User manual

ManualsBrandsSEH ManualsComputer equipmentmySND-120

my Secure Network Device

File Access Server mySND-120

User Manual

Summary of content (125 pages)

PAGE 1
my Secure Network Device File Access Server mySND-120 User Manual
PAGE 2
Manufacturer: SEH Computertechnik GmbH Suedring 11 33647 Bielefeld Germany Phone: +49 (0)521 94226-29 Fax: +49 (0)521 94226-99 Support: +49 (0)521 94226-44 Email: info@seh.de Web: http://www.seh.de Scan this QR code (meCard) using your smart phone. Document: Type: User Manual Title: my Secure Network Device Version: 1.0 Online Links to Important Websites: Support Contacts & Information: http://www.seh-technology.com/support Sales Contacts & Information: http://www.seh-technology.
PAGE 3
Table of Contents 1 General Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1 mySND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2 Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.3 Support and Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.4 Your Safety . .
PAGE 4
6 Working with the mySND File Browser . . . . . . . . . . . . . . . . . . . 57 6.1 How to Use the mySND File Browser. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 6.2 How to Display Files in the mySND File Browser. . . . . . . . . . . . . . . . . . . . 60 6.3 How to Select Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 6.4 How to Sort Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 5
General Information 1 General Information What information do you need? This chapter contains information concerning the device and the documentation as well as notes about your safety. You will learn how to benefit from your SND Server and how to operate the device properly.
PAGE 6
General Information 1.1 Purpose mySND mySND (my Secure Network Device) is used to safely deploy files within the network. Files from a non-network-enabled SD card and a non-network-enabled USB mass storage device (e.g. USB stick, hard drive, etc.) can be made available to several network participants. To do this, the SD card is inserted into the integrated network-enabled SD card reader. Alternatively, the USB mass storage device is connected to the USB port of the SND Server.
PAGE 7
General Information 1.2 Documentation Please note the following names in this documentation: • SD card J removable medium • USB mass storage device J removable media Since the File Access Server mySND-120 provides the mySND feature, it is called SND Server. Structure of the Documentation The mySND documentation consists of the following documents: HT M L Pr in t PD ed F PD F User Manual Document Features Detailed description of the mySND configuration and administration.
PAGE 8
General Information Symbols and Conventions A variety of symbols are used within this document. Their meaning is listed in the following table: Table 1: Conventions within the documentation Symbol / Convention Description Warning A warning contains important information that must be heeded. Non-observance may lead to malfunctions. Note Proceed as follows: 1. Mark ... The ‘hand’ symbol marks the beginning of instructions. Individual instructions are set in italics.
PAGE 9
General Information 1.3 Support Current Services Support and Service If questions remain, please contact our Computertechnik GmbH offers extensive support. Monday through Thursday Friday ℡ +49 (0)521 94226-44 @ support@seh.de hotline. SEH from 8:00 a.m. to 4:45 p.m. and from 8:00 a.m. to 3:15 p.m. (CET) The following services can be found on the homepage of SEH Computertechnik GmbH http://www.seh-technology.
PAGE 10
General Information 1.4 Your Safety Read and observe all safety regulations and warnings found in the documentation, on the device and on the packaging. This will avoid potential misuse and prevent damages to people and devices. SEH Computertechnik GmbH will not accept any liability for personal injuries, property damages and consequential damages resulting from the non-observance of the mentioned safety regulations and warnings.
PAGE 11
General Information processing. Keep the storage medium with the backup copy in a safe place. Disclaimer SEH Computertechnik GmbH will not be liable for loss of data and/or data corruption, consequential damages or data recovery. 1.5 First Steps This section provides all the information that you need for a fast operational readiness. 1. 2. 3. 4. 5. 6. 7. ª mySND User Manual Proceed as follows: Read and observe the security regulations in order to avoid damages to people and devices; see: Ö 10.
PAGE 12
General Information 1.6 Saving the IP Address in the SND Server Why IP Addresses? An IP address is used to address network devices in an IP network. TCP/IP network protocols require the storing of the IP address in the SND Server so that the device can be addressed within the network. How Does the SND Server Obtain IP Addresses? The SND Server is able to assign itself an IP address during the initial installation. Boot protocols are used to assign an IP address automatically to the SND Server.
PAGE 13
General Information ZeroConf If no IP address can be assigned via boot protocols, the SND Server assigns itself an IP address via ZeroConf. For this purpose, the SND Server picks an IP address at random from the address range (169.254.0.0/16) which is reserved for ZeroConf. You can use the domain name service of Bonjour for the name resolution of the IP address; see: Ö 36. BOOTP The SND Server supports BOOTP, which means that the IP address of the SND Server can be assigned via a BOOTP server.
PAGE 14
General Information Auto Configuration (IPv6 Standard) The SND Server can have an IPv4 address and several IPv6 addresses at the same time. The IPv6 standard is used to automatically assign IP addresses in IPv6 networks. When connected to an IPv6 network, the SND Server will automatically obtain an additional link-local IPv6 address. The SND Server uses the link-local IP address to search for a router. The SND Server sends so-called 'Router Solicitations' (RS) to the special multicast address FF02::2.
PAGE 15
General Information • To configure an IPv4 address via the mySND Control Center, see: Ö 25. • To configure an IPv6 address via the mySND Control Center, see: Ö 28. ARP/PING The assignment of the IP address to the hardware address can be done via the ARP table. The ARP table is an internal system file in which the assignment is temporarily saved (about 15 min). This table is administered by the ARP protocol. By means of the 'arp' and 'ping' commands, you can save the IP address in the SND Server.
PAGE 16
Administration Methods 2 Administration Methods You can administer and configure the SND Server in a number of ways. The following chapter gives you an overview of the various administration options. You will get information on when to use these methods and which functions these methods support.
PAGE 17
Administration Methods 2.1 Which Functions Are Supported? Administration via the mySND Control Center The mySND Control Center comprises all features for the administration and monitoring of the SND Server. The mySND Control Center is stored in the SND Server and can be displayed by means of a browser software (Internet Explorer, Firefox, Safari). The access to the mySND Control Center is controlled by means of user accounts (Ö 42). Users authenticate themselves via a user name and a password.
