Pages

Banner 468

Friday 24 January 2014

How to setup Inbound/Outbound firewall

0 comments
 

How to setup Inbound/Outbound firewall rules on NETGEAR Modem router/gateways

Symptoms: 
  • Cannot connect or access LAN devices or applications from the Internet (i.e.: FTP server, HTTP server, Podcast server, etc...)
  • Cannot play online games through NETGEAR Modem Routers
  • The NETGEAR firewall prevented certain applications to work correctly over the Internet
Resolutions:

By default, the NETGEAR Firewall rules will block and prevent any unauthorized access to your Local Area Network (LAN).  Remote access to the LAN devices or applications will only be possible after an inbound or outbound firewall rule is added to the router/gateway.  Inbound firewall rules are set of rules that would allow or permit access to the LAN services from the Internet -- the default rule blocks all incoming service requests.  On the other hand, Outbound firewall rules would prevent or deny access to the Internet from the LAN devices -- the default rule allows all outgoing traffic. 
The steps below will show you how to configure inbound/outbound firewall rules:
1. Open Internet browser and access http://192.168.0.1 or http://www.routerlogin.com.  
2. Enter admin for username and password for password. If you have changed the default password, please enter your customized password when prompted.
3. On the left panel under Security (Content Filtering, for older devices) , click Firewall Rules
4. Click the Add button under the type of rule (Outbound or Inbound) that you would like to add.
5. Select the desired Service from the list.  If necessary, you can define a customized service.  To add a new customized Service, follow these steps:
    1. On the left panel, under Security (Content Filtering for older models), click Services.
    2. Click the Add Custom Service button.
    3. Create a Name for the new service
    4. Select the Type of protocol that the service will be using.
    5. Enter the Starting port and Ending port
    6. Click Apply to finish adding the new custom service.
6. Under Action, select the appropriate action for packets covered for this rule.
  • Note: To define the Schedule used in these selections, use the "Schedule" option listed on the Security or Content Filteringsection.
7. Under the Send to LAN server field, enter the IP address of the PC or Server on your LAN which will receive the inbound or outbound traffic covered by this rule.
8. Select an option for WAN Users. This setting determine which packets are covered by the rule, based on their source (WAN) IP address. Here are the options:
    • Any - All IP addresses are covered by this rule
    • Address range - If this option is selected, you must enter the "Start" and "Finish" fields
    • Single address - Enter the required address in the "Start" fields.
9. Select an option under Log. This determines whether packets covered by this rule are logged. Select the desired action.
    • Always - always log traffic considered by this rule, whether it matches or not. (This is useful when debugging your rules.)
    • Never - never log traffic considered by this rule, whether it matches or not.
    • Match - Log traffic only it matches this rule. (The action is determined by this rule.)
    • Not Match - Log traffic which is considered by this rule, but does not match (The action is NOT determined by this rule.)
10. Click on Apply button.

This applies to:
     > Netgear MBR624GU, DGND3300, DGN2000, DG834G and DG834N.


Readmore...
Wednesday 22 January 2014

Ethernet Tutorial Adding Speed

0 comments
 
The phrase “you can never get too much of a good thing” can certainly be applied to networking. Once the benefits of networking are demonstrated, there is a thirst for even faster, more reliable connections to support a growing number of users and highly-complex applications.
How to obtain that added bandwidth can be an issue. While repeaters allow LANs to extend beyond normal distance limitations, they still limit the number of nodes that can be supported.
Bridges and switches on the other hand allow LANs to grow significantly larger by virtue of their ability to support full Ethernet segments on each port. Additionally, bridges and switches selectively filter network traffic to only those packets needed on each segment, significantly increasing throughput on each segment and on the overall network.
Network managers continue to look for better performance and more flexibility for network topologies, bridges and switches. To provide a better understanding of these and related technologies, this tutorial will cover:
  • Bridges
  • Ethernet Switches
  • Routers
  • Network Design Criteria
  • When and Why Ethernets Become Too Slow
  • Increasing Performance with Fast and Gigabit Ethernet

Bridges

Bridges connect two LAN segments of similar or dissimilar types, such as Ethernet and Token Ring. This allows two Ethernet segments to behave like a single Ethernet allowing any pair of computers on the extended Ethernet to communicate. Bridges are transparent therefore computers don’t know whether a bridge separates them.
Bridges map the Ethernet addresses of the nodes residing on each network segment and allow only necessary traffic to pass through the bridge. When a packet is received by the bridge, the bridge determines the destination and source segments. If the segments are the same, the packet is dropped or also referred to as “filtered"; if the segments are different, then the packet is "forwarded" to the correct segment. Additionally, bridges do not forward bad or misaligned packets.
Bridges are also called "store-and-forward" devices because they look at the whole Ethernet packet before making filtering or forwarding decisions. Filtering packets and regenerating forwarded packets enables bridging technology to split a network into separate collision domains. Bridges are able to isolate network problems; if interference occurs on one of two segments, the bridge will receive and discard an invalid frame keeping the problem from affecting the other segment. This allows for greater distances and more repeaters to be used in the total network design.

