager Encryption 22 2 6 ee5 a4 s caer ee 102 144 myUTN User Manual Linux 8 8 Index A Acoustic Signals 55 Ad hoc mode 46 Address Hardware address 111 IP address 112 MA
85. he USB port When the USB port is shared the connection between the USB port and your client will be established automatically Requirements MM The SEH UTN Manager complete version is installed on the client see gt 221 MI The SEH UTN Manager complete version is installed on the client of the user who uses the USB device see gt E21 MI The SEH UTN Manager complete version is executed on both clients MI The USB port is shown in the selection list see gt 5162 M The USB port is connected to another client Proceed as follows 1 Select the port from the selection list 2 Select Port Request from the menu bar The release request will be sent myUTN User Manual Linux 66 What Do You Want To Do Requirements myUTN User Manual Linux Working with the SEH UTN Manager 5 6 Howto Automate Port Connections and Program Starts You can automate the connections to USB ports including con nected USB devices and program starts in many ways This is done by various automatisms O Permanent Port Connection after Operating System Boot Auto Connect gt 67 O Automatically Disconnect the Port Connection after the Time Defined Auto Disconnect gt 268 O Using the Additional Tool utnm gt 2150 Permanent Port Connection after Operating System Boot Auto Connect The feature automatically establishes a permanent connection to a USB port and the connected USB device wit
86. he display Display SD card of error messages in the errors display panel if no SD card is inserted into the UTN server or if the SD card cannot be used Errors are displayed in codes see 28132 Tabelle 35 Parameter List Acoustic signal only myUTN 800 Parameters Value Default Description beepPwr on off off Enables disables the acoustic Only one power signal that sounds if the UTN supply provides server only is supplied by one power power supply myUTN User Manual Linux 130 myUTN User Manual Linux Appendix Parameter List Parameters Value Default Description beepSDc on off off Enables disables the acoustic SD card error signal that sounds if no SD card is inserted into the UTN server or if the SD card cannot be used Tabelle 36 Parameter list SD card myUTN 800 only Parameters Value Default Description autoSync on off on Enables disables the Parameter backup automatic parameter backup to a connected SD card 131 Appendix Information shown in the display panel myUTN 800 only 8 3 Information shown in the display panel myUTN 800 only The Dongleserver myUTN 800 has a display panel at its front side It provides status information error states Text Description Troubleshooting DS The Dongleserver is operational identifier gt 251 RS The Dongleserver is restarting DL Firmware software is loaded onto the Dongleserver Afterwards the Dongleserver is updated E1 One of t
87. he network WLAN is a radio technology that allows you to establish wireless connections between network components The WLAN technology is defined as a standard of the IEEE 802 11 family The myUTN 55 sup ports the standards IEEE 802 116 802 11g and IEEE 802 11n The myUTN 55 has additional WLAN parameters see table 9 gt 46 You can view the current WLAN settings in the myUTN Con trol Center under the menu item NETWORK WLAN Make sure that no unauthorized user logs on to the Wireless LAN and that no one has access to the Internet or network resources Your UTN server offers several security mechanisms Default Mechanism Encryption Authentication WEP WEP Open System Shared Key WEP EAP WEP Open System 802 1X EAP WPA Personal Mode TKIP MIC PSK WPA2 Personal Mode AES CCMP PSK WPA Enterprise Mode TKIP MIC 802 1X EAP WPA2 Enterprise Mode AES CCMP 802 1X EAP WEP Wired Equivalent Privacy is an encryption method according to IEEE 802 11 on the basis of the RC4 encryption algorithm WEP offers mechanisms for data encryption and authentication WEP uses a key to encrypt the entire communication As for encrypted access points the same WEP key must be used for the access point and the UTN server Some access points convert WEP keys that are entered as ASCII text into arbitrary hexadecimal values In this case the WEP keys for the 44 WPA WPA2 myUTN User Manual Linux
88. he two power supplies is Check the cabling connections not working and voltage source Which connection is not working is indicated by a glowing dot left dot left power supply right dot right power supply E2 The SD card is formatted with an Format the SD card in the file unsupported file system format FAT32 FAT16 or FAT12 respectively cannot be read and Check if the SD card functions be written to properly E3 The SD card is read only Remove the write protection from the SD card E4 No SD card is available in the Insert an SD card into the SD card reader card reader Type SD or SDHC File system FAT32 FAT16 or FAT12 E5 One or both network connections Check the cabling connections myUTN User Manual Linux have no link and your network 132 Appendix SEH UTN Manager Function Overview 8 4 SEH UTN Manager Function Overview Functions in the SEH UTN Manager can be shown as inactive grayed out or not shown at all This depends on the following factors e Settings of the selection list mode global list user list e User Groups Users that have administrative rights or are members of the group utnusers Users that do not have administrative rights or that do not belong to the group utnusers Users with write access to the ini file selection list Users without write access to the ini file selection list The administrator can use these factors to provide users with indi
89. hes a connection between the client and the USB port including the con nected USB device myUTN has been designed for the use in TCP IP based networks The SEH UTN Manager has been designed for the use in the following systems General Information e Windows XP or later e OSX 10 8 x or later e Ubuntu 12 04 x LTS 64 bit Ubuntu 14 04 x LTS 64 bit or Oracle 64 bit Linux 6 5 with Linux kernel 2 6 32 or higher glibc 2 11 1 or higher and OpenSSL 1 0 1 or higher m This document describes the usage in Linux environments Informa tion about the usage in other environments can be found in the rel evant system specific User Manual For further information see Documentation gt B8 Procedure and Basic After the SEH UTN Manager is started the network will be scanned Functions for connected UTN servers The network range to be scanned is freely definable All UTN servers found will be shown in the network list together with the connected USB devices The required UTN servers will be selected and added to the selection list The UTN servers listed in the selection list can then be used by the user To use a USB device the user establishes a connection between the client and the USB port of the UTN server to which the USB device is connected IT devices industrial devices A entertainment gua devices UTN server a Abb 1 UTN Server in the Network ay Types and number of the USB devices to be connect