PAGE 18
Administration Methods ª The mySND Control Center will be displayed in the browser. You can also start the mySND Control Center via the software tool 'InterCon-NetTool'. 1. 2. 3. 4. 5. ª Proceed as follows: Highlight the SND Server in the device list. Select Actions – Launch Browser from the menu bar. The login page appears. Enter the user name and password of a user account. Click Login. The mySND File Browser will be displayed. Click Control Center.
PAGE 19
Administration Methods Structure of the mySND Control Center The available menu items are located in the navigation bar (top). After selecting a menu item (simple mouse click), the available submenu items are displayed at the left. After selecting a submenu item, the corresponding page with its content is displayed (at the right). Important information (IP address, host name, user account) is displayed at the top. The IP address allows you to directly go to the login page.
PAGE 20
Administration Methods 2.2 Administration via the InterCon-NetTool The software InterCon-NetTool has been developed by SEH Computertechnik GmbH for the administration of SEH network devices (SND Server, TPG, print server, etc.). Depending on the network device you can configure various features via the InterCon-NetTool. Mode of Operation After the InterCon-NetTool is started, the network will be scanned for connected network devices. The network range to be scanned is freely definable.
PAGE 21
Administration Methods Structure of the InterCon-NetTool After the program start you will see the main dialog with the following elements. The dialog may vary, depending on which elements you have chosen to be shown or hidden. Menu bar Filter for the device list Toolbar Device list Shortcut menu Fig.
PAGE 22
Administration Methods 2.3 Administration via Email You can administer the SND Server via email and thus via any computer with Internet access. Functionalities An email allows you to • send SND Server status information • define SND Server parameters or • perform an update on the SND Server. Requirements ; A DNS server has been configured on the SND Server; see: Ö 30. ; In order to receive emails, the SND Server must be set up as user with its own email address on a POP3 server.
PAGE 23
Administration Methods The following commands are supported: Commands Option Description [] get status sends the status page of the SND Server get parameters sends the parameter list of the SND Server set parameters sends parameters to the SND Server. The syntax and values can be obtained from Ö the parameter list, see: 102. Parameter and value must be entered into the email body; see: Ö 23. update SND Carries out an automatic update using the software that is attached to the mail.
PAGE 24
Administration Methods Example 1 This email causes the SND Server to send the parameter list to the sender of the email. Email address of the SND Server as configured on the POP3 server. Command Fig. 3: Administration via Email - Example 1 Example 2 This email configures the parameter 'Description' on the SND Server. Email address of the SND Server as configured on the POP3 server. Command TAN Parameter and parameter Fig. 4: Administration via Email - Example 2 2.
PAGE 25
Network Settings 3 Network Settings What information do you need? You can define various settings for an ideal integration of the SND Server into a TCP/IP network. This chapter explains which network settings are supported by the SND Server. • ’How to Configure IPv4 Parameters’ Ö 25 • ’How to Configure IPv6 Parameters’ Ö 28 • ’How to Configure the DNS’ Ö 30 • ’How to Configure SNMP’ Ö 31 • ’How to Configure POP3 and SMTP’ Ö 32 • ’How to Configure Bonjour’ Ö 36 3.
PAGE 26
Network Settings 2. Select NETWORK - IPv4. 3. Configure the IPv4 parameters; see: Table 2 Ö 26. 4. Click Save & Restart to confirm. ª The settings will be saved. Table 2: IPv4 Parameters Parameters Description DHCP BOOTP ARP/PING Enables or disables the protocols DHCP, BOOTP, and ARP/PING. Protocols offer various possibilities to save the IP address in the SND Server. (See ’Saving the IP Address in the SND Server’ Ö 12.
PAGE 27
Network Settings Fig.
PAGE 28
Network Settings 3.2 How to Configure IPv6 Parameters You can integrate the SND Server into an IPv6 network. What are the Advantages of IPv6? IPv6 (Internet Protocol version 6) is the successor of the more common IPv4. Both protocols are standards for the network layer of the OSI model and regulate the addressing and routing of data packets via a network. The introduction of IPv6 has many benefits: • IPv6 increases the IP address space from 232 (IPv4) to 2128 (IPv6) IP addresses.
PAGE 29
Network Settings The URL will only be accepted by browsers that support IPv6. Which Types of IPv6 Addresses are available? There are different types of IPv6 addresses. The prefixes of the IPv6 addresses provide information about the IPv6 address types. • Unicast addresses can be routed globally. These addresses are unique and therefore unambiguous. A packet that is sent to a unicast address will only arrive to the interface that is assigned to this address. Unicast addresses have the prefixes '2' or '3'.
PAGE 30
Network Settings Parameters Description Automatic configuration Enables/disables the automatic assignment of the IPv6 address for the SND Server. IPv6 address Defines a manually assigned IPv6 Unicast address in the n:n:n:n:n:n:n:n format for the SND Server. Every 'n' represents the hexadecimal value of one of the eight 16 bit elements of the address. An IPv6 address may be entered or displayed using a shortened version when successive fields contain all zeros (0).
PAGE 31
Network Settings Table 4: DNS Parameters Parameters Description DNS Enables/disables the name resolution via a DNS server. Primary DNS server Defines the IP address of the primary DNS server. Secondary DNS server Defines the IP address of the secondary DNS server. The secondary DNS server is used if the primary DNS server is not available. Domain name (suffix) Defines the domain name of an existing DNS server. 3.
PAGE 32
Network Settings 2. Select NETWORK - SNMP. 3. Configure the SNMP parameters; see: Table 5 Ö 32. 4. Click Save & Restart to confirm. ª The settings will be saved. Table 5: SNMP Parameters Parameters Description SNMPv1 Enables/disables SNMPv1. Read-only Enables/disables the write protection for the community. Community SNMP community name The SNMP community is a basic form of access protection in which several participants with the same access rights are grouped together.