Dealing with Loops

Most bridges are self-learning task bridges; they determine the user Ethernet addresses on the segment by building a table as packets that are passed through the network. However, this self-learning capability dramatically raises the potential of network loops in networks that have many bridges. A loop presents conflicting information on which segment a specific address is located and forces the device to forward all traffic. The Distributed Spanning Tree (DST) algorithm is a software standard (found in the IEEE 802.1d specification) that describes how switches and bridges can communicate to avoid network loops.

Ethernet Switches

Ethernet switches are an expansion of the Ethernet bridging concept. The advantage of using a switched Ethernet is parallelism. Up to one-half of the computers connected to a switch can send data at the same time.
LAN switches link multiple networks together and have two basic architectures: cut-through and store-and-forward. In the past, cut-through switches were faster because they examined the packet destination address only before forwarding it on to its destination segment. A store-and-forward switch works like a bridge in that it accepts and analyzes the entire packet before forwarding it to its destination.
Historically, store-and-forward took more time to examine the entire packet, although one benefit was that it allowed the switch to catch certain packet errors and keep them from propagating through the network. Today, the speed of store-and-forward switches has caught up with cut-through switches so the difference between the two is minimal. Also, there are a large number of hybrid switches available that mix both cut-through and store-and-forward architectures.
Both cut-through and store-and-forward switches separate a network into collision domains, allowing network design rules to be extended. Each of the segments attached to an Ethernet switch has a full 10 Mbps of bandwidth shared by fewer users, which results in better performance (as opposed to hubs that only allow bandwidth sharing from a single Ethernet). Newer switches today offer high-speed links, either Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet or ATM. These are used to link switches together or give added bandwidth to high-traffic servers. A network composed of a number of switches linked together via uplinks is termed a "collapsed backbone" network.
Switches and Dedicated Ethernet Examples

Routers

A router is a device that forwards data packets along networks, and determines which way to send each data packet based on its current understanding of the state of its connected networks. Routers are typically connected to at least two networks, commonly two LANs or WANs or a LAN and its Internet Service Provider’s (ISPs) network. Routers are located at gateways, the places where two or more networks connect.
Routers filter out network traffic by specific protocol rather than by packet address. Routers also divide networks logically instead of physically. An IP router can divide a network into various subnets so that only traffic destined for particular IP addresses can pass between segments. Network speed often decreases due to this type of intelligent forwarding. Such filtering takes more time than that exercised in a switch or bridge, which only looks at the Ethernet address. However, in more complex networks, overall efficiency is improved by using routers.

Network Design Criteria

Ethernets and Fast Ethernets have design rules that must be followed in order to function correctly. The maximum number of nodes, number of repeaters and maximum segment distances are defined by the electrical and mechanical design properties of each type of Ethernet media.
A network using repeaters, for instance, functions with the timing constraints of Ethernet. Although electrical signals on the Ethernet media travel near the speed of light, it still takes a finite amount of time for the signal to travel from one end of a large Ethernet to another. The Ethernet standard assumes it will take roughly 50 microseconds for a signal to reach its destination.
Ethernet is subject to the "5-4-3" rule of repeater placement: the network can only have five segments connected; it can only use four repeaters; and of the five segments, only three can have users attached to them; the other two must be inter-repeater links.
If the design of the network violates these repeater and placement rules, then timing guidelines will not be met and the sending station will resend that packet. This can lead to lost packets and excessive resent packets, which can slow network performance and create trouble for applications. New Ethernet standards (Fast Ethernet, GigE, and 10 GigE) have modified repeater rules, since the minimum packet size takes less time to transmit than regular Ethernet. The length of the network links allows for a fewer number of repeaters. In Fast Ethernet networks, there are two classes of repeaters. Class I repeaters have a latency of 0.7 microseconds or less and are limited to one repeater per network. Class II repeaters have a latency of 0.46 microseconds or less and are limited to two repeaters per network. The following are the distance (diameter) characteristics for these types of Fast Ethernet repeater combinations:
Fast Ethernet Copper Fiber
No Repeaters
One Class I Repeater
One Class II Repeater
Two Class II Repeaters
100m
200m
200m
205m
412m*
272m
272m
228m
* Full Duplex Mode 2 km
When conditions require greater distances or an increase in the number of nodes/repeaters, then a bridge, router or switch can be used to connect multiple networks together. These devices join two or more separate networks, allowing network design criteria to be restored. Switches allow network designers to build large networks that function well. The reduction in costs of bridges and switches reduces the impact of repeater rules on network design.
Each network connected via one of these devices is referred to as a separate collision domain in the overall network.