90. hout the need for a user to log on to the client The connection will be e activated upon the operating system startup and terminated when the system shuts down e automatically reestablished when the system restarts MI The SEH UTN Manager complete version is installed on the client see 921 The USB port is shown in the selection list see gt E62 You are logged on to the system as administrator Proceed as follows Start the SEH UTN Manager Select the port from the selection list Select Port Settings from the menu bar The Port Settings dialog appears 4 Tick Activates the device automatically after the SEH UTN Manager program start Auto Connect 5 Click OK 67 Requirements myUTN User Manual Linux Working with the SEH UTN Manager The setting will be saved Automatically Disconnect the Port Connection after the Time Defined Auto Disconnect This function allows you to automatically disconnect the connection to a USB port after the time defined A one off prolongation of the connection by the duration of the defined time can be optionally activated The settings apply to all USB ports on a UTN server Two minutes before the expiration of the defined time the user will receive a message telling them to close the connection to the USB port and the connected USB device in order to avoid data loss and error conditions If the prolongation is enabled the note with the possibility to accept
91. ines the channel frequency range on which the Frequency range entire data communication will be transmitted The product uses the 2 4 GHz ISM band A channel has a bandwidth of 22 MHz The distance between two neighboring channels is 5 MHz Channel 3 is preset The parameter Channel can only be configured in the Ad Hoc mode Neighboring channels overlap which can lead to interferences If several WLANs are operated in a small radius a distance of at least five channels should exist between two channels Keep yourself informed about national provisions regarding the use of WLAN products and only use authorized channels myUTN User Manual Linux 46 Network Settings Parameters Description Encryption method see WLAN Security gt B44 Authentication method see How to Use Authentication Methods gt 294 myUTN User Manual Linux 47 What Information Do You Need myUTN User Manual Linux Device Settings 4 Device Settings e How to Determine a Description gt 48 e How to Assign an Identifier Shown in the Display Panel myUTN 800 only gt 249 e How to Configure the Device Time gt 85 e How to Configure the UTN SSL Port gt e How to Assign a Name to a USB Port gt oO mg 50 51 mg e How to Deactivate a USB Port only myUTN 80 and later gt B 52 e H D mg w to Use the Notification Service only myUTN 80 and later
92. ion This parameter can only be used after consultation with the SEH support team Specifies methods for limiting the access and use of the USB port and the connected USB device no protection ids device assignment key port key control keyids device assignment and key control Specifies the key used to protect the access to the connected USB device 121 Appendix Parameter List Parameters Value Default Description utn_vendprodIDs Shows the VID Vendor ID 1 and PID Product ID of the USB device that is assigned utn_vendprodIDs to the USB port via the device _20 assignment USB device utn_2vlan_1 0 9 0 Allocates a VLAN to the USB 1 character port utn_2vlan_20 see gt 8115 0 every Allocate VLAN 1 VLAN 1 2 VLAN 2 etc 9 none Tabelle 25 Parameter List USB port Parameters Value Default Description utn_tag_1 max 32 characters blank Freely definable description of a z A Z 0 9 the USB port utn_tag_20 Port name utn_poff_1 on off off Disables enables the power supply for the USB port i e utn_poff_20 the USB device connected to Port the port off power on on power off utn_poffdura_1 0 100 0 This parameter can only be 1 3 characters 0 9 used after consultation with utn_poffdura_20 the SEH support team utn_prereset_1 on off off This parameter can only be used after consultation with utn_prereset_20 the SEH support team Tabelle 26 Par
93. ite errors no SD card Errors are displayed in codes The meaning of the codes you will find in chapter Informationen im Anzeigefeld nur myUTN 800 gt 143 Proceed as follows 1 Start the myUTN Control Center 2 Select Device Notification 3 In the Display panel area tick the options with the desired message types 4 Click Save to confirm The settings are saved gt If there is no error state i e the UTN server is operational the iden tifier is displayed 149 The optional acoustic signals ideally complement the error messages in the display panel For further information see gt B57 4 9 How to Configure Acoustic Signals myUTN 800 only The myUTN 800 Dongleserver gives acoustic feedback when e a USB dongle is connected to the UTN server e the UTN server restarts e the parameters are reset These acoustic signals cannot be turned off Optionally further acoustic signals can be configured for when e only one power supply works e an SD card error exists read and write errors no SD card e only one network connection is established 55 myUTN User Manual Linux Device Settings Tez These optional acoustic signals ideally complement the error mes sages in the display panel gt 54 E Proceed as follows 1 Start the myUTN Control Center 2 Select Device Notification 3 In the Acoustic signal area tick the options with the desired message types 4 Click Save to
94. m The data between the clients and the USB device will be transferred in an encrypted way EANN gt 101 myUTN User Manual Linux Security The encrypted connection will be displayed client side in the SEH UTN Manager under Properties UTN Server Device v Status Properties E 192 168 0 140 Port name Flash Drive Flash Drive Port 1 EVEN EL Port number T Port status Available Auto Connect off Devices connected H Name Flash Drive Abb 14 SEH UTN Manager Encryption 102 What Information Do You Need Automatic Backup myUTN 800 Only myUTN User Manual Linux Maintenance 7 Maintenance e How to Secure UTN Parameters Backup gt 2103 How to Reset the UTN Parameters to their Default Values gt B106 e How to Perform an Update gt 108 e How to Restart the UTN Server gt 109 7 1 How to Secure UTN Parameters Backup All parameter values of the UTN server exception passwords are saved in the gt default name gt _parameters txt file You can save the parameters file as backup copy on your local client This allows you to get back to a stable configuration status at any time You can edit the parameter values of the copied file using a text edi tor Afterwards the configured file can be downloaded to one or more UTN servers The parameter values included in the file will be taken over by the device The Dongleserver myUTN 800 additionally has an
95. m must be installed on a computer with a Linux operating system The installation file of the SEH UTN Manager can be found on the SEH Computertechnik GmbH homepage http www seh technology com services downloads htm For Linux systems 64 bit the installation packages are available as deb and rpm files There are four packages respectively 1 driver 2 service SEH UTN service daemon 3 clitool command line interface tool 4 manager graphical user interface eee tgz installation packages for other Linux systems 32 and 64 bit are also available Minimum requirements Linux kernel 2 6 32 and glibe 2 11 1 Due to the multitude of Linux varieties a successful installation can however not be guaranteed The number of installed packages determines the version of the SEH UTN Manager e package 1 3 minimal version e package 1 4 complete version Install the packages in the order given above to comply with their dependencies myUTN User Manual Linux 23 What Do You Want To Do System Requirements myUTN User Manual Linux Administration Methods The installation of the files depends on the distribution For more information refer to the documentation of your operating system Some installation procedures are described exemplarily e Installting the SEH UTN Manager via the Ubuntu Software Center 91324 e Installing the SEH UTN Manager via Ubuntu terminal gt 225 e In