PAGE 33
Network Settings administer the SND Server via email, to operate the notification service and to transfer files automatically and send them from the mySND File Browser. The encryption and signing of emails via S/MIME is only possible for the administration via email and the notification service. Email Limits What do you want to do? For the automatic file transfer (Ö 53) and the file sending in the mySND File Browser (Ö 64) you must define the maximum number of files and the total file size.
PAGE 34
Network Settings Table 6: POP3 Parameters Parameters Description POP3 Enables/disables the POP3 functionality. POP3 - Server name Defines the POP3 server via the IP address or the host name. The host name can only be used if a DNS server was configured beforehand. POP3 - Server port Defines the port used by the SND Server for receiving emails. The port number 110 is preset. When using SSL/TLS, enter 995 as port number. POP3 - Security Defines the authentication method to be used (APOP/SSL/TLS).
PAGE 35
Network Settings Table 7: SMTP Parameters Parameters Description SMTP - Server name Defines the SMTP server via the IP address or the host name. The host name can only be used if a DNS server was configured beforehand. SMTP - Server port Defines the port number used by the SND Server to send emails to the SMTP server. The port number 25 is preset. SMTP - TLS Enables/disables TLS.
PAGE 36
Network Settings Defining Email Limits 1. 2. 3. 4. ª Proceed as follows: Start the mySND Control Center. Select NETWORK - Email. Configure the email limits; see: Table 8 Ö 36. Click Save & Restart to confirm. The settings will be saved. Table 8: Email Limits Parameters Description SMTP - Total file size limit Defines the total size limit (in kB) of the files that are sent via email during the file transfer via the mySND File Browser ( Ö 64) and the automatic file transfer Ö 53).
PAGE 37
Network Settings When checking the IP address assigned via ZeroConf (see: ’ZeroConf’ Ö 13) the SND Server sends a query to the network. If the IP address is no longer available in the network, the SND Server receives an answer. The SND Server then sends another query with a different IP address. If the IP address is available, it is saved in the SND Server. The domain name service is used for additional Bonjour features.
PAGE 38
Device Settings 4 Device Settings What information do you need? You can configure descriptions, the device time and the notification service on the SND Server. This chapter describes these device settings. • ’How to Determine a Description’ Ö 38 • ’How to Configure the Device Time’ Ö 39 • ’How to Use the Notification Service’ Ö 40 4.1 How to Determine a Description You can assign freely definable descriptions to the SND Server.
PAGE 39
Device Settings 4.2 How to Configure the Device Time You can control the device time of the SND Server via a time server (SNTP server) in the network. A timeserver is a computer networking device that reads the actual time from a reference clock and distributes this information to its clients. In the SND Server, the time server is defined via the IP address or the host name.
PAGE 40
Device Settings 4.3 How to Use the Notification Service You can get notifications in the form of emails or SNMP traps from the SND Server. By means of these notifications up to four recipients can be informed about various events irrespective of time and location. The following message types are possible: • The status email periodically informs the recipient about the status of the SND Server and the connected removable media.
PAGE 41
Device Settings 5. Specify the sending interval in the Status notification time area. 6. Click Save & Restart to confirm. ª The settings will be saved. Configuring event notifications via email Requirements ; SMTP parameters have been configured on the SND Server, see: Ö 32. ; A DNS server has been configured on the SND Server; see: Ö 30. For the notification service you can specify up to two email recipients and the message types. 1. 2. 3. 4. 5. ª Proceed as follows: Start the mySND Control Center.
PAGE 42
Media Management and Access Settings 5 Media Management and Access Settings This chapter describes how to restrict the access to the SND Server, how to use removable media on the device and how to configure the file access. The access control on the SND server is handled via the user management. All user accounts can access the USB mass storage devices. The access to an SD card only takes place via user accounts that are assigned to this card.
PAGE 43
Media Management and Access Settings In addition to the predefined administrator account you can create 4 additional user accounts. If this number is reached, you must delete a user account before you can define a new one. Login A user account allows for multiple logins, i.e. the account can be used by a single user or by a group of users. Up to 16 users can be logged on to the SND Server simultaneously. For further information; see: Ö 72 When logging in, the password is transmitted in plain text.
PAGE 44
Media Management and Access Settings Adding a User Account 1. 2. 3. 4. 5. 6. ª Proceed as follows: Start the mySND Control Center. Select FILE BROWSER - User management. Define the desired credentials in the Add user area; see: Table 10 Ö 44. Tick the options with the desired rights; see: Table 10 Ö 44. Select the desired file filter; see: Table 10 Ö 44. Click Save to confirm. The settings will be saved.
PAGE 45
Media Management and Access Settings Parameters Description Download files Enables/disables the download feature in the mySND File Browser. Email files De-/aktiviert die E-Mail-Funktion im mySND File Browser. Set/Clear archive bit Enables/disables the archive bit feature in the mySND File Browser. File access File filters Defines a file filter for the user account. After logging on to the mySND File Browser, only files of the file types defined in the filter will be displayed.
PAGE 46
Media Management and Access Settings Deleting a User Account Do not delete user accounts that are currently used by the SND Server. These accounts are marked with a green dot in the 'User status' table. 1. 2. 3. 4. ª Proceed as follows: Start the mySND Control Center. Click FILE BROWSER - User management. Click the icon in the User status table for the user account to be deleted. Confirm the security query by clicking Delete. The user account will be deleted.
PAGE 47
Media Management and Access Settings 5.2 How to Prepare Removable Media For a removable medium to be used on the SND Server, it must have the 'FAT32', 'FAT16' or 'FAT12' file system. You can format the removable medium on the SND Server accordingly. In the process a partition will be created spanning the entire removable medium. Whether formatting is required, is displayed in the mySND Control Center under the 'Media preparation' menu item in the 'Media status' table.
PAGE 48
Media Management and Access Settings Renaming a Removable Medium Requirements ; A removable medium is connected to the SND Server. 1. 2. 3. 4. 5. ª Proceed as follows: Start the mySND Control Center. Click FILE BROWSER - Media preparation. Select the device type from the Removable medium list. Enter a freely definable name into the Device name box. Click Rename. The removable medium will be renamed. 5.
