User`s guide
S
YSTEM
O
VERVIEW
SecureFast Virtual Remote Access Connection Manager (SFVRA-CONN or SFVRA Connection
Manager) provides a rich set of network configuration, management, and reporting capabilities. It
is implemented where network administrators require centralized control over a decentralized
network. It is ideally suited for Internet Service Providers (ISP’s), or for corporations implementing
telecommuting or connecting their corporate, branch and remote offices.
SFVRA-CONN represents a new approach to managing a distributed network. It uses a Microsoft
®
SQL Server, and is implemented via client-server architecture. Client-server architecture has
proven to be a highly effective means of implementing a wide range of computer-based
applications.
SFVRA-CONN consists of an administration program and a user interface and runs with a
database and a standard SQL Server. Every call made to a Remote Access Switch is validated
against the database of users. A record of every call is stored in this central database. All calls can
be viewed in a log of current calls and a log of past calls. Reports can be generated for support,
billing or trend analysis. SFVRA Connection Manager provides assistance to Help desk personnel
by keeping a record of problems that users encountered while trying to connect. This information
can be viewed from any workstation running the Client software. In addition, SNMP traps are
generated to notify network administrators for security violations. Multiple instances of SFVRA-
CONN with multiple copies of the database can be provided for load sharing and reliability.
THE SFVRA CONNECTION MANAGER NETWORK
When a remote site calls a Remote Access Switch, a CyberSWITCH, it sends identification, such as
a system name, and a password or challenge to the CyberSWITCH. The Remote Access Switch
passes the information on to SFVRA-CONN via a TCP connection. SFVRA-CONN finds the user in
the database by searching for the system name (if provided) or the Ethernet address for Combinet
Proprietary Protocol users. If the user is found, the password or challenge is verified and
configuration information about the user is sent to the Remote Access Switch.
After receiving user verification from SFVRA Connection Manager, the Remote Access Switch
sends another message to verify that the call is acceptable. SFVRA-CONN checks the database to
make sure that the time of day is valid and that the user has not exceeded the call minutes for that
day or for that month. The bandwidth limitation is also verified. If the user has exceeded the
maximum bandwidth on the initial connection, the Remote Access Switch drops the call and
reconnects using a bandwidth within the range allowed. However, if the user requires more
bandwidth and the maximum has not been reached, the Remote Access Switch is instructed to
establish another call. Lastly, SFVRA-CONN checks the channel the remote site used to make the
call. If the channel is reserved for priority users, the connection is dropped and re-established by
the Remote Access Switch on an appropriate line, if available.
SFVRA-CONN can store static IP routes for each user. For users who are allowed to be called by
the CyberSWITCHES, SFVRA Connection Manager advertises their static routes so other devices
will know how to call these users. However, when a remote user is connected to a Remote Access
Switch, that Remote Access Switch also broadcasts the user’s static routes. In order to resolve this
double broadcast, SFVRA-CONN broadcasts a metric value of 16 for all users that have a current
connection. Therefore the SFVRA-CONN’s broadcasted routes appear “farther” than the routes