96. modes are available In the Ad Hoc mode the UTN server communicates directly with another WLAN client peer to peer The infrastructure mode is suitable for setting up large wireless networks with several devices in different rooms Communication between the devices is done via an access point which is connected to the network The access point can be protected by encryption or authentication Network name Defines the SSID The ID of a wireless network is SSID referred to as SSID Service Set Identifier or network name Each wireless LAN has a configurable SSID in order to clearly identify the wireless network The SSID is configured in the access point of a Wireless LAN Each device PC UTN server etc that is intended to have access to the wireless network must be configured using the same SSID Roaming Enables disables the use of roaming Roaming refers to the moving of one radio cell to the next The UTN server will use the access point that has the strongest signal If the UTN server moves towards the sphere of another access point the UTN server switches automatically and without loss of connection to the next radio cell The parameter Roaming can only be configured in the Infrastructure mode Roaming level Defines the transmission power in dBm of the UTN server The value 65 dbm is preset The parameter Roaming Level can only be configured in the Infrastructure mode Channel Def
97. myUTN Control Center A USB device can then only be operated together with its assigned USB port The device assignment makes sure that the security settings of the USB port and the USB device are not bypassed If a device other than the assigned USB device is connected to the USB port it can not be operated a If you want to control the access to the USB devices it is advisable to restrict the administrative access to the myUTN Control Center so that the settings cannot be changed by unauthorized persons see gt B77 82 What Do You Want To Do myUTN User Manual Linux O O O O Security Blocking access to USB devices gt 583 Unblocking access to USB devices gt 83 Specifying the Device Assignment on the USB Port gt 84 Disabling the USB Port Access Control gt 84 Blocking access to USB devices If you want to control the access to a USB device you must specify a key for the USB port via the myUTN Control Center Proceed as follows 1 2 3 4 5 Start the myUTN Control Center Select SECURITY USB port access Select the entry Port key control from the Method list of the relevant USB port Click Generate key or enter a freely definable key into the Key box a maximum of 64 ASCII characters Click Save to confirm The settings are saved Access to the USB device is protected Unblocking access to USB devices In order for a user to gain access
98. n IP Range Search v x v x x Program Program Messages v x v x x Program Program Update v x v x x Automatisms Auto Disconnect v x v x x Selection List Selection List Mode v x v x K Selection List Automatic Refresh v x v x x Port Settings dialog Automatic device connection z X P Auto Connect Messages v v v v v v active r read only x inactive grayed out rw read and write INI ini file gt 73 134 Appendix Troubleshooting Problem Possible Cause 8 5 Troubleshooting This chapter describes some problems and their solutions e The UTN server signalizes the BIOS mode 2135 e Some functions in the SEH UTN Manager are hidden enabled or appear dimmed 921136 e USB devices are not shown in the SEH UTN Manager gt 12136 e The SEH UTN Manager displays several USB devices at one USB port 9136 e A connection to the UTN server cannot be established gt E137 e A connection to the USB port cannot be established 2137 e A connection to the myUTN Control Center cannot be established gt 137 e Password and or user name is no longer available gt 1138 The UTN server signalizes the BIOS mode The UTN server switches to the BIOS mode if the firmware functions well but the software is faulty This may happen in the case of an incorrect software update for example The UTN server signalizes the BIOS mode if e the activity
99. n off Login screen displays sessKeyTimer on off Session timeout Default on Description Defines the permitted type of connection HTTP HTTPS to the myUTN Control Center If HTTPS is exclusively cho sen as the connection type http_allowed off the administrative access to the myUTN Control Center is pro tected via SSL TLS Enables disables the myUTN Control Center access restric tion If access is restricted a login screen is displayed when opnening the myUTN Control Center Note If access is restricted user accounts must be defined Defines the type of login screen on list of users off name and password request Enables disables the session timeout 118 myUTN User Manual Linux Parameters Value sessKeyTimeout 120 3600 Session timeout 3 4 characters 0 9 admin_name max 64 characters Administrator a z A Z 0 9 User name admin_pwd 8 64 characters Administrator a z A Z 0 9 Password any_name max 64 characters Read only a z A Z 0 9 user User name max 64 characters a z A Z 0 9 any_pwd Read only user Password Default 600 admin adminis trator anony mous blank Appendix Parameter List Description Time in seconds after which the timeout is to be effective Defines the user name for the administrator user account Note Also is the user name of the SNMP admin account Defines the password for t
100. ncrypted part of the EAP authentication methods TTLS PEAP and FAST Specifies an optional WPA expansion 125 myUTN User Manual Linux Appendix Parameter List Tabelle 31 Parameter List POP3 only myUTN 80 and later Parameters Value pop3 on off POP3 pop3_srv max 128 characters Server name pop3_poll 1 10080 Check mail 1 5 characters 0 9 every pop3_port 1 65535 Server port 1 5 characters 0 9 pop3_usr max 128 characters User name pop3_pwd max 128 characters Password pop3_sec 0 no security Security 1 APOP 2 SSL TLS pop3_limit 0 4096 Ignore mail 1 4 characters 0 9 exceeding 0 unlimited Default off blank 110 blank blank 4096 Description Enables disables the POP3 functionality Defines the POP3 server via the IP address or the host name The host name can only be used if a DNS server was configured beforehand Defines the time interval in minutes for retrieving emails from the POP3 server Defines the port of the POP3 server used by the UTN server for receiving emails When using SSL TLS enter 995 as port number Defines the name used by the UTN server to log on to the POPS server Defines the password used by the UTN server to log on to the POPS server Defines an authentication method Defines the maximum email size in Kbyte to be accepted by the UTN server Tabelle 32 Parameter List SM
101. ncryption aes method of the SNMP user des group 1 admin_rights None readwrite Defines the access rights of Access rights readonly the SNMP user group 2 readwrite 123 myUTN User Manual Linux Appendix Parameter List Parameters Value Default Description admin_hash md5 md5 Specifies the hash algorithm Hash sha of the SNMP user group 2 admin_cipher None Defines the encryption Encryption aes method of the SNMP user des group 2 Te For SNMP user accounts see Parameter List myUTN Control Center security gt 8118 Tabelle 28 Parameter List Date Time Parameters Value Default Description ntp on off on Enables disables the use of a Date Time time server SNTP ntp_server max 64 characters pool ntp Defines a time server via the Time server a z A Z 0 9 org IP address or the host name The host name can only be used if a DNS server was configured beforehand ntp_tzone UTC GMT EST CET CE The time zone is used to Time zone EDT CST CDT ST EU equalize the difference MST MDT PST between the time received PDT etc over the time server and the local time Tabelle 29 Parameter List Description Parameters Value Default Description sys_name max 64 characters blank Defines the host name of the Host name a z A Z 0 9 UTN server sys_descr max 64 characters blank Freely definable description Description a z A Z 0 9 sys_contact max 64 characters bla