PAGE 49
Media Management and Access Settings What do you want to do? ’Establishing a Media Assignment’ Ö 49 ’Editing a Media Assignment’ Ö 49 ’Deleting a Media Assignment’ Ö 50 Establishing a Media Assignment Requirements ; The SD card for which a media assignment is to be established, is connected to the SND Server. 1. 2. 3. 4. 5. ª Proceed as follows: Start the mySND Control Center. Click FILE BROWSER - Media assignment. Enter a freely definable name into the Assignment name box.
PAGE 50
Media Management and Access Settings Deleting a Media Assignment After the deletion of a media assignment, the access to the corresponding SD card via the mySND File Browser is only possible with administrator privilege (Ö 42). If a file transfer for the media assignment was configured, it will also be deleted. 1. 2. 3. 4. ª Proceed as follows: Start the mySND Control Center. Click FILE BROWSER - Media assignment.
PAGE 51
Media Management and Access Settings What do you want to do? ’Adding a File Filter’ Ö 51 ’Editing File Filters’ Ö 51 ’Deleting the File Filter’ Ö 52 Adding a File Filter 1. 2. 3. 4. 5. ª Proceed as follows: Start the mySND Control Center. Click FILE BROWSER - File filter. Enter a freely definable name into the Filter name box. In the Accessible file types box, define the file types that will be displayed in the mySND File Browser. Enter the file extension: - Schema: .
PAGE 52
Media Management and Access Settings Deleting the File Filter After the deletion of a file filter, all user accounts to which this file filter was assigned to can longer view files in the mySND File Browser. Assign a new file filter to these user accounts (Ö 45). 1. 2. 3. 4. ª mySND User Manual Proceed as follows: Start the mySND Control Center. Click FILE BROWSER - File filter. Click the icon in the File filter status table for the file filter to be deleted.
PAGE 53
Media Management and Access Settings 5.5 How to Configure the Automatic File Transfer The automatic file transfer via email can be triggered when connecting removable media to the SND Server. The files are transferred without encryption. Transfer Method The method for the automatic file transfer is determined by the removable medium. SD cards: • card-specific transfer (One transfer is set up per SD card.) • The automatic file transfer can only be set up for SD cards with media assignment.
PAGE 54
Media Management and Access Settings reconnected to the SND Server. Remove the archive bit to resend files, for example after a failed send attempt. No archive bit can be set with read-only removable media. Enable/Disable the Transfer What do you want to do? You can enable/disable automatic file transfers. This allows you disable transfers without having to delete and reconfigure the file transfer.
PAGE 55
Media Management and Access Settings Editing File Transfers You can modify the settings of an existing file transfer. 1. 2. 3. 4. 5. 6. 7. 8. 9. ª Proceed as follows: Start the mySND Control Center. Click FILE BROWSER - File transfer. Click the icon in the File transfer status table for the file transfer to be edited. Select the SD card from the list. (ony for SD cards) Enter the email address of the addressee into the Recipient box.
PAGE 56
Media Management and Access Settings Deleting File Transfers 1. 2. 3. 4. ª Proceed as follows: Start the mySND Control Center. Click FILE BROWSER - File transfer. Click the icon in the File transfer status table for the file transfer to be deleted. Confirm the security query by clicking Delete. The file transfer is deleted. Setting/clearing the archive bit Requirements ; A removable medium is connected to the SND Server. ; Files are available on the removable medium.
PAGE 57
Working with the mySND File Browser 6 Working with the mySND File Browser What information do you need? The access to the removable media that are connected to the SND Server and the files stored on them is done via the mySND File Browser. This chapter describes how to access and work with files.
PAGE 58
Working with the mySND File Browser Start and Login Requirements The login to the SND server is session-based. Up to 16 users can be logged on to the SND server at the same time. For further information; see: Ö 72. ; The SND Server is connected to the network and the mains voltage. ; The SND Server has a valid IP address. The user account 'Admin' and the password 'admin' have been configured by default. Change the password when you use the SND server in a real situation; see: Ö 42.
PAGE 59
Working with the mySND File Browser Structure and Mode of Operation of the mySND File Browser After the logging the mySND File Browser will be displayed with the following dialog items: Selection of the removable medium Navigation pane Shortcut menu Path Search feature File display pane Fig. 6: mySND File Browser The buttons for the selection of the removable medium (top left) determine from what removable medium the content will be displayed in the file display pane (right).
PAGE 60
Working with the mySND File Browser The manufacturer’s contact details and additional information regarding the product are displayed under Product & Company. Users with administrator privileges can click Control Center to go to the pane with the same name. The Sitemap provides administrators with an overview of and direct access to all pages of the mySND Control Center. Logout Up to 16 users can be logged on to the SND server at the same time. If this number is reached, further logins will fail.
PAGE 61
Working with the mySND File Browser 3. Select a folder. (To show or hide subfolders, click the triangular icon in front of the folder.) ª The file content will be displayed. 6.3 How to Select Files To work with one or more files, you have to select the files. What do you want to do? ’Selecting a Single File’ Ö 61 ’Selecting Consecutive Files’ Ö 61 ’Selecting Non-Consecutive Files’ Ö 62 Selecting a Single File Requirements ; A removable medium is connected to the SND server.
PAGE 62
Working with the mySND File Browser 2. Click SD or USB. The removable medium is selected. 3. Select a folder. The files are displayed. 4. Select the first file from your selection. 5. Keep the SHIFT key pressed and select the last file from your selection. ª The files are marked. Selecting Non-Consecutive Files Requirements ; A removable medium is connected to the SND server. ; Files are available on the removable medium. 1. 2. 3. 4. 5. ª Proceed as follows: Start the mySND File Browser.
PAGE 63
Working with the mySND File Browser Requirements ; A removable medium is connected to the SND Server. ; Files are available on the removable medium. 1. 2. 3. 4. ª Proceed as follows: Start the mySND File Browser. Click SD or USB. The removable medium is selected. Select a folder. The files are displayed. Select the column heading to be sorted by. The files displayed are sorted. (The icon of an arrow in front of the column heading shows the sort order.