When and Why Ethernets Become Too Slow

As more users are added to a shared network or as applications requiring more data are added, performance deteriorates. This is because all users on a shared network are competitors for the Ethernet bus. On a moderately loaded 10Mbps Ethernet network that is shared by 30-50 users, that network will only sustain throughput in the neighborhood of 2.5Mbps after accounting for packet overhead, interpacket gaps and collisions.
Increasing the number of users (and therefore packet transmissions) creates a higher collision potential. Collisions occur when two or more nodes attempt to send information at the same time. When they realize that a collision has occurred, each node shuts off for a random time before attempting another transmission. With shared Ethernet, the likelihood of collision increases as more nodes are added to the shared collision domain of the shared Ethernet. One of the steps to alleviate this problem is to segment traffic with a bridge or switch. A switch can replace a hub and improve network performance. For example, an eight-port switch can support eight Ethernets, each running at a full 10 Mbps. Another option is to dedicate one or more of these switched ports to a high traffic device such as a file server.
Greater throughput is required to support multimedia and video applications. When added to the network, Ethernet switches provide a number of enhancements over shared networks that can support these applications. Foremost is the ability to divide networks into smaller and faster segments. Ethernet switches examine each packet, determine where that packet is destined and then forward that packet to only those ports to which the packet needs to go. Modern switches are able to do all these tasks at "wirespeed," that is, without delay.
Aside from deciding when to forward or when to filter the packet, Ethernet switches also completely regenerate the Ethernet packet. This regeneration and re-timing allows each port on a switch to be treated as a complete Ethernet segment, capable of supporting the full length of cable along with all of the repeater restrictions. The standard Ethernet slot time required in CSMA/CD half-duplex modes is not long enough for running over 100m copper, so Carrier Extension is used to guarantee a 512-bit slot time.
Additionally, bad packets are identified by Ethernet switches and immediately dropped from any future transmission. This "cleansing" activity keeps problems isolated to a single segment and keeps them from disrupting other network activity. This aspect of switching is extremely important in a network environment where hardware failures are to be anticipated. Full duplex doubles the bandwidth on a link, and is another method used to increase bandwidth to dedicated workstations or servers. Full duplex modes are available for standard Ethernet, Fast Ethernet, and Gigabit Ethernet. To use full duplex, special network interface cards are installed in the server or workstation, and the switch is programmed to support full duplex operation.

Increasing Performance with Fast and Gigabit Ethernet

Implementing Fast or Gigabit Ethernet to increase performance is the next logical step when Ethernet becomes too slow to meet user needs. Higher traffic devices can be connected to switches or each other via Fast Ethernet or Gigabit Ethernet, providing a great increase in bandwidth. Many switches are designed with this in mind, and have Fast Ethernet uplinks available for connection to a file server or other switches. Eventually, Fast Ethernet can be deployed to user desktops by equipping all computers with Fast Ethernet network interface cards and using Fast Ethernet switches and repeaters.
With an understanding of the underlying technologies and products in use in Ethernet networks, the next tutorial will advance to a discussion of some of the most popular real-world applications.
Readmore...

An Introduction to Device Servers

0 comments
 
The ability to manage virtually any electronic device over a network or the Internet is changing our world. Companies want to remotely manage, monitor, diagnose and control their equipment because doing so adds an unprecedented level of intelligence and efficiency to their businesses. 
With this trend, and as we rely on applications like e-mail and database management for core business operations, the need for more fully-integrated devices and systems to monitor and manage the vast amount of data and information becomes increasingly more important. And, in a world where data and information is expected to be instantaneous, the ability to manage, monitor and even repair equipment from a distance is extremely valuable to organizations in every sector.
This need is further emphasized as companies with legacy non-networked equipment struggle to compete with organizations equipped with advanced networking capabilities such as machine-to-machine (M2M) communications. There’s no denying that advanced networking provides an edge to improving overall efficiencies.
This tutorial will provide an overview and give examples of how device servers make it easy to put just about any piece of electronic equipment on an Ethernet network. It will highlight the use of external device servers and their ability to provide serial connectivity for a variety of applications. It will touch on how device networking makes M2M communication possible and wireless technology even more advanced. Finally, as any examination of networking technologies requires consideration of data security, this paper will provide an overview of some the latest encryption technologies available for connecting devices securely to the network.

Moving from Serial to Ethernet
An Introduction to Device Server Technology

For some devices, the only access available to a network manager or programmer is via a serial port. The reason for this is partly historical and partly evolutionary. Historically, Ethernet interfacing has usually been a lengthy development process involving multiple vendor protocols (some of which have been proprietary) and the interpretation of many RFCs. Some vendors believed Ethernet was not necessary for their product which was destined for a centralized computer center - others believed that the development time and expense required to have an Ethernet interface on the product was not justified.
From the evolutionary standpoint, the networking infrastructure of many sites has only recently been developed to the point that consistent and perceived stability has been obtained - as users and management have become comfortable with the performance of the network, they now focus on how they can maximize corporate productivity in non-IS capacities.
Device server technology solves this problem by providing an easy and economical way to connect the serial device to the network.
Device Server topology exampleLet's use the Lantronix UDS100 Device Server as an example of how to network a RAID controller serial port. The user simply cables the UDS100 's serial port to the RAID controller's serial port and attaches the UDS100's Ethernet interface to the network. Once it has been configured, the UDS100 makes that serial port a networked port, with its own IP address. The user can now connect to the UDS100 's serial port over a network, from a PC or terminal emulation device and perform the same commands as if he was using a PC directly attached to the RAID controller. Having now become network enabled, the RAID can be managed or controlled from anywhere on the network or via the Internet.
The key to network-enabling serial equipment is in a device server’s ability to handle two separate areas:
  1. the connection between the serial device and the device server
  2. the connection between the device server and the network (including other network devices)
Traditional terminal, print and serial servers were developed specifically for connecting terminals, printers and modems to the network and making those devices available as networked devices. Now, more modern demands require other devices be network-enabled, and therefore device servers have become more adaptable in their handling of attached devices. Additionally, they have become even more powerful and flexible in the manner in which they provide network connectivity.