102. ned as an electronic document for screen use Many programs e g Adobe Reader offer a book Terminology Used in this Document myUTN User Manual Linux General Information mark navigation feature that allows you to view the entire docu ment structure This document contains hyperlinks to the associated information units If you want to print this documentation we recommend using the printer setting Duplex or Booklet The explanation of technical terms used in this document is summa rized in a glossary The glossary provides a quick overview of techni cal matters and background information see gt 118 Symbols and Conventions myUTN User Manual Linux General Information A variety of symbols are used within this document Their meaning is listed in the following table Table 1 Conventions within the documentation Symbol Convention A __ Warning Note Proceed as follows 1 Mark Confirmation M Requirements O Option DE Bold Courier Proper names Description A warning contains important information that must be heeded Non observance may lead to malfunctions A notice contains information that should be heeded The hand symbol marks the beginning of instructions Individual instructions are set in italics The arrow confirms the consequence of an action Hooks mark requirements that must be met before you can begin
103. nistra Supported tion and monitoring of the UTN server The myUTN Control Center is stored in the UTN server and can be displayed by means of a browser software e g Mozilla Firefox Requirements M The UTN server is connected to the network and the mains voltage MI The UTN server has a valid IP address Proceed as follows Starting the myUTN 1 Open your browser Control Center 2 Enter the IP address of the UTN server as the URL The myUTN Control Center appears If the myUTN Control Center is not displayed check the proxy set tings of your browser You can also start the myUTN Control Center via the software tool SEH UTN Manager Mark the UTN server in the selection list and select UTN server Configure from the menu bar myUTN User Manual Linux 19 Structure of the myUTN Control Center myUTN User Manual Linux Administration Methods myUTN Control Center Mozilla Firefox sh myUTN Control Center x 192 168 0 140 aT t f P T myutN ControlCenter SEH START NETWORK DEVICE SECURITY MAINTENANCE 0 myUTN 80 Y UTN server Network ICOD1FOB Mica Default name IC0D1F0B IP address 192 168 0 140 Soest Serial number 25020110900016 Subnet mask 255 255 254 0 E Deutsch Host name Gateway 192 168 0 4 ILE Fran ais Software 14 3 2 UTN port 9200 Cre Firmware 33221 Hardware 10 EE raiano Description E portugues Contact person aaa Date Time 2015 07 14 09 51 38 MB wax E ente 38 a30
104. nk Freely definable description Contact person a z A Z 0 9 of the contact person 124 myUTN User Manual Linux Tabelle 30 Parameter List Authentication Parameters auth_typ Authentication method auth_name User name auth_pwd Password auth_intern Inner authentication auth_extern PEAP EAP FAST Options auth_ano_name Anonymous name auth_wpa_addon WPA add on Value None MD5 TLS TTLS PEAP FAST max 64 characters a z A Z 0 9 max 64 characters a z A Z 0 9 none PAP PAP CHAP CHAP MSCHAP2 MS CHAPv2 EMD5 EAP MD5 ETLS EAP TLS none PLABELO PEAPLABELO PLABEL1 PEAPLABEL1 PVERO PEAPVERO PVER1 PEAPVER1 FPROV1 FAST PROV1 max 64 characters a z A Z 0 9 max 255 characters a z A Z 0 9 Default blank blank blank blank Appendix Parameter List Description Defines the authentication method that is used to identify devices or users in the net work Defines the name of the UTN server as saved in the authen tication server RADIUS Defines the password of the UTN server as saved in the authentication server RADIUS Defines the kind of inner authentication for the EAP authentication methods TTLS PEAP and FAST Defines the kind of external authentication for the EAP authentication methods TTLS PEAP and FAST Defines the anonymous name for the une
105. nly cipher suites with an encryption of 128 bit are used e High Only cipher suites with a strong encryption of 128 to 256 bit are used Slow connection Do not use the encryption level Low if only HTTPS is defined as the permitted connection type for the web access to the myUTN Control Center Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY SSL connections 3 Select the desired encryption level from the Encryption area 4 Click Save to confirm The setting will be saved Detailed information about the individual SSL TLS connection status e g cipher suites can be found on the Details page at SSL connec tion status Details 6 2 How to Encrypt the Connection to the myUTN Control Center The connection to the primos Control Center can be encrypted by selecting the permitted types of connection HTTP HTTPS 77 User Accounts myUTN User Manual Linux Security If HTTPS is exclusively chosen as the connection type the connec tion to the myUTN Control Center is encrypted via SSL TLS The cipher strength is defined via the encryption level gt 76 and must not be Low SSL TLS also requires a certificate gt 86 to check the identity of the UTN server During a so called handshake the client asks for the certificate via a browser This certificate must be accepted by the browser Please refer to the documentation of your browser soft ware URLs that require an SSL
106. note of the informa tion contained in the readme file Proceed as follows Start the myUTN Control Center Select MAINTENANCE Update Click Browse Select the update file Click Install The update is executed The UTN server will be restarted EORWN DS 108 myUTN User Manual Linux Maintenance 7 4 Howto Restart the UTN Server The UTN server will automatically restart after changes to the parameters or after an update If the UTN server is in an undefined state it can also be manually restarted What Do You Want Restarting the UTN Server via the myUTN Control Center To Do gt B109 O Restarting the UTN server via the restart button only myUTN 800 gt 8109 Restarting the UTN Server via the myUTN Control Center Proceed as follows 1 Start the myUTN Control Center 2 Select MAINTENANCE Restart 3 Click Restart The UTN server will be restarted Restarting the UTN server via the restart button only myUTN 800 Proceed as follows 1 Press the restart button of the device for a short time The UTN server will be restarted myUTN User Manual Linux 109 Appendix 8 Appendix What Information Glossary gt B111 Do You Needy Parameter List 8114 e Information shown in the display panel myUTN 800 only gt 8132 e SEH UTN Manager Function Overview gt B133 e Troubleshooting 2135 e Additional Tool utnm gt e Abbildungsv
107. ntains commands in a special syntax When it is run the com mands will be executed automatically step by step by the com mand line interpreter When using utnm it is not necessary to open and or install the interface of the SEH UTN Manager minimal version of the SEH UTN Manager gt 22 Frequently recurring command sequences e g a port activation can be automated by means of scripts The execution of scripts can be done automatically e g by means of login scripts O Using the Console gt 123139 O Creating Scripts gt 2140 Using the Console MI The SEH UTN Manager is installed on the client see gt 21 M The IP address or host name of a UTN server is known Proceed as follows 1 Open the console Terminal 2 Enter the sequence of commands see Syntax and Commands gt 2140 3 Confirm your entries The sequence of commands will be run 139 Appendix Additional Tool utnm Creating Scripts Requirements M The SEH UTN Manager is installed on the client see gt 21 M The IP address or host name of a UTN server is known Proceed as follows 1 Open a text editor 2 Enter the sequence of commands see Syntax and Commands gt 2140 3 Save the file as executable script for more information refer to the documentation of your operating system The script is saved Information on how to use the script can be found in the documentation of your operating system