PAGE 64
Working with the mySND File Browser 6.6 How to Store Files on a Client One or more files can be stored locally on your client. Several files are grouped in a zip file. For performance reasons we recommend that you do not store more than 160 files in one download process. Requirements ; A removable medium is connected to the SND Server. ; Files are available on the removable medium. ; The user account used has download privileges; see: Ö 42. 1. 2. 3. 4. 5. 6.
PAGE 65
Working with the mySND File Browser Requirements ; A removable medium is connected to the SND Server. ; Files are available on the removable medium. ; The user account used has email privileges; see: Ö 42. ; SMTP parameters have been configured on the SND Server; see: Ö 32. ; A DNS server has been configured on the SND Server; see: Ö 30. 1. 2. 3. 4. 5. 6. 7. 8. ª Proceed as follows: Start the mySND File Browser. Click SD or USB. The removable medium is selected. Select a folder. The files are displayed.
PAGE 66
Working with the mySND File Browser Do not change the file extension. Otherwise the file will become unusable or cannot be displayed in the mySND File Browser. 1. 2. 3. 4. 5. 6. 7. ª Proceed as follows: Start the mySND File Browser. Click SD or USB. The removable medium is selected. Select a folder. The files are displayed. Select the file to be renamed. Select Rename from the shortcut menu. Enter a new file name. Press Enter. The file is renamed. 6.
PAGE 67
Working with the mySND File Browser 4. Select the files to be deleted. 5. Select Delete from the shortcut menu. 6. Confirm the security query by clicking Delete. ª The file selection is deleted.
PAGE 68
Security 7 Security A number of security mechanisms are available to ensure optimum security for the SND Server. This chapter describes how to make use of these security mechanisms.
PAGE 69
Security 7.1 How to Define the Encryption Level for SSL/TLS Connections The following connections on the SND Server can be encrypted via SSL/TLS: • Web access to the mySND File Browser and the mySND Control Center: HTTPS (Ö 70) • Email: POP3 (Ö 32) • Email: SMTP (Ö 32) In the case of POP3 and SMTP only the administration via email and the notification service will be encrypted. The automatic file transfer and the file transfer via the mySND File Browser are carried out without encryption.
PAGE 70
Security to successfully establish a connection. When problems occur, select a different level or reset the SND Server parameters; see: Ö 93. The following encryption levels can be selected: • Compatible: Cipher suites with an encryption of 40 to 256 bit will be used. • Low: Only cipher suites with a low encryption of 56 bit will be used. (Fast connection) • Medium: Only cipher suites with an encryption of 128 bit will be used.
PAGE 71
Security The mySND Control Center can also be protected by the SNMP security concept. The concept includes administration of user groups and access rights. For further information; see: ’How to Configure SNMP’ Ö 31. Specifying the Permitted Web Connection Type Types of Connection (HTTP/HTTPS) The web access to the mySND Control Center and the mySND File Browser can be secured by selecting the permitted types of connection (HTTP/HTTPS).
PAGE 72
Security 7.3 How to Manage Sessions A user account allows for multiple logins on the SND Server, i.e. the account can be used by a single user or by a group of users. The login is session-based. Up to 16 sessions can be saved at the same time. This means that up to 16 users can be logged on to the SND Server at the same time. If this number is reached, further logins will fail. Sessions are terminated and are available for new logins if a user logs out (Ö 60 and Ö 19) or the session timeout expires.
PAGE 73
Security Terminating Sessions Users whose sessions are terminated lose their access to the SND Server and are required to login again. Current actions (file download, etc.) will be stopped. Requirements The SND Server is connected to the network and the mains voltage. The SND Server has a valid IP address. The used user account has administrator privileges; see: Ö 42. 1. 2. 3. 4. 5. 6. ª Proceed as follows: Open your browser. Enter the IP address of the SND Server as the URL.
PAGE 74
Security 1. 2. 3. ª Proceed as follows: Start the mySND Control Center. Select SECURITY - Device access. Tick/clear USB port in the Interfaces area. The setting will be saved. 7.5 How to Control the Access to the SND Server (TCP Port Access Control) TCP Port Access Control You can control the access to the SND Server. To do so, various TCP port types on the SND Server can be blocked. Network elements with access rights can be defined as exceptions and excluded from blocking.
PAGE 75
Security The 'test mode' option is activated by default. After a successful test, you must deactivate the test mode so that access protection remains permanently active. 1. 2. 3. 4. 5. 6. 7. 8. Proceed as follows: Start the mySND Control Center. Select SECURITY - TCP port access. Tick Port access control. Select the desired protection in the Security level area. In the Exceptions area, define the network elements which are excluded from port blocking. Enter the IP or MAC addresses and tick the options.
PAGE 76
Security 7.6 How to Use Certificates Correctly The SND Server has its own certificate management. This section explains how certificates are used and when the use of certificates is recommended. What are Certificates? Certificates can be used in TCP/IP-based networks to encrypt data and to authenticate communication partners. Certificates are electronic messages containing a key (public key) and a signature. Benefits and Purpose The use of certificates allows for various security mechanisms.
PAGE 77
Security authority. The root certificate is stored on an authentication server in the network. • S/MIME certificates (*.pem file) are used to sign and encrypt the emails that are sent by the SND Server in the course of the administration via email and the notification service. The corresponding private key must be installed as an own certificate in the PKCS#12 format (as *.p12 file) in the intended email program (Thunderbird, Outlook, etc.).
PAGE 78
Security What do you want to do? ’Displaying Certificates’ Ö 78 ’Creating a Self-Signed Certificate’ Ö 78 ’Creating a Certificate Request for CA Certificates’ Ö 80 ’Saving the CA Certificate in the SND Server’ Ö 80 ’Saving the Root Certificate on the SND Server’ Ö 81 ’Saving PKCS#12 Certificates on the SND Server’ Ö 82 ’Saving the S/MIME Certificate on the SND Server’ Ö 82 ’Deleting Certificates’ Ö 83 Displaying Certificates Certificates installed on the SND Server and certificate requests
PAGE 79
Security ª The certificate will be created and installed. This may take a few minutes. Table 11: Parameters for the Creation of Certificates mySND User Manual Parameters Description Common name Is used to clearly identify the certificate. It is advisable to use the IP address or the host name of the SND Server to allow a clear assignment of the certificate to the SND Server. You can enter a maximum of 64 characters. Email address Specifies an email address. You can enter a maximum of 40 characters.
