Open main menu
SUPPORT DOCUMENTATION

Making an indirect connection to Remote Assistance

It is sometimes awkward to connect a Platinum systemA "Platinum system" is any system running the Platinum operating system. This includes stand-alone acquisition systems such as EAMs and NAMs, DAS units such as the Affinity and DM24SxEAM and digital instruments with built-in acquisition systems such as the 3TDE, 40TDE or 5TDE., such as an EAM or 40TDE instrument, to the Internet for remote assistance. For example: in some cases, the only available Internet access is via WiFi so, if the Platinum system does not have a WiFi interface, direct connection becomes impossible. In these cases, a PC or laptop can be used as a gateway, allowing the Platinum system to contact the Güralp remote-assistance server indirectly, via the PC.

If the Platinum system can be given direct access to the public Internet, please use the standard Remote Assistance instructions instead.
Using indirect remote assistance with a Wireless network

Another example where this technique is useful is when a remote Platinum system is connected to a data-centre via a VPNVPN stands for Virtual Private Network which is a technique for passing data across the public Internet as if it were a dedicated, private network link. See Wikipedia's VPN page for more information.; In this case, a PC at the data-centre which has both VPN and Internet access can be used as a remote-assistance gateway.

Using indirect remote assistance in a VPN context

This article describes one way to set up a PC for this purpose. For windows users, we will use the (free) PuTTY terminal emulation software to make a local network connection to the Platinum system while providing a port-forwarding facility which the Platinum system can use to contact the remote-assistance server. Linux users can do the same or use a much simpler command-line technique.

This technique does not open any additional ports to the outside world. The only connections from the PC and the Platinum system are out-going.

Theory

The PC is configured to make an SSH Secure SHell is a command (and associated protocol) which creates an authenticated and encrypted channel between two systems on a network. It can be used to run commands on a remote system, amongst other uses. See Wikipedia's SSH page for more information. connection (shown as a blue arrowed line below) to the Platinum system. This connection is configured with a port-forwarding rule which causes the ssh server on the Platinum system to listen for incoming connections on TCP port 8080. If it receives any such connections, it will transparently forward them, via the PC, to port 80 (or 22) on the remote-assistance server, as shown by the dotted green line.

Port 22 is offered as an alternative to port 80 for use on sites where outgoing connections to port 80 are redirected to a web proxy. The technique outlined in this page will not work via a web proxy.

Next, the remote-assistance service on the Platinum device has to be reconfigured. Instead of connecting directly to the remote-assistance server, we'll set it to connect to port 8080 on its own loopback address A loopback address is any address in the range 127.0.0.1 to 127.255.255.255 but, typically, 127.0.0.1 is used. Such addresses are treated as special by the operating system's network software and connections made to these addresses are connected directly back to the originating system, without ever appearing on the network cable. Instead, an internal, software-based virtual network adapter, the loopback adapter is used. For more information, see Wikipedia's "Localhost" page.. This connection is transparently forwarded (by PuTTY on the PC) to the real remote-assistance server. This connection is provided with a tunnel for more port-forwarding: a listener on the remote-assistance server forwards connections to port 22 (for ssh) on the Platinum device using the same authenticated, encrypted connection. Other listeners forward connections to port 80 (for web access) and port 1567 (for access to GCF data). The connection and the tunnel are shown here in green:

At this point, the Güralp support engineer can connect to any or all of the listening ports on the remote-assistance server and all such connections are tunnelled directly to the Platinum device. Because these connections are made through an SSH tunnel, they are protected by strong authentication and encryption. The connections are shown in blue, purple and brown in the diagram below. The Güralp support engineer may configure additional tunnels so, for example, the Platinum device can access the firmware upgrade server. These tunnels are not shown but each one benefits from strong authentication and encryption.

The Güralp support engineer has no access to any ports on the Customer's laptop. All connections are made through the tunnel directly to the Platinum system.

Detailed instructions

The instructions differ depending on whether you run Windows or Linux on the PC that you intend to use for the gateway machine. Choose one of the following links for instructions relevant to your operating system.