Kodak Remote Support System - RSS VPN



Similar documents
White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Configuring DHCP for ShoreTel IP Phones

Howto: How to configure static port mapping in the corporate router/firewall for Panda GateDefender Integra VPN networks

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Request support: ecentral.graphics.kodak.com

Voice Internet Phone Gateway

CaliberRM / LDAP Integration. CaliberRM

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions

Application Note. Onsight Connect Network Requirements v6.3

SafeEnterprise SSL igate Managing Central Access to Resources with VPX Technology

White Paper. BD Assurity Linc Software Security. Overview

Request support: ecentral.graphics.kodak.com

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

REMOTE ASSISTANCE SOLUTIONS Private Server

Galileo International. Firewall & Proxy Specifications

VMware vcloud Air Networking Guide

nexvortex Setup Guide

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Norman Protection

OpenScape Business V2

LifeSize Transit Deployment Guide June 2011

White Paper. SSL vs. IPSec. Streamlining Site-to-Site VPN Deployments

CISCO CONTENT SWITCHING MODULE SOFTWARE VERSION 4.1(1) FOR THE CISCO CATALYST 6500 SERIES SWITCH AND CISCO 7600 SERIES ROUTER

AT-S39 Version 1.3 Management Software for the AT-8024 and AT-8024GB Fast Ethernet Switches. Software Release Notes

Request support: ecentral.graphics.kodak.com

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

IP Ports and Protocols used by H.323 Devices

SSL SSL VPN

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Global Knowledge MEA Remote Labs. Remote Lab Access Procedure

OpenText Secure MFT Network and Firewall Requirements

Unified Communications in RealPresence Access Director System Environments

Medical Device Security Health Group Digital Output

Application Note. SIP Domain Management

LogMeIn Hamachi. Getting Started Guide

Controlling Ashly Products From a Remote PC Location

Basic Network Configuration

CQG Trader Technical Specifications. December 1, 2014 Version

CISCO PIX SECURITY APPLIANCE LICENSING

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide Copyright 2015 Peplink

Parallels Plesk Panel. VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide. Revision 1.0

CNE Progress Chart (CNE Certification Requirements and Test Numbers) (updated 18 October 2000)

Polycom. RealPresence Ready Firewall Traversal Tips

Sizing Guideline. Sophos UTM SG Series Appliances. Sophos UTM 9.2 Sizing Guide for SG Series appliances

Using Remote Desktop Software with the LAN-Cell 3

Technical Support Information

Best Practices for Controlling Skype within the Enterprise. Whitepaper

How To Configure Apple ipad for Cyberoam L2TP

Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer

WD Sentinel DX4000. Small Office Storage Server. Administrator s Quick Install Guide

Defender EAP Agent Installation and Configuration Guide

Com.X IP PBX The complete communications solution in a box

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

Source-Connect Network Configuration Last updated May 2009

Remote PC Guide for Standalone PC Implementation

WebEx Remote Access White Paper. The CBORD Group, Inc.

Understanding the Cisco VPN Client

Using a VPN with Niagara Systems. v0.3 6, July 2013

SIP Trunking Configuration with

VOIP NETWORK CONFIGURATION GUIDE RELEASE 6.10

Preparing for GO!Enterprise MDM On-Demand Service

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

vcloud Director User's Guide

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

AN4108 Application note

Fireware Essentials Exam Study Guide

Check Point FW-1/VPN-1 NG/FP3

Quantum View Manage Administration Guide

21.4 Network Address Translation (NAT) NAT concept

MilsVPN VPN Tunnel Port Translation. Table of Contents Introduction VPN Tunnel Settings...2

THINKTEL COMMUNICATIONS DIGIUM G100/G200 PRI OVER IP SIP TRUNKING

PartnerConnect software. Installation guide

Chapter 4 Firewall Protection and Content Filtering

msuite5 & mdesign Installation Prerequisites

Configuring IPsec VPN with a FortiGate and a Cisco ASA

PrintFleet Enterprise Security Overview

eprism Security Suite

Agilent N5970A Interactive Functional Test Software: Installation and Getting Started

Network Configuration Settings

Security Technology: Firewalls and VPNs

Chapter 12 Supporting Network Address Translation (NAT)

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

Kaseya Server Instal ation User Guide June 6, 2008

INTRODUCTION... 2 Windows Windows Mac OS X Ubuntu Advanced routing Windows Mac OS X Ubuntu...