Device Servers Defined

A device server is “a specialized network-based hardware device designed to perform a single or specialized set of functions with client access independent of any operating system or proprietary protocol.” 
Device servers allow independence from proprietary protocols and the ability to meet a number of different functions. The RAID controller application discussed above is just one of many applications where device servers can be used to put any device or "machine" on the network. 
PCs have been used to network serial devices with some success.  This, however, required the product with the serial port to have software able to run on the PC, and then have that application software allow the PC's networking software to access the application. This task equaled the problems of putting Ethernet on the serial device itself so it wasn’t a satisfactory solution. 
To be successful, a device server must provide a simple solution for networking a device and allow access to that device as if it were locally available through its serial port. Additionally, the device server should provide for the multitude of connection possibilities that a device may require on both the serial and network sides of a connection. Should the device be connected all the time to a specific host or PC? Are there multiple hosts or network devices that may want or need to connect to the newly-networked serial device? Are there specific requirements for an application which requires the serial device to reject a connection from the network under certain circumstances? The bottom line is a server must have both the flexibility to service a multitude of application requirements and be able to meet all the demands of those applications.

Capitalizing on Lantronix Device Server Expertise and Proven Solutions

Lantronix is at the forefront of M2M communication technology.  The company is highly focused on enabling the networking of devices previously not on the network so they can be accessed and managed remotely.

Lantronix has built on its long history and vast experience as a terminal, print and serial server technology company to develop more functionality in its servers that “cross the boundary” of what many would call traditional terminal or print services. Our technology provides:
  • The ability to translate between different protocols to allow non-routable protocols to be routed
  • The ability to allow management connections to single-port servers while they are processing transactions between their serial port and the network
  • A wide variety of options for both serial and network connections including serial tunneling and automatic host connection make these servers some of the most sophisticated Ethernet-enabling devices available today.

Ease of Use

As an independent device on the network, device servers are surprisingly easy to manage. Lantronix has spent years perfecting Ethernet protocol software and its engineers have provided a wide range of management tools for this device server technology. Serial ports are ideal vehicles for device management purposes - a simple command set allows easy configuration. The same command set that can be exercised on the serial port can be used when connecting via Telnet to a Lantronix device server.
An important feature to remember about the Lantronix Telnet management interface is that it can actually be run as a second connection while data is being transferred through the server - this feature allows the user to actually monitor the data traffic on even a single-port server's serial port connection while active. Lantronix device servers also support SNMP, the recognized standard for IP management that is used by many large network for management purposes.
Finally, Lantronix has its own management software utilities which utilize a graphical user interface providing an easy way to manage Lantronix device servers. In addition, the servers all have Flash ROMs which can be reloaded in the field with the latest firmware.

Device Servers for a Host of Applications

This section will discuss how device servers are used to better facilitate varying applications such as:
  • Data Acquisition
  • M2M
  • Wireless Communication/Networking
  • Factory/Industrial Automation
  • Security Systems
  • Bar Code Readers and Point-of-sale Scanners
  • Medical Applications

Data Acquisition

Microprocessors have made their way into almost all aspects of human life, from automobiles to hockey pucks. With so much data available, organizations are challenged to effectively and efficiently gather and process the information. There are a wide variety of interfaces to support communication with devices. RS-485 is designed to allow for multiple devices to be linked by a multidrop network of RS-485 serial devices. This standard also had the benefit of greater distance than offered by the RS-232/RS-423 and RS-422 standards.
However, because of the factors previously outlined, these types of devices can further benefit from being put on an Ethernet network. First, Ethernet networks have a greater range than serial technologies. Second, Ethernet protocols actually monitor packet traffic and will indicate when packets are being lost compared to serial technologies which do not guarantee data integrity.
Lantronix full family of device server products provides the comprehensive support required for network enabling different serial interfaces. Lantronix provides many device servers which support RS-485 and allow for easy integration of these types of devices into the network umbrella. For RS-232 or RS-423 serial devices, they can be used to connect equipment to the network over either Ethernet or Fast Ethernet.

An example of device server collaboration at work is Lantronix's partnership with Christie Digital Systems, a leading provider of visual solutions for business, entertainment and industry. Christie integrates Lantronix SecureBox® secure device server with feature-rich firmware designed and programmed by Christie for its CCM products. The resulting product line, called the ChristieNET SecureCCM, provided the encryption security needed for use in the company’s key markets, which include higher education and government. Demonstrating a convergence of AV and IT equipment to solve customer needs, ChristieNET SecureCCM was the first product of its kind to be certified by the National Institute of Standards and Technology (NIST).

