ReadyNAS Remote White Paper. NETGEAR May 2010



Similar documents
ReadyNAS Replicate. Software Reference Manual. 350 East Plumeria Drive San Jose, CA USA. November v1.0

Application Note. Onsight TeamLink And Firewall Detect v6.3

ReadyNAS Remote. User Manual. June East Plumeria Drive San Jose, CA USA

ReadyNAS Remote Troubleshooting Guide NETGEAR

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

ReadyNAS Remote. Add-on Manual. 350 East Plumeria Drive San Jose, CA USA. May

How To Configure L2TP VPN Connection for MAC OS X client

Security Technology: Firewalls and VPNs

Application Note. Onsight Connect Network Requirements v6.3

SSL VPN Technology White Paper

Guideline for setting up a functional VPN

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

VPN. Date: 4/15/2004 By: Heena Patel

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications VIDYO

What is the Barracuda SSL VPN Server Agent?

EXPLORER. TFT Filter CONFIGURATION

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Configuring Global Protect SSL VPN with a user-defined port

Application Note. Onsight Connect Network Requirements V6.1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Security Policy Revision Date: 23 April 2009

Chapter 9 Monitoring System Performance

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Introduction to the Mobile Access Gateway

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Wireless VPN White Paper. WIALAN Technologies, Inc.

Using SonicWALL NetExtender to Access FTP Servers

Polycom. RealPresence Ready Firewall Traversal Tips

Application Note Startup Tool - Getting Started Guide

Parallels Plesk Panel. VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide. Revision 1.0

Stealth OpenVPN and SSH Tunneling Over HTTPS

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Application Note. Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

REMOTE ACCESS VPN NETWORK DIAGRAM

Synology QuickConnect

Solution of Exercise Sheet 5

Ranch Networks for Hosted Data Centers

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

1. Introduction What is Axis Camera Station? What is Viewer for Axis Camera Station? AXIS Camera Station Service Control 5

Client applications are available for PC and Mac computers and ios and Android mobile devices. Internet

MultiSite Manager. Setup Guide

Technical White Paper

MultiSite Manager. Setup Guide

athenahealth Interface Connectivity SSH Implementation Guide

Aspera Connect User Guide

How to Setup an IMAP account in Outlook Express to Connect to Your Arrowmail Mailbox

Applications that Benefit from IPv6

Mediasite EX server deployment guide

IPSecuritas 3.x. Configuration Instructions. Collax Business Server. for

Technical Support Information

Bit Chat: A Peer-to-Peer Instant Messenger

Security. TestOut Modules

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

D-Link Central WiFiManager Configuration Guide

How To Set Up Foglight Nms For A Proof Of Concept

Introweb Remote Backup Client for Mac OS X User Manual. Version 3.20

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Using a VPN with Niagara Systems. v0.3 6, July 2013

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

REMOTE ASSISTANCE SOLUTIONS Private Server

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

LifeSize Transit Deployment Guide June 2011

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

7.1. Remote Access Connection

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Zero Configuration VPN Clients for Mobile Users

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

Preparing for GO!Enterprise MDM On-Demand Service

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Barracuda Link Balancer Administrator s Guide

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

SSL SSL VPN

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

1. Installation Overview

Network Configuration Settings

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

Connecting an Android to a FortiGate with SSL VPN

CTS2134 Introduction to Networking. Module Network Security

msuite5 & mdesign Installation Prerequisites

21.4 Network Address Translation (NAT) NAT concept

Chapter 7. Firewalls

How To - Implement Clientless Single Sign On Authentication with Active Directory

Chapter 4 Firewall Protection and Content Filtering

About Firewall Protection

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Repeater. BrowserStack Local. browserstack.com 1. BrowserStack Local makes a REST call using the user s access key to browserstack.

IP Ports and Protocols used by H.323 Devices

GregSowell.com. Mikrotik Basics

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

ShadowControl ShadowStream

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

GPRS / 3G Services: VPN solutions supported

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

Load Balancing Clearswift Secure Web Gateway

Transcription:

