Remote Access Questions
ondrovic
Posts: 217
Our company would like the ability to remotely access our clients systems from our office.
Here is what we are wanting to be able to do:
1.) Connect from our office to a clients system
a.) to be able to perform firmware updates
b.) make panel changes
c.) make programming changes if needed
Is this possible?
Has anyone successfully done this?
What is needed to do this?
Any suggestions or ideas would be great.
Thanks
Chris Ondrovic
H & H Lifestyles
Here is what we are wanting to be able to do:
1.) Connect from our office to a clients system
a.) to be able to perform firmware updates
b.) make panel changes
c.) make programming changes if needed
Is this possible?
Has anyone successfully done this?
What is needed to do this?
Any suggestions or ideas would be great.
Thanks
Chris Ondrovic
H & H Lifestyles
0
Comments
for upgrading software and other Netlinx Studio activities, you need to open port 1319 on the client side.
If you want to use G3 webcontrol, you need to open up port 10500, and for G4 webcontrol it is port 5900 if i'm correct.
You could open ports 21 and 23 for ftp and telnet access.
For firmware updates, i think port 1319 is good, but i'm not sure. I'm not a big fan of remote firmware updates...
If you do this, the customer's master will find your office master even though port 1319 is not forwarded at the customer's site. Just so long as the customer's system does not block port 1319. The two masters will establish a master-to-master relationship. Anything you can do via master-to-master you will be able to do with the remote system. You will be able to load (or receive) code to the customer's master, you will be able to load IR files to the ports on your customer's master, you will be able to upload and download touchpanel files. I think you will be able to upgrade firmware too, but I have not tried this and before I tried with a customer's installation, I would try it with a test system.
You can't access the remote system as system 0, so, as far as I know, you can't run debug on the customer's system or access device notifications and the like. You can change the route table, change the time, change device addressing, change the network addressing
When I first learned of this capability, I was a little surprised because I didn't understand how a Netlinx master could communicate with another Netlinx master that was behind a firewall if the master behind the firewall did not have port 1319 forwarded to it. But, when you think about it, it's not really so different from the way client browsers and web servers communicate using port 80. The browser behind the firewall connects to the server and communication both ways is established with the webserver having all sorts of abilities with respect to the client browser even though the client is behind a firewall and port 80 is not forwarded.
Now, you can protect the office master from certain types of direct access from the net. But, if you put the master on the net with port 1319 forwarded to it, I don't believe that there is any way to protect that master from being linked up to any other netlinx master via master-to-master communications. Route_mode should probably be set to direct to protect any other master that has master-to-master with the office master from being manipulated from a master other than the office master.
You will also need to establish a dynamic dns service. There's modules that can be run on the client master to do this but I prefer to maintain these for clients through a regular paid service provider such DYNDNS.org. I think for $10 US a year you get a block of 20 dynamic hosts which you'll need to set up in the router so I guess that's two things you need to do in there. If you want you can charge the customer an yearly fee for adminstering this service but for $10 a year for 20 customers your talking two cup of Starbucks coffee.