108. nts can be informed about various events irrespective of time and loca tion The following message types are possible e The status email periodically informs the recipient about the status of the UTN server and the connected USB devices 52 What Do You Want To Do Requirements myUTN User Manual Linux Device Settings e The event notification informs you about a specific event on the UTN server via email or SNMP trap The event can be 0 6 0 6 0 C The restart of the UTN server The connection disconnection of a USB device to from the UTN server The activation deactivation of a USB port The interruption or establishment of power supply myUTN 800 only The connection disconnection of a SD card to from the UTN server myUTN 800 only The unusability of an SD card myUTN 800 only onfiguring the sending of status emails gt 53 onfiguring event notifications via email S54 onfiguring event notifications via SNMP traps gt 54 Configuring the sending of status emails Mi SMTP parameters have been configured on the UTN server see S MA B41 DNS server has been configured on the UTN server see gt 2137 For the notification service you can specify up to two email recipi ents Proceed as follows EAMARWN Th Start the myUTN Control Center Select Device Notification Enter the recipient into the Email address box Tick the desired recipient in the
109. o Configure IPv6 Parameters You can integrate the UTN server into an IPv6 network IPv6 Internet Protocol version 6 is the successor of the more com monlPv4 Both protocols are standards for the network layer of the OSI model and regulate the addressing and routing of data packets via a network The introduction of IPv6 has many benefits e Pv6 increases the IP address space from 2 IPv4 to 2 28 IPv6 IP addresses e Auto Configuration and Renumbering e Efficiency increase during routing due to reduced header information e Integrated services such as IPSec QoS Multicast e Mobile IP An IPv6 address consists of 128 bits The normal format of an IPv6 address is eight fields Each field contains four hexadecimal digits representing 16 bits Each field is separated by a colon Example fe80 0000 0000 0000 0000 10 1000 1a4 Leading zeros in a field can be omitted Example fe80 0 0 0 O 10 1000 1a4 An IPv6 address may be entered or displayed using a shortened ver sion when successive fields contain all zeros 0 In this case two colons are used However the use of two colons can be used only once in an address Example fe80 10 1000 1a4 As a URL in a Web browser an IPv6 address must be enclosed in brackets This prevents port numbers from being mistakenly regarded as part of an IPv6 address Example http 2001 608 af 1 100 443 The URL will only be accepted by b
110. on list see 162 M All provisions driver installation etc necessary to operate the USB device locally i e connected directly to the client should have been met on the client Ideally the USB device has been connected and operated on the client locally according to the instructions of the manufacturer 63 myUTN User Manual Linux Working with the SEH UTN Manager Mi The USB port is not connected to another client Proceed as follows 1 Start the SEH UTN Manager 2 Select the port from the selection list 3 Select Port Activate from the menu bar The connection will be established Administrator SEH UTN Manager Program Selection List UTN server g Help UTN Mana Refresh Edit Activate Deactivate UTN Server Devit nS e 192 168 0 140 Flash Drive Port 1 Activates the selected port S Available SEH Port number Port status Flash Drive zl Available Flash Drive Abb 9 SEH UTN Manager Activating the Device 64 What Do You Want To Do Requirements myUTN User Manual Linux Working with the SEH UTN Manager 5 4 Howto Cut the Connection between the USB Port including USB Device and the Client Close the connection to the USB port and the connected USB device when the USB device is no longer needed This allows other network participants to access the USB port and the connected USB device Usually the connection is cut by the user via the SEH U
111. onfigure the IPv4 VLAN parameters see table 11 2 59 58 myUTN User Manual Linux Device Settings 4 Click Save to confirm The settings are saved Table 11 IPv4 client VLAN parameters Parameters Description VLAN Enables disables the forwarding of IPv4 client VLAN data IP Address IP address of the UTN server within the IPv4 client VLAN Subnet mask Subnet mask of the UTN server within the IPv4 client VLAN Gateway Gateway address of the IPv4 client VLAN VLAN ID ID for the identification of the IPv4 client VLAN 0O 4096 Auto fill All VLAN IP address and Subnet mask fields will be filled with the values from line 1 The VLAN ID will be counted up by 1 Allocating an IPv4 client VLAN to a USB port Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY USB port access 3 Allocate a VLAN to the USB port via the Allocate VLAN ist 4 Click Save to confirm The settings are saved 59 What Information Do You Need myUTN User Manual Linux H e H H S H Working with the SEH UTN Manager Working with the SEH UTN Manager ow to Find UTN Servers USB Devices in the Network gt 61 ow to Add UTN Servers USB Devices to the Selection List 562 w to Connect a USB Port including USB Device to a Client 63 ow to Cut the Connection between the USB Port including o mg USB Device and the Client gt 65 H H H gt H
112. ork is scanned The UTN servers and USB devices found are displayed in the network list 61 Working with the SEH UTN Manager 5 2 Howto Add UTN Servers USB Devices to the Selection List The UTN servers found during the network scan will be displayed in the network list To use the connected USB devices they must be assigned to the selection list in the SEH UTN Manager together with the UTN server Requirements The SEH UTN Manager complete version is installed on the client see 29821 MI The UTN server was recognized during the network scan and is displayed in the network list Proceed as follows 1 2 a Start the SEH UTN Manager Select Selection List Edit from the menu bar The Edit Selection List dialog appears Select the UTN server to be used from the network list Click Add Repeat steps 2 and 3 if necessary Click OK The UTN servers and the connected USB devices are displayed in the selection list Edit Selection List Put together a selection list with your preferred devices Network List v Selection List SA Flash Drive Port 1 Flash Drive Port 1 e 10 168 0 247 Dongle Port 3 Dongle Port 5 Options Add gt Remove OK Cancel Abb 8 SEH UTN Manager Edit Selection List e To directly add a UTN server with a known IP address to the selection list select UTN Server Add from the menu bar myUTN User Manual Linux 6