M2M and Wireless Communications

Two extremely important and useful technologies for communication that depend heavily on device servers are M2M and wireless networking.
Made possible by device networking technology, M2M enables serial-based devices throughout a facility to communicate with each other and humans over a Local Area Network/Wide Area Network (LAN/WAN) or via the Internet. The prominent advantages to business include:
  • Serial Tunneling diagramMaximized efficiency
  • More streamlined operations
  • Improved service
Lantronix Device Servers enable M2M communications either between the computer and serial device, or from one serial device to another over the Internet or Ethernet network using “serial tunneling.” Using this serial to Ethernet method, the “tunnel” can extend across a facility or to other facilities all over the globe.
M2M technology opens a new world of business intelligence and opportunity for organizations in virtually every market sector. Made possible through device servers, M2M offers solutions for equipment manufacturers, for example, who need to control service costs. Network enabled equipment can be monitored at all times for predictive maintenance. Often when something is wrong, a simple setting or switch adjustment is all that is required. When an irregularity is noted, the system can essentially diagnose the problem and send the corrective instructions. This negates a time-consuming and potentially expensive service call for a trivial issue. If servicing is required, the technician leaves knowing exactly what is wrong and with the proper equipment and parts to correct the problem. Profitability is maximized through better operating efficiencies, minimized cost overruns and fewer wasted resources.
Traditional Service Model diagram
Remote Mgmt. Service Model diagram
M2M technology also greatly benefits any organization that cannot afford downtime, such as energy management facilities where power failures can be catastrophic, or hospitals who can’t afford interruptions with lives at stake. By proactively monitoring networked-enabled equipment to ensure it is functioning properly at all times, business can ensure uptime on critical systems, improve customer service and increase profitability.

Wireless Networking

Wireless networking, allows devices to communicate over the airwaves and without wires by using standard networking protocols. There are currently a variety of competing standards available for achieving the benefits of a wireless network. Here is a brief description of each:
Bluetooth
is a standard that provides short-range wireless connections between computers, Pocket PCs, and other equipment.
ZigBee
is a proprietary set of communication protocols designed to use small, low power digital radios based on the IEEE 802.15.4 standard for wireless personal area networking.
802.11
is an IEEE specification for a wireless LAN airlink.
802.11b (or Wi-Fi)
is an industry standard for wireless LANs and supports more users and operates over longer distances than other standards. However, it requires more power and storage. 802.11b offers wireless transmission over short distances at up to 11 megabits per second. When used in handheld devices, 802.11b provides similar networking capabilities to devices enabled with Bluetooth.
802.11g
is the most recently approved standard and offers wireless transmission over short distances at up to 54 megabits per second. Both 802.11b and 802.11g operate in the 2.4 GHz range and are therefore compatible.
For more in-depth information, please consult the Lantronix wireless whitepaper which is available online.
Wireless technology is especially ideal in instances when it would be impractical or cost-prohibitive for cabling; or in instances where a high level of mobility is required.
Wireless topology diagram
Wireless device networking has benefits for all types of organizations. For example, in the medical field, where reduced staffing, facility closures and cost containment pressures are just a few of the daily concerns, device networking can assist with process automation and data security. Routine activities such as collection and dissemination of data, remote patient monitoring, asset tracking and reducing service costs can be managed quickly and safely with the use of wireless networked devices. In this environment, Lantronix device servers can network and manage patient monitoring devices, mobile EKG units, glucose analyzers, blood analyzers, infusion pumps, ventilators and virtually any other diagnostic tool with serial capability over the Internet.
Forklift accidents in large warehouses cause millions of dollars in damaged product, health claims, lost work and equipment repairs each year. To minimize the lost revenue and increase their profit margin and administrative overhead, “a company” has utilized wireless networking technology to solve the problem. Using Lantronix serial-to-802.11 wireless device server “the company” wirelessly network-enables a card reader which is tied to the ignition system of all the forklifts in the warehouse. Each warehouse employee has an identification card. The forklift operator swipes his ID card before trying to start the forklift. The information from his card is sent back via wireless network to computer database and it checks to see if he has proper operator’s license, and that the license is current. If so, forklift can start. If not – the starter is disabled.

Factory Floor Automation

For shops that are running automated assembly and manufacturing equipment, time is money. For every minute a machine is idle, productivity drops and the cost of ownership soars. Many automated factory floor machines have dedicated PCs to control them. In some cases, handheld PCs are used to reprogram equipment for different functions such as changing computer numerically controlled (CNC) programs or changing specifications on a bottling or packaging machine to comply with the needs of other products. These previously isolated pieces of industrial equipment could be networked to allow them to be controlled and reprogrammed over the network, saving time and increasing shop efficiency. For example, from a central location (or actually from anywhere in the world for that matter) with network connectivity, the machines can be accessed and monitored over the network. When necessary, new programs can be downloaded to the machine and software/firmware updates can be installed remotely.
One item of interest is how that input programming is formatted. Since many industrial and factory automation devices are legacy or proprietary, any number of different data protocols could be used. Device servers provide the ability to utilize the serial ports on the equipment for virtually any kind of data transaction.
Lantronix device servers support binary character transmissions. In these situations, managing the rate of information transfer is imperative to guard against data overflow. The ability to manage data flow between computers, devices or nodes in a network, so that data can be handled efficiently is referred to as flow control. Without it, the risk of data overflow can result in information being lost or needing to be retransmitted.
Lantronix accounts for this need by supporting RTS/CTS flow control on its DB25 and RJ45 ports. Lantronix device servers handle everything from a simple ASCII command file to a complex binary program that needs to be transmitted to a device.

