Home About us InfraReach InfraConnect Products Technology Contact us
PRODUCTS » InfraReach Central Server Functional Packages » RouterControl
RouterControl
InfraReach's answer to demands for routers' secure remote access and Out-of-band reboot control.

Overview

Using RouterControl, Cisco Routers can be remotely configured through a secure pipe between the user's PC and the remote router's LAN port or the serial console port. All application can be run remotely even the ones meant to run only on the local console serial port. There's no operational difference between accessing a remote Router using RouterControl or traveling to the router's location since all functionalities are available just the same.

In a typical scenario, a router is connected to an InfraNode hardware controller through its serial console port.The InfraNode is able to connect an InfraReachServer using multiple paths, both IN-BAND and OUT-OF-BAND, depending on its configuration: normally, the InfraNode will work IN-BAND, reaching the InfraReachServer via the corporate LAN or the Internet.Optionally an InfraGate can be deployed in parallel with the company firewall to serve as a high encryption dedicated gateway operating only for the InfraReach connectivity, thus avoiding any re-configuration of the company's secutity setup.

In addition to the normal network connection, the InfraNode can be configured to use an OUT-OF-BAND PSTN analog modem dial-up connection to an internet service provider (ISP) or a GSM/GPRS connection as an emergency backup of the standard IN-BAND connectivity.

Once connected to the InfraReachServer, the InfraNode authenticates itself using the IP Power Technologies Security Standard that guarantees verification of the identity of the controller and the safe exchange of session keys.

On the operator's side, the technician's PC is running the InfraClient software that, using a 1024-bit RSA key, stored on a scrambled pas-phrase protected file stored on an removable USB memory device, is able to reach the InfraReachServer and authenticate itself just like the InfraNode does.

After both sides have successfully authenticated themself with the InfraReachServer, a secure tunnel is established over a direct IP connection between the InfraClient and the InfraNode, no matter what kind of connectivity is used between them (Local LAN or Internet).

At the same time, a virtual serial port is created inside the user's PC by the InfraClient: this port is mapped, through the secure IP tunnel where all data will transit fully encrypted, to the router's console port and any command sent to the virtual port will automatically reach the remote router. This way, any maintenance tool like Cisco Configurator is able to securely reach and operate the remote router by selecting the virtual serial port as the port the tool will connect to.

Access to the remote router's ethernet port is just as easy: the only difference will be the creation, on the technicians PC, of a virtual network interface instead of a virtual serial port and the remote router will be reachable by the maintenance tool through the encrypted IP tunnel.

Step-by-step to secure remote maintenance

Very few simple steps are required to the technician using  RouterControl to initiate a maintenance session on a remote router:

1. The user navigates with his browser to the address of the InfraReachServer and logs in. The InfraReachServer's web interface shows a list of remote devices the user has rights to access. Overall, the web interface is as easy to use as a usual web site or portal.
2. Near to the name of the remote router he wants to access, the user clicks the "Connect to this Router" link. The virtual serial port is transparently created in the background.
3. No additional operations are usually required to the user: any serial (or network in case of connection to the router's ethernet port) maintenance tool can be used on the virtual port just as if the connection were established locally using a standard cable.

 

The advantages of this approach are multiple: first, the connection to the remote router is completely automated and secure. In addition, all devices are managed centrally making it easier than ever to maintain any large IT/TLC infrastructure. Access mode is fully customizable allowing the user to choose the most appropriate tool for each different router.

 
Key features

Centralized management of single routers as well as complex networks

State of the art security with 1024bit RSA key authentication and strong encryption

Web based interface for maximum usability with minimum training

Compatibility with any third-party remote maintenance tools allows seamless integration with existing infrastructure and management tools


Security highlights

RouterControl relies on IPPower's Secure Connectivity Services to create a strongly encrypted communication channel using existing connectivity services like  the Internet and/or the corporate network.



The InfraClient application running on the user's PC and the remote InfraNode connect together after authenticating with the InfraReachServer. Both parties rely on a 1024bit RSA key that guarantees their identities as well as the safe exchange of session specific keys

A unique key is stored inside the InfraNode's hardware whereas the user's key can reside on a scrambled pass-phrase protected file stored on a re-movable USB memory device.

Two-level security
The InfraReachServer monitoring and administration functionalities only require a valid login to be supplied, whereas any connectivity task, always performed by the InfraClient, always require the authentication via a user-specific RSA key. This ensures an even higher security level on any task that directly involves manipulation of a remote device.

Supported Routers

While RouterControl allows raw access to any router through its network connection or console port, the complete range of functionalities is available right out-of-the-box only for Cisco routers. Nevertheless, thanks to the InfraNode's support for Web Buildable Scripts, any device-specific functionality can be easily implemented by a skilled technician via a simple, C-standard script. This guarantees the openness of the InfraReach platform and its usability with any present and/or future hardware.

Additional RouterControl functionalities

Power control

In addition to the secure IP tunneling and virtual resource creation, InfraReach's exclusive power control functionality allows the user to perform a remote router's power-down/power-up cycle. This way, a completely frozen router can be rebooted without any need of local access or a router that has become unaccessible after a loss of configuration can be cut off the network immediately.

Backup and restore

RouterControl is able to perform automatic backup of the router's configuration and can reload the configuration even in case of total system failure through a controlled boot procedure: the router is powered down and then up by the connected InfraNode that, immediately afterwards sends a signal to the router's console re-enabling the user to upload a previously backed-up configuration. This way the router is restored to its normal conditions within minutes and without any need of local access.

Monitoring and alarming

RouterControl also supports a complete range of alarming functionalities triggering selected events as they happen. Any fault is immediately tracked by the InfraNode connected to the router and all collected data is sent to the InfraReachServer where all details about the state of health of the device are available.

This functionality is key to prevent critical or even dangerous situations by making technicians aware of the incoming problem on time thanks to the alarm notification via email or even SMS: a fine-grained configuration of the alarm reaction is available on a customizable alarm severity basis.

Connecting to the InfraReachServer with his Internet browser, the user has immediate visibility on the state of health of the monitored routers. In addition, a complete history of the alarms is available along with a detailed view of each alarm. The technician can also handle each single alarm or groups of alarms and store and track all the intervention made to solve the fault. This means auditing and controlling easily and reliably.

Other functionalities

RouterControl also supports a number of other functionalities, including:

  • Autologin, to centralize the storage of the remote device's passwords on the InfraReachServer that instructs the Infranode to perform the necessary login operation on th PBX before it makes the channel available to the user
  • Session recording, to track all commands and responses of every maintenance session and make prove of what has been done when and by whom.
  • Forbidden commands, to restrict access to critical operations on a per-group or even per-user basis.
  • Scripting support, to allow skilled technician to create new functionalities in the InfraNode and in the central servers. Such scripts WBS (Web Buildable Scripts) are written directly into the web interface of the InfraREachServer
  • Performance reporting, with tabular and chart views to see and follow the overall performance of a Router network and its maintenance
  • Service Level Agreement management with complete reporting and automatic compliance and discounts calculation.

For a detailed explanation of all these functionalities please take a look at the InfraReach Functionalities page.