If you have questions or find errors in the guide, please, contact us under the following address:

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Release Notes: PowerChute plus for Windows 95 and Windows 98

Deploying F5 to Replace Microsoft TMG or ISA Server

Transcription:

Kodak Graphic Communications Canada Company 4225 Kincaid Street Burnaby, B.C., Canada V5G 4P5 Tel: +1.604.451.2700 Fax: +1.604.437.9891 Request support: partnerplace.kodak.com http://graphics.kodak.com Release date: 10 September 2013 Kodak Remote Support System - RSS VPN Background The Kodak Remote Support System (RSS) is an infrastructure for connecting to and supporting Kodak customers equipment. RSS provides connectivity management, diagnostic tools, per-site equipment information, automated support tasks, and basic support management features. Kodak has used RSS to provide remote support since 2000. As technologies and Kodak products evolve, the RSS adapts to meet these changing needs. For further information about Kodak RSS, contact a service representative at your regional Response/Support Center at the number listed at the end of this bulletin. Kodak RSS VPN Connectivity RSS VPN is the latest secure broadband connectivity method to be added to Kodak RSS. It is the primary technology used for making remote connections. RSS VPN connectivity is a centrally-managed VPN solution dedicated for Kodak RSS use. RSS VPN is capable of establishing direct peer-to-peer authenticated and encrypted tunnels by automatically bypassing network address translations (NAT) and stateful firewall devices on the route between trusted peers. The result is a low-latency virtual network requiring few or no configuration changes to an existing network infrastructure. Additionally RSS VPN is capable of establishing TCP relayed tunnels when the low-latency network requirements cannot be met. Kodak RSS VPN utilizes a third-party mediation service that is powered by LogMeIn Hamachi. The service is managed by Kodak RSS; only RSS Client peers that Kodak has registered are deemed to be trusted and may communicate via the RSS Connector. The RSS VPN connectivity solution includes three main components: Kodak RSS Client Software, Kodak RSS Connector, and Kodak RSS Server. Page 1 of 5

RSS Client Software is installed on customer servers and workstations. Its purpose is to communicate online status and availability to the RSS Connector, and to establish a secure tunnel with the RSS Server. RSS Connector tracks the RSS Client peers' locations (server and workstations running RSS Client Software) and provides the mediation services required for establishing direct peer-to-peer VPN tunnels between the RSS Client Software and the RSS Server. In rare cases where a direct peer-to-peer tunnel cannot be established, the RSS Connector is used to relay tunnels between the RSS Server and RSS Client Software. RSS Server is the software that service representatives around the world use to establish remote connections to supportable equipment. The RSS Server controls the management of VPN tunnels through a secure connection to the RSS Connector. How these components work together to provide a secure broadband connection When the Kodak RSS Client Software is enabled on a peer, it establishes a connection to the RSS Connector, using the proprietary LogMeIn Hamachi Client Control protocol to authenticate and communicate its online status. Using RSS Server, a service representative must initiate a remote support connection to the RSS Client peer. At this point, the RSS Server communicates to the RSS Connector that the RSS Server and the RSS Client peer are to be joined in a secure trust relationship. Only then does the RSS Server and RSS Client build a secure encrypted (AES 256 bit) and authenticated VPN tunnel. Page 2 of 5