PAGE 80
Security Creating a Certificate Request for CA Certificates As a preparation for the use of a CA certificate, a certificate request that has to be sent to the certification authority can be created in the SND Server. The certification authority will then create a CA certificate on the basis of the certificate request. The certificate must be in base64 format. If a certificate request has already been created on the SND Server, you must first delete the certificate request; see: Ö 83. Proceed as follows: 1.
PAGE 81
Security 1. 2. 3. 4. 5. 6. ª Proceed as follows: Start the mySND Control Center. Select SECURITY - Certificates. Click CA certificate. Click Browse. Specify the CA certificate. Click Install. The CA certificate will be saved in the SND Server. Saving the Root Certificate on the SND Server The SND Server offers a number of authentication methods to verify its identity in a network.
PAGE 82
Security Saving PKCS#12 Certificates on the SND Server Certificates with the PKCS#12 format are used to save private keys and their respective certificates and to protect them by means of a password. If a PKCS#12 certificate has already been installed on the SND Server, it will be overwritten. Requirements ; The certificate must be in base64 format. ; No certificate request may exist. To delete the certificate request, see: Ö 83. ; No CA certificate may be installed. To delete a CA certificate, see: Ö 83.
PAGE 83
Security 1. 2. 3. 4. 5. 6. ª Proceed as follows: Start the mySND Control Center. Select SECURITY - Certificates. Click S/MIME certificate. Click Browse. Specify the S/MIME certificate. Click Install. The S/MIME certificate will be saved on the SND Server. Deleting Certificates 1. 2. 3. 4. ª mySND User Manual Proceed as follows: Start the mySND Control Center. Select SECURITY - Certificates. Select the certificate to be deleted via the icon The certificate is displayed. Click Delete.
PAGE 84
Security 7.7 How to Use Authentication Methods By means of an authentication, a network can be protected against unauthorized access. The SND Server can participate in various authentication procedures. This section describes which procedures are supported and how these procedures are configured on the SND Server. What is IEEE 802.1x? The IEEE 802.1x standard provides a basic structure for various authentication and key management protocols. IEEE 802.1x allows you to control the access to networks.
PAGE 85
Security Configuring EAP-MD5 Benefits and Purpose EAP-MD5 validates the identity of devices or users before they gain access to network resources. You can configure the SND Server for the EAP-MD5 network authentication. This makes sure that the SND Server gets access to protected networks. Mode of Operation EAP-MD5 describes a user-based authentication method via a RADIUS server. The SND Server must be defined as user (with user name and password) on a RADIUS server.
PAGE 86
Security certificate signed by a CA. The RADIUS server and the print server must validate the certificate. After the mutual authentication was successful, the access to the network will be freed. Since each device needs a certificate, a PKI (Public Key Infrastructure) must be available. User passwords are not necessary. If you want to use the EAP-TLS authentication, you must observe the instructions below in the indicated order.
PAGE 87
Security Mode of Operation EAP-TTLS consists of two phases: • In phase 1, a TLS-encrypted channel between the SND Server and the RADIUS server will be established. Only the RADIUS server authenticates itself on the SND Server using a certificate that was signed by a CA. This process is also referred to as 'outer authentication'. • In phase 2, an additional authentication method is used for the communication within the TLS channel.
PAGE 88
Security Configuring PEAP Benefits and Purpose PEAP (Protected Extensible Authentication Protocol) validates the identity of devices or users before they gain access to network resources. You can configure the SND Server for the PEAP network authentication. This makes sure that the SND Server gets access to protected networks.
PAGE 89
Security Configuring EAP-FAST Benefits and Purpose EAP-FAST (Flexible Authentication via Secure Tunneling) validates the identity of devices or users before they gain access to network resources. You can configure the SND Server for the EAP-FAST network authentication. This makes sure that the SND Server gets access to protected networks. Mode of Operation EAP-FAST uses (as in the case of EAP-TTLS, see Ö 86) a channel in order to protect the data transfer.
PAGE 90
Security 2. Select SECURITY – Authentication. 3. Select FAST from the Authentication method list. 4. Enter the user name and the password that are used for the configuration of the SND Server on the RADIUS server. 5. Select the settings intended to secure the communication in the channel. 6. Click Save & Restart to confirm. ª The settings will be saved.
PAGE 91
Maintenance 8 Maintenance What information do you need? A number of maintenance activities can be carried out on the SND Server. This chapter contains information on securing and resetting the parameter values. You will also learn how to carry out a restart and a device update. • ’How to Secure the SND Parameters (Backup)’ Ö 91 • ’How to Reset the SND Parameters to their Default Values’ Ö 93 • ’How to Perform an Update’ Ö 96 • ’How to Restart the SND Server’ Ö 97 8.
PAGE 92
Maintenance Displaying Parameter Values 1. 2. 3. ª Proceed as follows: Start the mySND Control Center. Select MAINTENANCE - Parameter backup. Click the icon . The current parameter values are displayed. A detailed description of the parameters can be found in the ’Parameter List’ Ö 102. Saving the Parameter File 1. 2. 3. 4. ª Proceed as follows: Start the mySND Control Center. Select MAINTENANCE - Parameter backup. Click the icon . Save the '_parameters.
PAGE 93
Maintenance 8.2 How to Reset the SND Parameters to their Default Values It is possible to reset the parameters of the SND Server to the default values (factory settings). All previously configured parameter values will be deleted in this process. Installed certificates will not be deleted. Resetting the SND Server may result in a change in the IP address and a loss of the connection to the mySND File Browser and the mySND Control Center.
PAGE 94
Maintenance Resetting Parameters via the InterCon-NetTool 1. 2. 3. 4. ª Proceed as follows: Start the InterCon-NetTool. Highlight the SND Server in the device list. Select Actions – Default Settings from the menu bar. Click Finish. The parameters are reset. Resetting the Parameters via the Reset Button LEDs, the reset button and various ports can be found on the SND Server. These components are described in the 'Quick Installation Guide'.