Security Systems

One area that every organization is concerned about is security. Card readers for access control are commonplace, and these devices are ideally suited to benefit from being connected to the network with device server technology. When networked, the cards can be checked against a centralized database on the system and there are records of all access within the organization. Newer technology includes badges that can be scanned from a distance of up to several feet and biometric scanning devices that can identify an individual by a thumbprint or handprint. Device servers enable these types of devices to be placed throughout an organization's network and allow them to be effectively managed by a minimum staff at a central location. They allow the computer controlling the access control to be located a great distance away from the actual door control mechanism.
An excellent example is how ISONAS Security Systems utilized Lantonix WiPort® embedded device server to produce the World’s first wireless IP door reader for the access control and security industry. With ISONAS reader software, network administrators can directly monitor and control an almost unlimited number of door readers across the enterprise. The new readers, incorporating Lantronix wireless technology, connect directly to an IP network and eliminate the need for traditional security control panels and expensive wiring. The new solutions are easy to install and configure, enabling businesses to more easily adopt access control, time and attendance or emergency response technology. What was traditionally a complicated configuration and installation is now as simple as installing wireless access points on a network.
One more area of security systems that has made great strides is in the area of security cameras. In some cases, local municipalities are now requesting that they get visual proof of a security breach before they will send authorities. Device server technology provides the user with a host of options for how such data can be handled. One option is to have an open data pipe on a security camera - this allows all data to be viewed as it comes across from the camera. The device server can be configured so that immediately upon power-up the serial port attached to the camera will be connected to a dedicated host system.
Another option is to have the camera transmit only when it has data to send. By configuring the device server to automatically connect to a particular site when a character first hits the buffer, data will be transmitted only when it is available.
One last option is available when using the IP protocol - a device server can be configured to transmit data from one serial device to multiple IP addresses for various recording or archival concerns. Lantronix device server technology gives the user many options for tuning the device to meet the specific needs of their application.

Scanning Devices

Device server technology can be effectively applied to scanning devices such as bar code readers or point-of-sale debit card scanners. When a bar code reader is located in a remote corner of the warehouse at a receiving dock, a single-port server can link the reader to the network and provide up-to-the-minute inventory information. A debit card scanner system can be set up at any educational, commercial or industrial site with automatic debiting per employee for activities, meals and purchases. A popular amusement park in the United States utilizes such a system to deter theft or reselling of partially-used admission tickets.

Medical Applications

The medical field is an area where device server technology can provide great flexibility and convenience. Many medical organizations now run comprehensive applications developed specifically for their particular area of expertise. For instance, a group specializing in orthopedics may have x-ray and lab facilities onsite to save time and customer effort in obtaining test results.  Connecting all the input terminals, lab devices, x-ray machines and developing equipment together allows for efficient and effective service. Many of these more technical devices previously relied upon serial communication or worse yet, processing being done locally on a PC. Utilizing device server technology they can all be linked together into one seamless application. And an Internet connection enables physicians the added advantage of access to immediate information relevant to patient diagnosis and treatment.
Larger medical labs, where there are hundreds of different devices available for providing test data, can improve efficiency and lower equipment costs by using device server technology to replace dedicated PCs at each device. Device servers only cost a fraction of PCs. And, the cost calculation is not just the hardware alone, but the man-hours required to create software that would allow a PC-serial-port-based applications program to be converted into a program linking that information to the PC's network port. Device server technology resolves this issue by allowing the original applications software to be run on a networked PC and then use port redirector software to connect up to that device via the network. This enables the medical facility to transition from a PC at each device and software development required to network that data, to using only a couple of networked PCs doing the processing for all of the devices.

Additional Network Security

Of course, with the ability to network devices comes the risk of outsiders obtaining access to important and confidential information. Security can be realized through various encryption methods. 
There are two main types of encryption: asymmetric encryption (also known as public-key encryption) and symmetric encryption. There are many algorithms for encrypting data based on these types.
AES
AES (Advanced Encryption Standards) is a popular and powerful encryption standard that has not been broken. Select Lantronix device servers feature a NIST-certified implementation of AES as specified by the Federal Information Processing Specification (FIPS-197). This standard specifies Rijndael as a FIPS-approved symmetric encryption algorithm that may be used to protect sensitive information.  A common consideration for device networking devices is that they support AES and are validated against the standard to demonstrate that they properly implement the algorithm. It is important that a validation certificate is issued to the product’s vendor which states that the implementation has been tested. Lantronix offers several AES certified devices including the AES Certified SecureBox SDS1100 and the AES Certified SecureBox SDS2100.
Secure Shell Encryption
Secure Shell (SSH) is a program that provides strong authentication and secure communications over unsecured channels. It is used as a replacement for Telnet, rlogin, rsh, and rcp, to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. AES is one of the many encryption algorithms supported by SSH. Once a session key is established SSH uses AES to protect data in transit.
Both SSH and AES are extremely important to overall network security by maintaining strict authentication for protection against intruders as well as symmetric encryption to protect transmission of dangerous packets. AES certification is reliable and can be trusted to handle the highest network security issues.
WEP
Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs) which are defined in the 802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN, however LANs provide more security by their inherent physical structure that can be protected from unauthorized access. WLANs, which are over radio waves, do not have the same physical structure and therefore are more vulnerable to tampering. WEP provides security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another.  However, it has been found that WEP is not as secure as once believed. WEP is used at the data link and physical layers of the OSI model and does not offer end-to-end security.
WPA
Supported by many newer devices, Wi-Fi Protected Access (WPA) is a Wi-Fi standard that was designed to improve upon the security features of WEP. WPA technology works with existing Wi-Fi products that have been enabled with WEP, but WPA includes two improvements over WEP. The first is improved data encryption via the temporal key integrity protocol (TKIP), which scrambles keys using a hashing algorithm and adds an integrity-checking feature to ensure that keys haven’t been tampered with. The second is user authentication through the extensible authentication protocol (EAP). EAP is built on a secure public-key encryption system, ensuring that only authorized network users have access. EAP is generally missing from WEP, which regulates access to a wireless network based on the computer’s hardware-specific MAC Address. Since this information can be easily stolen, there is an inherent security risk in relying on WEP encryption alone. 