RSS VPN Requirements System requirements: Kodak RSS Client Software is supported on the following operating systems: Microsoft Windows 2000 Professional, Windows 2000 Server, Windows XP Professional, Windows 7 Professional, Windows Server 2003, and Windows Server 2008. The system must have a default gateway configured under the TCP/IP networking properties. Network requirements: The RSS Client peer must be on a network segment that has access to the public Internet. If the network uses a proxy server to access the Internet, RSS VPN traffic must be configured to bypass the proxy. This may require additional firewall rules and/or proxy configuration settings. Firewall requirements: The majority of firewalls do not require configuration changes for RSS VPN to operate. However, firewall configurations that explicitly block certain outbound ports require the services (protocols) that are described next to be permitted through the firewall. For customers with more stringent security environments, explicit firewall rules may be configured to only allow RSS Client peer VPN traffic to and from the worldwide RSS Servers and the RSS Connector (see the following table). Client Control Protocol is responsible for three things: client/server communication, login, and NAT discovery. The protocol consists of three static ports (1 TCP, 3 UDP) and a range of UDP ports (see the following table). The RSS Client peers must have access to the RSS Connector s ports using this protocol. An exception to the above port requirement is the non low-latency TCP relayed configuration which uses a single TCP port (see the following table). Transport Protocol is responsible for securely tunneling traffic between an RSS Client peer and the RSS Server. The transport protocol may be Transport Direct (Client peer to RSS Server), or Transport Relay (Client peer through RSS Connector to RSS Server). Direct tunnels use a static port at the RSS Server and Relay tunnels use a static port at RSS Connector. RSS Client peers must have access to the static UDP ports of the RSS Connector and all worldwide RSS Servers. An exception to the above port description is the non low-latency TCP relayed configuration which uses a single TCP port. Service Purpose Ports Destination * Client Control Protocol Client / Server TCP : 6504 Login UDP : 16504, 26504, 36504 RSS Connector NAT Discovery UDP range : 46504 to 46604 Transport Protocol Encrypted and authenticated Tunnel UDP : 6504 RSS Servers and RSS Connector Client Control and Transport Protocol Optional Non Low-Latency TCP Relayed Configuration below ** Client / Server, Login, Encrypted and authenticated Relayed Tunnel TCP 6504 or TCP 443** RSS Connector * See the following table for IP addresses and domain names. ** The optional non low-latency TCP relayed connection requires only one of these TCP ports to be opened. None of the ports above this row are required if this configuration is selected, however, there will be an increase in latency resulting in loss of speed and performance. For more information about the technologies and security that are used in the above protocols from LogMeIn Hamachi, go to https://secure.logmein.com/products/hamachi/security.aspx. Page 3 of 5

Destinations 74.201.74.32 rss-vpn-con1.kodak.logmeinhamachi.com 74.201.74.34 rss-vpn-con2.kodak.logmeinhamachi.com RSS Connector 155.50.2.20 rss-vpn1.kodak.com (new 2013.09.14) 155.50.2.21 rss-vpn2.kodak.com (new 2013.09.14) 155.50.2.22 rss-vpn3.kodak.com (new 2013.09.14) 204.174.12.158 rss-vpn-na1.kodak.com 204.174.12.142 rss-vpn-na2.kodak.com RSS Server 204.174.12.117 rss-vpn-na3.kodak.com 194.7.172.74 rss-vpn-eu1.kodak.com (expires 2013.09.13) 194.7.172.75 rss-vpn-eu2.kodak.com (expires 2013.09.13) 221.186.82.84 rss-vpn-jp1.kodak.com Protocol examples: The following diagram shows both protocols with an example of a direct and a relay tunnel. Please note that the previous example is used only to show the difference between direct and relay tunnels. During a real support-call scenario, a site would connect with an RSS Server in only one region; the connectivity would not span to two regions as the diagram shows. Page 4 of 5

Download, Install and Register RSS Client Software You can download the RSS Client Software from https://ecentral.kodak.com/rss and install it on Kodak supportable server and workstations systems that meet the requirements in this bulletin. After installing RSS Client Software, contact a service representative to complete the registration process and test RSS VPN. Kodak Response/Support Center phone numbers: Australia: 1 800 222 555 Ireland: 1800.92 4501 Spain: 900 11 39 99 Belgium: 0800 95 999 Italy: 800 90 56 09 Sweden: 020 12 01 999 China: 800 820 0861 Japan: 0120 327 326 Switzerland: 0800 19 99 99 Denmark: 80 40 49 99 Luxemburg: 32.2.352 30 90 The Netherlands: 0800 02 00 999 Finland: 0800 30 399 New Zealand: 0800 273 6111 United Kingdom: 0800 09 63 199 France: 0800 00 11 99 North America: 800 472 2727 Germany: 0800 101 99 99 Norway: 800 628 99 About Kodak Graphic Communications Group (GCG) The leading provider of graphic communications solutions worldwide, Kodak s Graphic Communications Group (GCG) offers image capture systems; professional color, copydot, and high-speed document scanning systems; inkjet printing and proofing systems; workflow and color management software; thermal imaging devices for film, plates, and proofs; highquality proofing media, printing plates, and recording film; on-demand color and black-and-white printing systems; data storage products; and professional services. With corporate headquarters located in Rochester, N.Y., Kodak has the largest global sales force and is committed to a digitally oriented growth strategy. For more information, visit www.graphics.kodak.com. Kodak, 2013. Kodak is a trademark of Kodak. Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information