PAGE 95
Maintenance The phases are described in the following: [Phase 1] Reset [Phase 2] Restart Switching off the SND Server (interrupt the power supply). Switching off the SND Server (interrupt the power supply). Press and hold the reset button. Switching on the SND Server (establish the power supply). Switching on the SND Server (establish the power supply). Wait until the activity LED and status LED blink synchronously. The reset mode has been activated. Release the reset button for about 2 seconds.
PAGE 96
Maintenance 8.3 How to Perform an Update You can carry out software and firmware updates on the SND Server. Updates allow you to benefit from currently developed features. What Happens during an Update? In the course of an update, the existing firmware/software will be overwritten and replaced by a new version. The parameter default settings of the device remain unchanged.
PAGE 97
Maintenance 8.4 How to Restart the SND Server The SND Server is rebooted automatically after parameter changes or updates. If the SND Server is in an undefined state, the SND Server can also be rebooted manually. What do you want to do? ’Restarting the SND Server via the mySND Control Center’ Ö 97 ’Restarting the SND Server via the InterCon-NetTool’ Ö 97 Restarting the SND Server via the mySND Control Center 1. 2. 3. 4. ª Proceed as follows: Start the mySND Control Center.
PAGE 98
Appendix - 9 Appendix What information do you need? The appendix contains a glossary, the parameter list of the SND Server, and the index lists.
PAGE 99
Appendix - Glossary 9.1 Glossary The glossary contains information about manufacturer-specific software solutions and terms from the world of network technology.
PAGE 100
Appendix - Glossary Gateway Using a gateway, you can address IP addresses from external networks. If you want to use a gateway, you can configure the relevant parameter in the SND Server via the mySND Control Center. Hardware Address The SND Server is addressable by means of its world-wide unique hardware address. This address is commonly referred to as the MAC or Ethernet address. The manufacturer has defined this address in the hardware of the device. The address consists of 12 hexadecimal numbers.
PAGE 101
Appendix - Glossary InterCon-NetTool The software InterCon-NetTool has been developed by SEH Computertechnik GmbH for the administration of SEH network devices within a predefined network. IP Address The IP address is the unique address of each node in a network, i.e. an IP address may occur only once on a local network. The system administrator usually assigns the IP address. The address must be saved in the SND Server to make sure that it can be addressed within the network.
PAGE 102
Appendix - Parameter List 9.2 Parameter List This section contains an overview of all the parameters of the SND Server. The parameter list provides details about the functions and values of the individual parameters.
PAGE 103
Appendix - Parameter List Table 12: Parameter List - IPv4 Parameters Value Default Description ip_dhcp [DHCP] on/off on Enables/disables the DHCP protocol. ip_bootp [BOOTP] on/off on Enables/disables the BOOTP protocol. ip_auto [ARP/PING] on/off on Enables/disables the IP address assignment via ARP/PING. ip_addr [IP address] valid IP address 169.254. 0.0/16 Defines the IP address of the SND Server. ip_mask [Subnet mask] valid IP address 255.255. 0.
PAGE 104
Appendix - Parameter List Parameters Value Default Description ipv6_gate [Router] n:n:n:n:n:n:n:n :: Defines the IPv6 unicast address of the router. The SND Server sends its 'Router Solicitations' (RS) to this router. ipv6_plen [Prefix length] 0–64 [1-2 characters; 0-9] 64 Defines the length of the subnet prefix for the IPv6 address. Address ranges are indicated by prefixes. The prefix length (number of bits used) is added to the IPv6 address and specified as a decimal number.
PAGE 105
Appendix - Parameter List mySND User Manual Parameters Value Default Description snmpv1_ronly [Read-only] on/off off Enables/disables the write protection for the community. snmpv1_community [Community] max. 64 characters [a-z, A-Z, 0-9] public Defines the name of the SNMP community. The SNMP community is a basic form of access protection in which several participants with the same access rights are grouped together. snmpv3 [SNMPv3] on/off on Enables/disables SNMPv3.
PAGE 106
Appendix - Parameter List Table 16: Parameter List - POP3 Parameters Value Default Description pop3 [POP3] on/off off Enables/disables the POP3 functionality. pop3_srv [Server name] max. 128 characters [blank] Defines the POP3 server via the IP address or the host name. The host name can only be used if a DNS server was configured beforehand. pop3_port [Server port] 1–65535 [1-5 characters; 0-9] 110 Defines the port of the POP3 server used by the SND Server for receiving emails.
PAGE 107
Appendix - Parameter List mySND User Manual Parameters Value Default Description smtp_port [Server port] 1–65535 [1-5 characters; 0-9] 25 Defines the port number used by the SND Server to send emails to the SMTP server. smtp_ssl [TLS] on/off off Enables/disables TLS. The security protocol TLS (Transport Layer Security) is used to encrypt the transmission between the SND Server and the SMTP server. smtp_sender [Sender name] max.
PAGE 108
Appendix - Parameter List Table 18: Parameter List - Email Limits Parameters Value Default Description autoSndMaxKb [Total file size limit] 100–10000 [3-5 characters; 0-9] 5000 Defines the total size limit (in kB) of the files that are sent via email during the file transfer via the mySND File Ö Browser ( 64) and the automatic file transfer Ö ( 53). If the defined value is exceeded, the remaining files will be sent in additional emails during the automatic file transfer.
PAGE 109
Appendix - Parameter List Table 20: Parameter List - Description Parameters Value Default Description sys_name [Host name] max. 64 characters [a-z, A-Z, 0-9] [blank] Defines the host name of the SND Server. sys_descr [Description] max. 64 characters [a-z, A-Z, 0-9] [blank] Freely definable description (of the SND Server). sys_contact [Contact person] max. 64 characters [a-z, A-Z, 0-9] [blank] Freely definable description (of the contact person).
PAGE 110
Appendix - Parameter List mySND User Manual Parameters Value Default Description noti_pup_1 noti_pup_2 [Restart] on/off off Enables/disables the sending of emails when the SND Server is restarted. noti_stat_1 noti_stat_2 [Status email] on/off off Enables/disables the periodical sending of a status email to recipient 1 or 2. notistat_d [Status notification time] al mo tu we th fr sa su al Specifies the interval at which a status email is sent. notistat_h [hh] 1 = 1. hour 2 = 2. hour 3 = 3.