Incorporating Encryption with Device Servers

In the simplest connection scheme where two device servers are set up as a serial tunnel, no encryption application programming is required since both device servers can perform the encryption automatically. However, in the case where a host-based application is interacting with the serial device through its own network connection, modification of the application is required to support data encryption.

Applications Abound

While this paper provides a quick snapshot of device servers at work in a variety of applications, it should be noted that this is only a sampling of the many markets where these devices could be used. With the ever-increasing requirement to manage, monitor, diagnose and control many and different forms of equipment and as device server technology continues to evolve, the applications are literally only limited by the imagination.

Glossary of terms *

Serial server
traditionally, a unit used for connecting a modem to the network for shared access among users.
Terminal server
traditionally, a unit that connects asynchronous devices such as terminals, printers, hosts, and modems to a LAN or WAN.
Device server
a specialized network-based hardware device designed to perform a single or specialized set of functions with client access independent of any operating system or proprietary protocol.
Print server
a host device that connects and manages shared printers over a network.
Console server
software that allows the user to connect consoles from various equipment into the serial ports of a single device and gain access to these consoles from anywhere on the network.
Console manager
a unit or program that allows the user to remotely manage serial devices, including servers, switches, routers and telecom equipment.
Readmore...

Device Server Technology

0 comments
 
Device networking starts with a device server, which allows almost any device with serial connectivity to connect to Ethernet networks quickly and cost-effectively. These products include all of the elements needed for device networking and because of their scalability; they do not require a server or gateway.
This tutorial provides an introduction to the functionality of a variety of device servers.  It will cover print servers, terminal servers and console servers, as well as embedded and external device servers.  For each of these categories, there will also be a review of specific Lantronix offerings.

An Introduction to Device Servers

A device server is characterized by a minimal operating architecture that requires no per seat network operating system license, and client access that is independent of any operating system or proprietary protocol. In addition the device server is a "closed box," delivering extreme ease of installation, minimal maintenance, and can be managed by the client remotely via a web browser.
By virtue of its independent operating system, protocol independence, small size and flexibility, device servers are able to meet the demands of virtually any network-enabling application. The demand for device servers is rapidly increasing because organizations need to leverage their networking infrastructure investment across all of their resources. Many currently installed devices lack network ports or require dedicated serial connections for management -- device servers allow those devices to become connected to the network.
Device servers are currently used in a wide variety of environments in which machinery, instruments, sensors and other discrete devices generate data that was previously inaccessible through enterprise networks. They are also used for security systems, point-of-sale applications, network management and many other applications where network access to a device is required.
As device servers become more widely adopted and implemented into specialized applications, we can expect to see variations in size, mounting capabilities and enclosures. Device servers are also available as embedded devices, capable of providing instant networking support for developers of future products where connectivity will be required.
Print servers, terminal servers, remote access servers and network time servers are examples of device servers which are specialized for particular functions. Each of these types of servers has unique configuration attributes in hardware or software that help them to perform best in their particular arena.

External Device Servers

External device servers are stand-alone serial-to-wireless (802.11b) or serial-to-Ethernet device servers that can put just about any device with serial connectivity on the network in a matter of minutes so it can be managed remotely.

External Device Servers from Lantronix

Lantronix external device servers provide the ability to remotely control, monitor, diagnose and troubleshoot equipment over a network or the Internet.  By opting for a powerful external device with full network and web capabilities, companies are able to preserve their present equipment investments.   
Lantronix offers a full line of external device servers:  Ethernet or wireless, advanced encryption for maximum security, and device servers designed for commercial or heavy-duty industrial applications.
Wireless: 
Providing a whole new level of flexibility and mobility, these devices allow users to connect devices that are inaccessible via cabling.  Users can also add intelligence to their businesses by putting mobile devices, such as medical instruments or warehouse equipment, on networks.
Security:
Ideal for protecting data such as business transactions, customer information, financial records, etc., these devices provide enhanced security for networked devices.
Commercial: 
These devices enable users to network-enable their existing equipment (such as POS devices, AV equipment, medical instruments, etc.) simply and cost-effectively, without the need for special software.
Industrial: 
For heavy-duty factory applications, Lantronix offers a full complement of industrial-strength external device servers designed for use with manufacturing, assembly and factory automation equipment. All models support Modbus industrial protocols.

