Home About us InfraReach InfraConnect Products Technology Contact us
TECHNOLOGY » Secure communication
Secure Communication
The IP Power Technologies secure communication technology is an essential component of both the InfraReach and InfraConnect platforms. It provides, for instance, InfraReach clients and servers with the authentication and key management services needed for secure access and encrypted data exchange on the managed network.

How it works

Imagine two devices connected to the management network via InfraNodes: they can be two serial ports on two PCs, or one serial device and a proprietary maintenance application on a PC, or maybe a protected application you want to be accessible only by one operator on one selected workstation.

Each time these two devices need to talk to each other they need first to authenticate themselves with the central InfraReachServer. The InfraReachServer, holding its private key and the InfraNodes' public keys, is the only authority that can guarantee the identity of the devices.

The InfraReachServer authenticates the devices and provides them with session encryption keys pairs to open a secure IP link. The two devices can then communicate with each other in a secure, dynamically-encrypted channel that makes the transmitted data unusable to any potential intruder.

Several devices can be connected simultaneously to the management network using a single InfraNode using its multi-connection capability. One single InfraNode can manage the connectivity of up to 5 RS232 serial ports, and up to 100 possible TCP/IP connections. Up to 10 connections can be concurrently active via the LAN or Modem PPP interface.

Physical serial to virtual serial

This technology is meant for users who need to employ standard management software to access devices via a serial connection: This means that the operator in normal circumstances needs to either connect a computer to the device using a serial cable or interconnect the computer and the device using two modems via a telephone call. The first solution requires the operator to go to the site, the second one means a high operational cost generated by high telephone costs, especially when the network infrastructure is geographically widespread and long distance calls are needed. Moreover simple modem access can be very insecure and on long distance call can be as well very unreliable.

For this kind of users, the InfraReach alternative with its virtual serial com mapping technology comes as a very powerful solution.

The InfraReach platform offers a solution that avoids both the need of a local access and the long distance telephone call costs: by connecting the device's serial port to an InfraNode, the serial port becomes available throughout the management network, regardless of the device's location.

Virtual serial ports are created dynamically on the operator's PC which transparently act as the remote serial ports of the managed device. Any management software normally used to manage the remote device when connected locally by simply opening the virtual port on the management PC can operate normally as if the local connection was in place. The commands and responses between management software and device are tunneled through the secure InfraReach IP link to the InfraNode connected to port of the managed device.

All this hardware and software is fully transparent to the management software which works exactly as if the managed device was directly connected to one of the local PC serial ports.

In fact there are two ways to access the serial port of the remote device.

  • Telnet access: The user can automatically start a telnet session over the network (LAN, WAN or Internet) and send commands directly from the telnet prompt to the remote device's serial port.
  • Virtual serial mapping: Clicking on the port icon on the InfraReach server web interface, the user automatically creates a virtual serial port on his maintenance PC that is actually a local mapping of the remote device's serial port. This way, operating on the remote device's port becomes easier than ever: using his usual proprietary maintenance application, commands and responses on the virtual port are forwarded to/from the remote device port transparently. Clearly the availability of Session recording and Transparent login on the remore device serial port transparently accomplished by the Infranode and InfraReachServer combined action are just two key extra features of the many offered by the InfraReach platform

Secure IP to IP

The InfraReach security concept ensures
- that only authorized users and authenticated InfraNodes can communicate with each other
- all transmissions between the InfraReachServer, InfraNodes and user's PC are stream encrypted

The authentication relies on a 1024bits strong RSA technology with private keys stored in the InfraNode hardware, key-dongles on the InfraReachServer and Pass-Phase encrypted file on the technician's PC.. IP Power Technologies's strong authentication mechanism grants access only to managed network hosts from trusted clients on the same InfraReach network.

Communication is then tunneled through a secure IP Power Technologies IP link. The high-security IP Power Technologies tunneling communication protocol encrypts all transmitted information using session specific keys leaving the data effectively transmitted utterly useless to potential intruders.

An InfraNode does not necessarily require a direct network link to the InfraReachServer or to the technician's PC accessing through the Infranode the device connected to it. An InfraGate, installed at the boundary of a restricted intranet, provides firewalling, dynamic NATing and back-up communication paths to the external maintenance users.