PAGE 111
Appendix - Parameter List Table 23: Parameter List - User Management Parameters Value Default Description user_active_2 ~ user_active_5 on/off off Enables/disables the user account. (The administrator account cannot be disabled.) user_name_2 ~ user_name_5 [User name] max. 32 characters [a-z, A-Z, 0-9] [blank] Defines the name for the user account in order to log on to the SND server. (The name of the administrator account cannot be changed.) user_pwd_1 ~ user_pwd_5 [Password] max.
PAGE 112
Appendix - Parameter List mySND User Manual Parameters Value Default Description user_rWr_1 ~ user_rWr_5 [Renaming/deletin g files] on/off user_rWr _1 = on Enables/disables the feature for renaming and deleting files in the mySND File Browser.
PAGE 113
Appendix - Parameter List Table 24: Parameter List - Media Assignment Parameters Value Default Description sdCardCid_1 ~ sdCardCid_16 [Device ID] hexadecimal digit [32 characters] [blank] Defines the device ID of an SD card for the unique identification on the SND Server and the assignment to the user accounts. The device ID of an SD card connected to the SND Server is shown in the mySND Control Center. sdCardName_1 ~ sdCardName_16 [Assignment name] max.
PAGE 114
Appendix - Parameter List Table 26: Parameter List - Automatic File Transfer mySND User Manual Parameters Value Default Description autoSndPDMedia on/off on Enables/disables the automatic file transfer from USB mass storage devices. autoSndPDRcp_1 autoSndPDRcp_2 [Recipient 1, Recipient 2] valid email address [max. 64 characters] [blank] Defines the email address of the recipient for the automatic file transfer from USB mass storage devices. autoSndPDDir [Source folder] max.
PAGE 115
Appendix - Parameter List Parameters Value Default Description autoSndSDDir_1 ~ autoSndSDDir_16 [Source folder] max. 64 characters [/, a-z, A-Z, 0-9] / [Root directory] Defines the folder on SD cards from which the files will be transferred automatically. The content from subfolders will not be transferred. autoSndSDExt_1 ~ autoSndSDExt_16 [File types] max. 32 characters [., a-z, A-Z, 0-9] [blank] Defines the file types that are transferred automatically from SD cards. - Schema: .
PAGE 116
Appendix - Parameter List Table 28: Parameter List - Device Access Parameters Value Default Description http_allowed [HTTP/HTTPS] on/off on Defines the permitted type of connection (HTTP/HTTPS) to the mySND File Browser and the mySND Control Center. If HTTPS is exclusively chosen as the connection type [http_allowed = off], the web access to the mySND File Browser and the mySND Control Center is protected via SSL/TLS.
PAGE 117
Appendix - Parameter List Parameters Value Default Description protection_level [Security level] protec_tcp protec_all protec_tcp Specifies the port types to be locked: - TCP ports - all ports (IP ports) ip_filter_on_1 ~ ip_filter_on_8 [IP address] on/off off Enables/disables an exception from the port locking. ip_filter_1 ~ ip_filter_8 [IP address] valid IP address [blank] Defines elements that are excluded from port locking, using the IP address.
PAGE 118
Appendix - Parameter List Parameters Value Default Description auth_extern [PEAP/EAP-FAST Options] --- = none --- Defines the kind of external authentication for the EAP authentication methods TTLS, PEAP, and FAST. --- Defines the kind of inner authentication for the EAP authentication methods TTLS, PEAP, and FAST.
PAGE 119
Appendix - Troubleshooting 9.3 Troubleshooting This chapter describes some problems and their solutions. Problem • ’The SND Server indicates the BIOS mode’ Ö 119 • ’A connection to the mySND Control Center/mySND File Browser cannot be established.’ Ö 120 • ’The password is no longer available’ Ö 121 The SND Server indicates the BIOS mode Possible Cause The SND Server switches to the BIOS mode if the firmware functions well but the software is faulty.
PAGE 120
Appendix - Troubleshooting The software must be reloaded to the SND Server so that the SND Server can switch from the BIOS mode to the normal mode. 1. 2. 3. 4. 5. ª Gehen Sie wie folgt vor: Start the InterCon-NetTool. Highlight the SND Server in the device list. You will find the SND Server under the filter 'BIOS mode'. Select Installation – IP Wizard from the menu bar. The IP Wizard is started. Follow the instructions of the wizard in order to assign an IP address to the SND Server.
PAGE 121
Appendix - Troubleshooting The password is no longer available The access to the SND server is controlled by means of user accounts. You will need a user name and a password to get access to the program. If the password is no longer available, you can reset the parameter values of the SND Server to their default settings to get access Ö 93. Previous settings will be deleted.
PAGE 122
Appendix - List of Figures 9.4 List of Figures Starting the mySND Control Center . . . . . . . . . . . . . . . . . . . . . . . 18 InterCon-NetTool - Main Dialog . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Administration via Email - Example 1 . . . . . . . . . . . . . . . . . . . . . 24 Administration via Email - Example 2 . . . . . . . . . . . . . . . . . . . . . 24 InterCon-NetTool - IP Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 mySND File Browser . . . . . . . . . . .
PAGE 123
Appendix - Index 9.
PAGE 124
Appendix - Index I IEEE 802.
PAGE 125
Appendix - Index Disable USB port 73 File filters 50 Rights 43 Root certificate 76 S S/MIME certificate 77 Security 68 Security level 74 Self-signed certificate 76 Session 72 exit 73 Time out 72 Session timeout 72 SMTP 32 SNMP trap 40 SNMPv1 31 SNMPv3 31 SSL/TLS connection 69 Subnet mask 101 Support 9 System Requirements 6 V Version Number 96 Z ZeroConf 13 T TCP port access control 74 TCP/IP 25 Test mode 74 Time of the device 39 Time server 39 Time zone 39 Types of connection 71 define 71 U Update 96 Use