Embedded Device Servers

Embedded device servers integrate all the required hardware and software into a single embedded device.  They use a device’s serial port to web-enable or network-enable products quickly and easily without the complexities of extensive hardware and software integration. Embedded device servers are typically plug-and-play solutions that operate independently of a PC and usually include a wireless or Ethernet connection, operating system, an embedded web server, a full TCP/IP protocol stack, and some sort of encryption for secure communications.

Embedded Device Servers from Lantronix

Lantronix recognizes that design engineers are looking for a simple, cost-effective and reliable way to seamlessly embed network connectivity into their products.  In a fraction of the time it would take to develop a custom solution, Lantronix embedded device servers provide a variety of proven, fully integrated products.  OEMs can add full Ethernet and/or wireless connectivity to their products so they can be managed over a network or the Internet.
Module: 
These devices allow users tonetwork-enable just about any electronic device with Ethernet and/or wireless connectivity.
Board-Level: 
Users can integrate networking capabilities onto the circuit boards of equipment like factory machinery, security systems and medical devices.
Single-Chip Solutions: 
These powerful, system-on-chip solutions help users address networking issues early in the design cycle to support the most popular embedded networking technologies.

Terminal Servers

Terminal servers are used to enable terminals to transmit data to and from host computers across LANs, without requiring each terminal to have its own direct connection. And while the terminal server's existence is still justified by convenience and cost considerations, its inherent intelligence provides many more advantages. Among these is enhanced remote monitoring and control. Terminal servers that support protocols like SNMP make networks easier to manage.
Devices that are attached to a network through a server can be shared between terminals and hosts at both the local site and throughout the network. A single terminal may be connected to several hosts at the same time (in multiple concurrent sessions), and can switch between them. Terminal servers are also used to network devices that have only serial outputs. A connection between serial ports on different servers is opened, allowing data to move between the two devices.
Given its natural translation ability, a multi-protocol server can perform conversions between the protocols it knows such as LAT and TCP/IP. While server bandwidth is not adequate for large file transfers, it can easily handle host-to-host inquiry/response applications, electronic mailbox checking, etc. In addition, it is far more economical than the alternatives -- acquiring expensive host software and special-purpose converters. Multiport device and print servers give users greater flexibility in configuring and managing their networks.
Whether it is moving printers and other peripherals from one network to another, expanding the dimensions of interoperability or preparing for growth, terminal servers can fulfill these requirements without major rewiring. Today, terminal servers offer a full range of functionality, ranging from 8 to 32 ports, giving users the power to connect terminals, modems, servers and virtually any serial device for remote access over IP networks.

Print Servers

Print servers enable printers to be shared by other users on the network. Supporting either parallel and/or serial interfaces, a print server accepts print jobs from any person on the network using supported protocols and manages those jobs on each appropriate printer.
The earliest print servers were external devices, which supported printing via parallel or serial ports on the device. Typically, only one or two protocols were supported. The latest generations of print servers support multiple protocols, have multiple parallel and serial connection options and, in some cases, are small enough to fit directly on the parallel port of the printer itself. Some printers have embedded or internal print servers. This design has an integral communication benefit between printer and print server, but lacks flexibility if the printer has physical problems.
Print servers generally do not contain a large amount of memory; printers simply store information in a queue. When the desired printer becomes available, they allow the host to transmit the data to the appropriate printer port on the server. The print server can then simply queue and print each job in the order in which print requests are received, regardless of protocol used or the size of the job.
Terminal / Printer Server Example

Device Server Technology in the Data Center

The IT/data center is considered the pulse of any modern business.  Remote management enables users to monitor and manage global networks, systems and IT equipment from anywhere and at any time.  Device servers play a major role in allowing for the remote capabilities and flexibility required for businesses to maximize personnel resources and technology ROI.

Console Servers

Console servers provide the flexibility of both standard and emergency remote access via attachment to the network or to a modem. Remote console management serves as a valuable tool to help maximize system uptime and system operating costs.
Secure console servers provide familiar tools to leverage the console or emergency management port built into most serial devices, including servers, switches, routers, telecom equipment - anything in a rack - even if the network is down. They also supply complete in-band and out-of-band local and remote management for the data center with tools such as telnet and SSH that help manage the performance and availability of critical business information systems.

Console Management Solutions from Lantronix

Lantronix provides complete in-band and out-of-band local and remote management solutions for the data center. Lantronix secure console management products give IT managers unsurpassed ability to securely and remotely manage serial devices, including servers, switches, routers, telecom equipment - anything in a rack - even if the network is down.

Conclusion

The ability to manage virtually any electronic device over a network or the Internet is changing the way the world works and does business. With the ability to remotely manage, monitor, diagnose and control equipment, a new level of functionality is added to networking — providing business with increased intelligence and efficiency.  Lantronix leads the way in developing new network intelligence and has been a tireless pioneer in machine-to-machine (M2M) communication technology.
We hope this introduction to networking has been helpful and informative. This tutorial was meant to be an overview and not a comprehensive guide that explains everything there is to know about planning, installing, administering and troubleshooting a network. There are many Internet websites, books and magazines available that explain all aspects of computer networks, from LANs to WANs, network hardware to running cable. To learn about these subjects in greater detail, check your local bookstore, software retailer or newsstand for more information.

Readmore...