ReadyNAS Remote White Paper NETGEAR May 2010

Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5

Overview ReadyNAS Remote is a software application that allows you to create an on-demand virtual private connection between your PC or Mac and your ReadyNAS. This connection is established without the need for any complicated setup as in the case of traditional VPN application; all you need to do is manage a list of users that are allow to connect to your ReadyNAS. Once the connection is formed, it is just like you are on the same LAN as your ReadyNAS and you can connect to your shared folders using Windows Files Explorer or Mac Finder. Architecture The ReadyNAS Remote application runs on your PC or Mac and on your ReadyNAS and forms a direct connection between these two devices. The formation of this connection is facilitated by our ReadyNAS Remote servers. However in 95% of the connections, once the connection is formed our servers are not used of in the connection and there is a direct connection between you and your device. In the few cases when a direct connection cannot be formed, our relay servers are used to create the connection. Regardless of whether you have a direct or relayed connection your data is safe and fully encrypted using our end-toend security model only the endpoints can decode the data. In order to form a connection between your PC or Mac and your ReadyNAS, both devices need to be registered with our ReadyNAS Remote servers. Your ReadyNAS will automatically register itself once the Remote addon has been enabled. Your device uses its unique MAC address as its username but there is no reason to remember this username since invite users from your ReadyNAS. To invite a user to access your ReadyNAS, you can search our global repository of ReadyNAS Remote users and add a user to your allowed list. If you would like to invite someone who is not already registered, you can send out an email invite which contains a link that will prompt the user to register with ReadyNAS Remote and download the client application software on their PC or Mac. Once these devices (PC or Mac and ReadyNAS) are registered, they log into and form an SSL connection with the ReadyNAS Remote servers. The ReadyNAS Remote servers are then used to form a control channel and route control messages devices. The control channel can is used to send message to the server such as a new user has been added to the allowed list, or to the device informing the ReadyNAS that particular uses has gone offline. The control channel can also be used to route end-to-end control messages between the PC or Mac and the ReadyNAS, as in Figure 1. For example, a user on a PC might be requesting to set up connection to a certain ReadyNAS. In this case, a control message will flow from the PC through the ReadyNAS Remote Servers to the ReadyNAS. The ReadyNAS can then choose to accept or decline the incoming connection request and send a response back to the PC over the same control channel, as shown in Figure 1. If the connection is allowed by the ReadyNAS, the connection setup begins. During the connection setup phase, our patented NAT traversal technique is used to setup a direct peer-to-peer connection between the PC or Mac clients and the ReadyNAS so no portforwarding or dynamic DNS is required, as in Figure 1. The connection setup phase requires the use of our ReadyNAS Remote servers, but once the peer-to-peer connection is formed data travels directly 1 between your PC or Mac and your ReadyNAS. As part of the 1 In approximately 95% of the connection, no relay server is used.

connection setup, 3-DES keys are exchanged which are only shared between the endpoints so the data the flows between the devices is protected by end-to-end encryption. Figure 1: Connection setup with ReadyNAS Remote. Security ReadyNAS Remote offers users end-to-end security to access their data remotely. Our security model is outlined below: 1. ReadyNAS Remote running on the ReadyNAS securely (SSL) authenticates with and connects to ReadyNAS Remote server. 2. The administrator of the ReadyNAS securely (SSL) logs into the ReadyNAS Remote configuration page locally and adds registered ReadyNAS Remote users to allowed list (access control list). 3. On the Window or Mac clients, registered users securely (SSL) authenticate with and connect to the ReadyNAS Remote sever. 4. Once the user is authenticated the ReadyNAS Remote server will send over SSL to the PC or Mac, a list of ReadyNAS devices to which the authenticated user has been granted access. 5. Using the control channel setup with the ReadyNAS Remote server, the PC or Mac client sends a connection setup request to the ReadyNAS. If the requesting user is in the locally managed access control list located on the ReadyNAS, the connection setup is allowed to proceed. 6. During the connection setup, the PC or Mac clients then exchange 3-DES keys with the ReadyNAS so that the keys are only know by the two endpoints. 7. Once the connection is formed, all data is encrypted and transported directly between the two endpoints and only the endpoint can decrypt the data. 8. To access files that are password protected and not public, the user will be prompted for local Linux user credentials to access the folder - the same as if you were on the LAN. There is no way that anyone that is not in the locally managed access control list or who has not been authenticated with the ReadyNAS Remote server can access your ReadyNAS. Even though ReadyNAS Remote could be used as a VPN connection to your ReadyNAS, as only layer of protection we have only allowed it to transport CIFS/SMB and AFP traffic

between your PC or Mac and your ReadyNAS; all other ports on the virtual network are blocked. Remote Firewall ReadyNAS Remote has a firewall built-in that protects both the ReadyNAS and the remote user from access to unauthorized services after the peer-to-peer connection is formed. The ReadyNAS typically is running many other services apart from Folder Sharing. These include services such as media streaming, ftp and http services. The remote user is allowed access only to Folder Sharing and should not be able to access other services. The firewall prevents the remote user from accessing the other services. The firewall blocks any incoming packets to ports other than the Folder Sharing ports. Hence if remote users try to access ports other than Folder Sharing ports they will be blocked. The firewall is also running on the ReadyNAS Remote application on the PC or MAC side and prevents packets on the PC destined for other services on the ReadyNAS to be dropped at the source itself. Performance As is the case with any VPN application, ReadyNAS Remote introduces marginal bandwidth overhead in order to tunnel from the private network interface. The overhead is an additional TCP or UDP header and the relative overhead depends on the size of the packet that is transmitted. On average, the overhead introduced by ReadyNAS Remote is approximately 5%. Since ReadyNAS Remote is a user space application (as opposed to a kernel application) it does consume some CPU resource. All traffic that flows over the virtual network is encrypted and firewalled (packet inspected) to only allow CIFS/SMB and AFP traffic. The amount of CPU resources used will depend on the data transfer rate. For example, if you are using ReadyNAS Remote and transferring data over 100 Mbps LAN you may see some measurable CPU usage. The CPU usage maybe reduced by not encrypting the traffic flow. We do not suggest you disable encryption, but if you are comfortable with you networking environment and need to boost performance it is an option. To disable encryption, go to Properties in the Mac or Windows client, you have the option to disable Encryption which may improve performance as in Figure 2. Figure 2: Connection settings dialog.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information