113. ot be used to save a new IP address However an IP address from the address range 169 254 0 0 16 which is reserved for ZeroConf can be overwritten by means of the arp and ping commands The arp command is used for editing the ARP table The ping com mand transfers a data packet containing the IP address to the hard ware address of the UTN server If the data packet has been successfully sent and received the UTN server permanently saves the IP address The implementation of the arp and ping command depends on the system used Read the documentation for your operating system MI The ARP PING parameter has been enabled see gt 34 Edit the ARP table Syntax arp s lt IP address gt lt hardware address gt Example arp s 192 168 0 123 00 c0 eb 00 01 ff Assign a new IP address to the UTN server Syntax ping lt IP address gt Example ping 192 168 0 123 Administration Methods 2 Administration Methods You will get information on when to use these methods and which functions these methods support What Information e Administration via myUTN Control Center gt 19 Do You Need administration via the SEH UTN Manager 2821 e Administration via E Mail only myUTN 80 and later gt 30 myUTN User Manual Linux 18 Administration Methods 2 1 Administration via myUTN Control Center Which Functions Are The myUTN Control Center includes all features for the admi
114. rowsers that support IPv6 35 Which Types of IPv6 Addresses are available myUTN User Manual Linux Network Settings There are different types of IPv6 addresses The prefixes of the IPv6 addresses provide information about the IPv6 address types Unicast addresses can be routed globally These addresses are unique and therefore unambiguous A packet that is sent to a unicast address will only arrive to the interface that is assigned to this address Unicast addresses have the prefixes 2 or 3 Anycast addresses are assigned to more than one interface This means that a data packet that is sent to this address will arrive at various devices The syntax of anycast addresses is the same as the one of unicast addresses The difference is that anycast addresses choose one interface out of many A packet that is dedicated to an anycast address arrives at the nearest interface in line with the router metrics Anycast addresses are only used by routers Multicast addresses allow you to send data packets to different interfaces at the same time without a proportional increase of the bandwidth A multicast address can be recognized by the prefix ff Proceed as follows FrwWh gt Start the myUTN Control Center Select NETWORK IPv6 Configure the IPv6 parameters see table 3 436 Click Save amp Restart to confirm The settings are saved Table 3 IPv6 Parameters Parameters Description IPv6 Enables disables the
115. rver a certificate request can be cre ated in the UTN server The request must be sent to the certification authority which creates an certificate on the basis of this request The certificate must be in base64 format lt If a certificate request has already been created you must first delete it see SI293 E Proceed as follows 1 Start the myUTN Control Center Select SECURITY Certificates Click Certificate request Enter the required parameters see table 13 89 Click Create a request The creation of the certificate request is in progress This may take a few minutes 6 Select Upload and save the requests in a text file 7 Click OK 8 Send the text file as certificate request to a certification authority When the requested certificate has been received it must be installed in the UTN server see gt 90 aR WN Installing the Requested Certificate in the UTN Server M A certificate request has been created at an earlier date see gt 90 M The certificate must be in base64 format Proceed as follows 1 Start the myUTN Control Center 2 Select SECURITY Certificates 3 Click Requested certificate 90 Requirements myUTN User Manual Linux Security 4 Click Browse 5 Specify the requested certificate 6 Click Install The requested certificate will be installed in the UTN server Installing the PKCS 12 Certificate in the UTN Server Certificates with the
116. s disables the sending of emails when one of the power supplies of the UTN server is interrupted or estab lished myUTN 800 only Enables disables the sending of emails after an SD card was connected to removed from the UTN server only myUTN 800 Enables disables the sending of emails if the SD card is unusable myUTN 800 only Enables disables the periodical sending of a status email to recipient 1 or 2 Enables disables the sending of emails when the UTN server is restarted Specifies the interval at which a status email is sent Specifies the time at which a status email is sent 129 Appendix Parameter List Parameters Value Default Description notistat_tm 0 00 min 0 Specifies the time at which a mm 1 10 min status email is sent 2 20 min 3 30 min 4 40 min 5 50 min 6 00 min Tabelle 34 Parameter List Display panel myUTN 800 only Parameters Value Default Description dis_def 1 2 characters SD Defines the identifier shown in Identifier display A Z 0 9 the display panel on the front panel E number cannot side of the Dongleserver be used because this combination denotes error codes gt 8132 dis_pwr on off on Enables disables the display Display error if of error messages in the only one power display panel if the UTN supply provides server only is supplied by one power power supply Errors are displayed in codes see 92132 disp_sdc on off on Enables disables t
117. s installed on the client see gt 2126 Proceed as follows 1 2 3 4 a Open the console Terminal Install the desired SEH UTN Manager packages sudo dpkg i lt full package name gt Add all users that are to administrate the SEH UTN Manager on the client to the user group utnusers sudo usermod aG utnusers lt user name gt Logout and login again so that the group changes take effect The SEH UTN Manager is installed on your client Installing theSEH UTN Manager via the Oracle Terminal M Mi l Oracle Linux 6 5 64 bit with Linux kernel 2 6 32 or higher glibc 2 11 1 or higher and OpenSSL 1 0 1 or higher DKMS Dynamic Kernel Module Support is installed on the client see gt 26 The user used can gain root privileges via the command sudo Proceed as follows 1 2 3 A Open the console Terminal Install the desired SEH UTN Manager packages sudo rpm i lt full package name gt Add all users that are to administrate the SEH UTN Manager on the client to the user group utnusers sudo usermod aG utnusers lt user name gt Logout and login again so that the group changes take effect The SEH UTN Manager is installed on your client 25 System Requirements myUTN User Manual Linux Administration Methods Installing Dynamic Kernel Module Support DKMS In order to install the SEH UTN Manager Dynamic Kernel Module Support DKMS must be installed on the sys
118. s of the user specific selection list e Each user has their own selection list All administrators have the same selection list myUTN User Manual Linux 71 What Do You Want To Do Requirements myUTN User Manual Linux Working with the SEH UTN Manager e The selection list can be edited by the administrator or by users with write access e The users can access all devices listed in the selection list Pro vided that no security mechanisms have been specified via the myUTN Control Center e The selection lists of the users will be saved as ini files in the following location SHOME config SEH Computertechnik GmbH SEH UTN Manager ini SHOME is an environment variable by Linux for the user folder By means of the command line the path for the current user can be determined as follows echo SHOME Example Ubuntu 14 04 01 LTS echo HOME returns home User name config SEH Computertechnik GmbH SEH UTN Manager ini Complete path to the ini file nome User name config SEH Computertechnik GmbH SEH UTN Manager ini mg 72 O Providing the Global Selection List to All Users gt O Providing User Specific Selection Lists 873 O O Providing Users with a Predefined Selection List 2873 Protecting the user specific selection list gt 74 Providing the Global Selection List to All Users MI The SEH UTN Manager complete version is installed on the client see 2821
