InfraReach: implementation scenarios
From the single user to the largest corporate network, Infrareach is a perfect a solution

 

InfraReach can be used to do maintenance of lots of different device types.Historically the management of PBX’s and Routers has been the most successful application area.

The players

Every InfraReach management scenario includes at least the following three components:

The Infranode: a sophisticated hardware controller
The controller, called InfraNode, is the remote unit connected to the managed device via one of its local connection paths normally a serial port or a network interface. On the remote connection side the InfraNode  is linked to the InfraReachServer and to the user’s world via a LAN connection ( at times connected to the Internet) or/and an analog modem or a GSM/GPRS connection that can link back to an alternative access to the internet too ( out of band access). The InfraNode monitors the status of the managed device, controls its power and is the secure connectivity gateway to the InfraReachServer and to the user's world. Being able to connect to the InfraClientServer (see below) using one or more methods, LAN, Internet via LAN/Gateway, Internet via analog modem trough local ISP, GSM/GPRS gateways, it guarantees that the managed device is always reachable, disregarding of what happens to the IN-BAND default connection. In addition, the InfraNode acts as a hardware key-holder for the encrypted communication protocols it establishes with the InfraServer and then with the technician. By encrypting all communication to the InfraReachServer and to the user PC the InfraNode it’s also acting as a security device.

An InfraReachServer
The core of the InfraReach system is the InfraReachServer. Its functions are numerous and its structure complex. Structurally is can be divided into a SQL Database Server, a Security Server, a WEB server, and a Processing Server. All of these servers can co-exist on the same physical hardware in the case of a small installation or the different modules can be installed on different and optionally multiple processing machine for each functions. Functionally the InfraReachServer manages the registration of the InfraNodes and the interface paths of the connected devices and the applications that are run on each such devices. The InfraReachServer manages the profiles of all the users that can access the system including the security policies and the access permissions related to them and to the managed devices. It manages the connectivity between devices and users, the collection of alarm information, it stores the recorded management sessions, It manages the security, the key information, the session key generation, the encrypted information storage etc. From a user's operational point of view it it displays a simple WEB interface that allows very simple operations of all of its functions. The InfraReachServer offers a comprehensive, web-based interface for all management functionalities including administrative tasks, device monitoring, access and control of remote devices, statistical functions etc.

A client
For most management tasks, the user only needs a web browser (Internet Explorer browser 5.0+, Mozilla 1.5, Firefox 1.0 supported) to connect to the InfraReachServer. Via an easy to use WEB interface, he can view and monitor all of his devices and, if holding the proper credentials, administer his managed network, create and edit users and groups, change global settings and more. For access and connectivity tasks, the InfraClient software running on the technician PC must be install to manage the user's 1024Bit RSA authentication with the InfraReachServer and then create a secure path between the technician and the remote device. Authentication and symmetric session key exchange is handled by an RSA 1024 BITs key stored on a mobile device in a pass phrase encrypted format that must be present on the user PC for the InfraClient to be able to operate. The technician RSA key is InfraReachServer generated and all permission of the user are associated with it.

Example scenario: ALL-INTERNET MANAGEMENT


 

 

In this scenario, all management takes place via the Internet.

This is a typical scenario in most ASP applications where the ASP makes available the InfraReachServer on a public address on the internet and allows credentialed users to register their nodes in their sub-network, manage them and so on. In such a scenario both the InfraReachServer and the InfraNodes must be accessible from the internet that is used as a transport media.

In the picture shown there is an InfraReachServer connected to the Internet with a public address and there are three InfraNodes installed for delivering services: the first is connected to a PBX via a serial connection and connects to the Internet via a local ISP dialup connection. The InfraNode connected to the PBX collects traffic and alarm data and send it to the InfraReachServer and it makes the serial port of the PBX remotely accessible for maintenance use.

The second InfraNode is connected to a router and its connection to the Internet is realized using a GSM/GPRS connection (optional GSM/GPRS module is available). From the user's point of view, this functionalities are identical to the InfraNode connected to the PBX, the same connectivity and monitoring functionalities are available.

The third InfraNode has an optional Multi Power Switch connected with five power plug, so that five devices can be powered up and down by the InfraNode upon user's request.

Two users connect to the InfraNode, the first via a local ISP, the other via a ADSL network gateway.

Pointing their browser to the InfraServer's address, normally mapped to an address in the format of www.infrareach.com after logging in, they access the management interface and see all the devices and application they have been granted access permission for.

From the interface, for example, a user can monitor the state and alarms of the PBX and the router, see alarm details, handle and close them. Or he can connect to the router or PBX's serial ports in a matter of one click: the InfraClient running on the user's PC creates a virtual COM port, for example COM4, that is mapped onto the device's physical COM port; at this point the user can start his favorite terminal application or management tool telling it to operate on COM4, the virtual port. All commands are encrypted and sent through the Internet to the target device's serial port via the connected InfraNode.