Professional Documents
Culture Documents
IXON Training
■ Introduction
■ Remote Access fundamentals
■ Configuration options for the edge
devices
Agenda
■ How to organise your fleet?
■ Default permissions and access
rights set-up
■ How to convince your customer
■ Security recommendations
■ Troubleshooting
Introduction
Introduction
■ Trainers
■ Participants
4 configuration options
1. Via USB-file
2. Via The IXrouter’s Local Web Interface
a. Some unique features
3. Using the Router API (advanced)
Only available after the initial configuration:
4. Changing settings in the IXON Cloud Fleet Manager
Networking basics
IP-addresses: unique address
Subnet: determines network part and host part
Port: “communication door” in a host
Protocol: “language” to speak (HTML for web browser)
DNS: human readable name to IP-address
DHCP: automatic IP-addresses in a network
VPN: tunnel over internet from one IP-address to another
IP-address
Firewall: Guarded gateway of a company network
General router settings
Automatic initial configuration
Basic router settings
■ Network settings
○ WiFi Hotspot
○ Failover
■ Reboot
■ Recovery mode
Additional functionalities:
■ Services
○ LAN Access Management
■ Data sources
The Local Web Interface
Settings in the Local Web Interface
■ Current network configuration
○ Actual status
○ Signal strength
■ Change network configuration
○ Additional settings
■ Diagnostic tools
○ Network utilities
Step 3: Connect to your machine
■ VPN Is configured automatically
■ VNC / HTTP services can be added for
quick access
Exercise remote access
Create a HTTP connection to your HMI
■ IP address: 192.168.140.10
■ Port: 8080
■ Default landing page: /webvisu.htm
■ Access category HTTP
Hint:
1. in which app can you configure the router?
2. search for “HTTP service” on
support.ixon.cloud
Configuration options
for the edge devices
Fleet Manager
How to organise your
fleet?
Naming & Custom fields
Groups
Cloud
■ Safer by default
■ Easy deployment
■ Worry-free
■ Scalable
■ Lower latency
■ Easier access
On-premise Cloud
Vulnerability Firewall
Monitoring Log analysis Clean-up
auditing configuration
Communication to the customer
■ Intake form
■ Security Commitment Declaration (link)
■ Security White Paper (link)
■ ISO certifications:
○ ISO 9001
○ ISO 27001
○ ISO 27017
○ ISO 27701
○ IEC 62443 (-4-1 and -4-2)
Security
recommendations
A word from our Security Officer
■ Passwords should
○ At least 12 characters, preferably 16+
○ Unique
○ Enable 2FA (enforce it)
■ Accounts should not be shared
■ Sanitize your access tokens regularly
■ Review the audit trail regularly
A word from our Security Officer
■ IXrouters
○ Restrict physical access to the router
○ Do not change the default firewall settings if not necessary
○ Update router firmware whenever possible (especially for security improvements)
○ Change the IXrouter web UI password to something strong and unique
A word from our Security Officer
■ IXagents are valid to connect to the IXON Cloud, but they lack a firewall
and this has security consequences
A word from our Security Officer
■ Subscribe to status.ixon.cloud
■ Keep an eye out for our security advisories
Troubleshooting
Explaining terms
■ Configuration connection
■ VPN connection
■ What is LAN/WAN
■ TCP and UDP
■ Broadcast address
■ TAP-Adapter
Unable to connect your IXrouter to the platform
● Causes:
○ Firewall issues:
■ Outgoing port 443 not open;
■ MQTT is working, but is VPN blocked (stealth mode).
○ Configuration issues
■ Configuration file not correct: IXrouter.conf
■ Configuration not correct (LAN/WAN conflict);
■ Using Wi-Fi or cellular: signal strength or signal settings.
● Tools:
○ IXrouter LEDs
○ IXrouter’s local web interface
○ Connection details (e.g. firewall)
Unable to connect your IXrouter to the platform
Unable to establish a VPN connection
Troubleshoot VNC/HTTP
Unable to connect to the PLC