119. server is connected it asks the BOOTP host for the IP address and the host name The BOOTP host answers and sends a data packet containing the IP address The IP address is saved in the UTN server DHCP The UTN server supports DHCP which means that the IP address of the UTN server can be assigned dynamically via a DHCP server M The DHCP parameter has been enabled see 33 Mi A DHCP server is available in the network After the hardware installation the UTN server asks a DHCP server for an IP address by means of a broadcast query The DHCP server identifies the UTN server on the basis of its hardware address and sends a data packet to the UTN server This data packet contains among others the IP address of the UTN server the default gateway and the IP address of the DNS server The data is saved in the UTN server General Information Auto Configuration IPv6 Standard The UTN server can have an IPv4 address and several IPv6 addresses at the same time The IPv6 standard is used to automatically assign IP addresses in IPv6 networks When connected to an IPv6 network the UTN server will automatically obtain an additional link local IP address from the IPv6 address range The UTN server uses the link local IP address to search for a router The UTN server sends so called router solicitations RS to the spe cial multicast address FFO2 2 The available router will then return a Router Advertisement
120. services without knowledge of the device s host name or IP address When checking the IP address assigned via ZeroConf see ZeroConf gt B15 the UTN server sends a query to the network If the IP address has already been assigned elsewhere in the network the UTN server will receive a message The UTN server then sends another query with a different IP address If the IP address Is avail able it is saved in the UTN server The domain name service is used for additional Bonjour features Since there is no central DNS server in Bonjour networks each device and application has its own small DNS server This integrated DNS server mDNS collects and administers the information of all participants in the net In addition to the features of a classical DNS server the mDNS server also saves the IP address the service name and the offered services of each participant E Proceed as follows Start the myUTN Control Center Select NETWORK Bonjour Configure the Bonjour parameters see table 6 40 Click Save to confirm The settings are saved FANNS Table 6 Bonjour Parameters Parameters Description Bonjour Enables disables Bonjour Bonjour name Defines the Bonjour name of the UTN server The UTN server uses this name for its Bonjour services If no Bonjour name is entered the default name will be used device name LICxxxxxx myUTN User Manual Linux 40 POP3 SMTP What Do You Want To Do Requirements m
121. ssages 69 Name 51 Power supply 52 Status information 69 USB port device assignment 82 USB port key control 82 User Specific Selection List 71 UTC 50 UTN port 50 UTN SSL port 51 101 utnm 22 139 V Version number 108 Virtual USB ports 63 VLAN 57 IPv4 client VLAN 58 IPv4 management VLAN 58 w WEP Wired Equivalent Privacy 44 WPA WPA2 45 Z ZeroConf 15 147
122. stalling theSEH UTN Manager via the Oracle Terminal gt 25 e Installing Dynamic Kernel Module Support DKMS Installting the SEH UTN Manager via the Ubuntu Software Center M Ubuntu 12 4 x LTS 64 bit Ubuntu 14 04 x LTS 64 bit with Linux kernel 2 6 32 or higher glibc 2 11 1 or higher and OpenSSL 1 0 1 or higher MI The user used can gain root privileges via the command sudo Proceed as follows 1 Start the installation package no 1 The Ubuntu Software Center appears 2 Click Install A password prompt appears 3 Authenticate yourself with your password The package will be installed on your client 4 Repeat steps 1 through 3 with the remaining packages 5 Add all users that are to administrate the SEH UTN Manager on the client to the user group utnusers To do this open the console Terminal and enter the command sudo usermod aG utnusers lt user name gt Logout and login again so that the group changes take effect The SEH UTN Manager is installed on your client gt 24 System Requirements System Requirements myUTN User Manual Linux Administration Methods Installing the SEH UTN Manager via Ubuntu terminal m M M Ubuntu 12 04 x LTS 64 bit Ubuntu 14 04 x LTS 64 bit with Linux kernel 2 6 32 or higher glibc 2 11 1 or higher and OpenSSL 1 0 1 or higher The user used can gain root privileges via the command sudo DKMS Dynamic Kernel Module Support i
123. t UTN port has been be defined 252 this command is to be used gor Suppresses the output quiet sp port number or Uses an alternative UTN port with SSL encryption SSl pore parE Encrypted connection means that client and UTN server number communicate via the UTN SSL port If a non default UTN SSL port has been be defined 252 this command is to be used t seconds or Specifies a timeout for the command strings activate timeout seconds deactivate plugin plugout and eject v or Shows version information about utnm version The following applies for the commands e UTN server IP address or host name of a UTN server e Elements in square brackets are optional e not case sensitive e only the ASCII format can be read myUTN User Manual Linux 142 Appendix Additional Tool utnm Return Values Example Return Value Description 0 The USB port including the connected USB device is free for use 20 The plugin of the USB device connected to the USB port failed PAL The plugout of the USB device connected to the USB port failed 22 The ejection of the USB device connected to the USB port failed 23 The USB device connected to the USB port is already plugged in 24 The USB device connected to the USB port is already plugged out 25 The USB port including the connected USB device is connected to another user 26 The USB port including the connected USB device is unreachable 27 T
124. t based assignment of VLANs O Entering IPv4 Management VLANs gt 258 O Entering IPv4 client VLANs gt 58 O Allocating an IPv4 client VLAN to a USB port gt 59 57 myUTN User Manual Linux Device Settings Entering IPv4 Management VLANs Proceed as follows 1 Start the myUTN Control Center 2 Select NETWORK IPv4 VLAN 3 Configure the IPv4 management VLAN parameters see table 11 2559 Click Save to confirm The settings are saved A Table 10 IPv4 management VLAN parameters Parameters Description IPv4 management VLAN Enables disables the forwarding of IPv4 management VLAN data If this option is enabled SNMP is only available in the IPv4 management VLAN VLAN ID ID for the identification of the IPv4 management VLAN 0 4096 IP Address IP address of the UTN server gt 234 Subnet mask Subnet mask of the UTN server gt 234 Gateway Gateway address of the IPv4 management VLAN Access from any VLAN Enables disables the administrative access web to the UTN server via IPv4 client VLANs If this option is enabled the UTN server can be administrated via all VLANs Access via LAN untagged Enables disables the administrative access to the UTN server via IPv4 packets without tag If this option is disabled the UTN server can only be administrated via VLANs Entering IPv4 client VLANs Proceed as follows 1 Start the myUTN Control Center 2 Select NETWORK IPv4 VLAN 3 C
125. tem Some distributions like Oracle Linux 6 5 do not contain DKMS by default As an example the installation procedure in Oracle Linux 6 5 is described M The user used can gain root privileges via the command sudo Proceed as follows 1 Open the console Terminal 2 Run the command sudo wget http pkgs repoforge org rpm forge release rpm forge release 0 5 3 1l el5 rf x86 64 rpm 3 Run the command udo rpm import ttp apt sw be RPM GPG KEY dag txt un the command udo rpm K rpmforge release 0 5 3 l el5 rf rpm un the command udo rpm i rpmforge release 0 5 3 l el5 rf rpm 6 Install DKMS sudo yum install dkms 7 Run the command sudo yum install chrpath tkcvs rpm build rpmlint php php mysql A security query appears 8 Confirm the security query Y 9 Determine the current kernel and note down the result uname r 10 Run the command gpk application A security query appears 11 Confirm the security query by clicking Continue anyway The Add Remove Software dialog appears 12 Enter building kernel in the search box A HnDAaDTA 26 myUTN User Manual Linux Administration Methods 13 Click Find The search results are displayed 14 In the list look for Development package for building kernel modules to match the kernel for the previously determined kernel 15 Check if the Development package for building kernel modules to match the kernel for your kernel is installed If not
126. the action A square marks procedures and options that you can choose Eye catchers mark lists This sign indicates the summary of a chapter The arrow marks a reference to a page within this document In the PDF file you can jump to this page by clicking the symbol Established terms of buttons or menu items for example are set in bold Command lines are set in Courier font Proper names are put in inverted commas 10 General Information 1 3 Support and Service Support f questions remain please contact our hotline SEH Computertech nik GmbH offers extensive support Monday through Thursday from 8 00 a m to 4 45 p m and Friday from 8 00 a m to 3 15 p m CET 49 0 521 94226 44 support seh de FS Current Services The following services can be found on the homepage of SEH Com putertechnik GmbH http www seh technology com e current firmware software e current tools e current documentation myUTN 800 Dongleserver ee current product information e product data sheets r e and much more SEH Technology Network Solutions myUTN User Manual Linux 11 Intended Use Improper Use Safety Regulations Warnings myUTN User Manual Linux General Information 1 4 Your Safety Read and observe all safety regulations and warnings found in the documentation on the device and on the packaging This will avoid potential misuse and prevent damages to people and d
127. to their Default Values It is possible to reset the UTN Server s parameters to the default val ues factory settings All previously configured parameter values will be deleted in this process Installed certificates will not be deleted a ae If you reset the parameters the IP address of the UTN server may change and the connection to the myUTN Control Center may be terminated You must reset the parameters for example if you have changed the location of the UTN server and if you want to use the UTN server in a different network Before this change of location you should reset the parameters to the default settings to install the UTN server in another network O Resetting the Parameters via the myUTN Control Center gt 2106 O Resetting the Parameters via the Reset Button 912107 Remove the SD card from the UTN server before resetting the parameters Otherwise the UTN server will load the parameter values stored on it automatic backup gt 105 1m Neen ee By means of the reset button of the device you can reset the param eters without entering the password Resetting the Parameters via the myUTN Control Center Proceed as follows 1 Start the myUTN Control Center 106 myUTN User Manual Linux Maintenance 2 Select MAINTENANCE Default settings 3 Click Default settings A security query appears 4 Confirm the security query The parameters are reset Resetting the
128. wners Table of Contents 1 General Information ccc cece ccc cece ee eeeeees 6 TA WMYUTNesiicstacteicnnsaddianwusonssucatateansasaetencseunessdans 6 1 2 DOCUMENTATION 3ioc0nacnsarevigansi gon runerne eriei eere a 8 1 3 S ppo rtand Servile icacccvarwesacesnetesswy eae wuseseeceneeys 11 TA YourSafety ererossisicretin ie Erei nana EEEE EES 12 1S Pirst Steps serisi nnie indi eE A REEE DENE EE EEE 13 1 6 Saving the IP Address in the UTN Server 0 ccc e eee cence 14 2 Administration Methods ccecceccccceecees 18 2 1 Administration via myUTN Control Center eee e ee 19 2 2 Administration via the SEH UTN Manager 00e eee ee 21 2 3 Administration via E Mail only myUTN 80 and later 30 3 Network Settings ssssesesssesscessocescesessees 33 3 1 How to Configure IPv4 Parameters 0c cece cence eee eee 33 3 2 How to Configure IPv6 Parameters cc cece cece cence ees 35 3 3 How to Configure the DNS ccc cece cece eee eet e ee eenes 37 3 4 How to Configure SNMP iasissisdssccdes dees has oaa8 evans reese eee 38 3 5 How to Configure BONjOUr 0 cece cece eect e eee e ee enes 39 3 6 How to Configure POP3 and SMTP only myUTN 80 and later 41 3 7 How to Configure WLAN nur MyUTN 55 0c cece ee ee eee 44 4 Device Settings ccc cece cc cece cece cece ccc eeeeeeaes 48 4 1 How to Determine a DeSCriptiOn
129. yUTN User Manual Linux Network Settings 3 6 Howto Configure POP3 and SMTP only myUTN 80 and later You must configure the protocols POP3 and SMTP on the UTN server so that the notification service 252 and the remote mainte nance via email 9830 will work POP3 Post Office Protocol Version 3 is a transfer protocol that a client can use to fetch emails from a mail server POP3 is required in the UTN server to administer the UTN server via email SMTP Simple Mail Transfer Protocol is a protocol that controls the sending of emails in networks SMTP is required in the UTN server to administer the UTN server via email and to run the notification ser vice O Configuring POP3 gt 241 O Configuring SMTP gt 242 Configuring POP3 MI The UTN server is set up as user with its own email address on a POP3 server Proceed as follows Start the myUTN Control Center Select NETWORK Email Configure the POP3 parameters see table 7 gt 47 Click Save to confirm The settings are saved EFrwWh gt Table 7 POP3 Parameters Parameters Description POP3 Enables disables the POP3 functionality 41 Requirements myUTN User Manual Linux Network Settings Parameters Description POP3 Server name Defines the POP3 server via the IP address or the host name The host name can only be used if a DNS server was configured beforehand POPS Server port Defines the port used by the UTN
130. ying Status Information gt 269 O Configuring Messages gt 169 Displaying Status Information MI The SEH UTN Manager complete version is installed on the client see 29821 M The USB port is shown in the selection list see gt 162 Proceed as follows 1 Start the SEH UTN Manager 2 Select the USB port from the selection list The status information is displayed in the Properties area Configuring Messages MI The SEH UTN Manager complete version is installed on the client see 2821 Mi The USB port is shown in the selection list see gt 862 Proceed as follows 1 Start the SEH UTN Manager 2 Select the port from the selection list 69 What are Selection Lists Benefits and Purpose myUTN User Manual Linux Working with the SEH UTN Manager 3 Select Port Settings from the menu bar The Port Settings dialog appears 4 Tick the option under Messages 5 Click OK The setting will be saved As soon as a network participant disables the connection to the USB port and the connected USB device desktop alert will be generated 5 8 Howto Manage Selection Lists for Several Participants The selection list is a central element of the SEH UTN Manager It displays all embedded UTN servers as well as the connected USB devices and shows their status These USB devices can be connected to the client via the port connection and can then be used The selection list
Download Pdf Manuals
Related Search