Discovery Tunnels

Introduction

Many remote telemetered sites need secure network access. It is often difficult to provide this when the site modem does not have a fixed I.P. address on the public Internet. The traditional solution has been a combination of NATNAT stands for Network Address Translation, which is a mechanism for allowing access from the public Internet to a number of devices on a private network without exposing their individual addresses. and Dynamic DNSThe Domain Name System is a world-wide directory that allows the identification of a networked computer using words instead of numbers. Dynamic DNS is a mechanism which maintains a fixed DNS name in situations where the I.P address can vary. See Wikipedia's article on Dynamic DNS for more information. but this can be awkward to configure. A Minimus, for example, needs seven separate port-forwarding rules to be configured - and some of these may clash with ports being used by the modem.

The Güralp Minimus, Fortimus, and Certimus systems provide a feature which solves this problem. With very little configuration, it creates a network tunnel from your site to your data-centre, providing fixed, static I.P. address/port tuples for all of your remote systems. This feature is called Discovery Tunnels.

In the discussion below, the word Minimus stands for any of Minimus, Fortimus or Certimus, including Radian systems.

How it works

Illustration of the Discovery Tunnel mechanism

The system relies on a Registry Server, a computer which is accessible from both the remote site and data-centre. Güralp provide a public Registry Server, which is free to use, or customers can install their own. We recommend installing your own registry server if you will be using the tunnelling feature. Once the Minimus is configured with the address of the Registry Server, it starts sending regular messages containing its current status and contact information.

At the data-centre, a user runs a copy of the Güralp Discovery software. This software contacts the registry and downloads a list of registered remote systems. The software creates a tunnel between Discovery and the Minimus. This allows the user to contact the remote Minimus site using a loopback I.P. address on the PC running Discovery. Although most people only use the address 127.0.0.1 for loopback, the I.P. standard actually allows over sixteen million such addresses per computer, allowing Discovery to provide such addresses for every one of your remote sites.

Configuration

Configuring the Minimus

This one-time configuration is required for every Minimus which is to to be accessed via tunnelling.

Open the web interface of the Minimus, log in as admin and navigate to the Network tab. Scroll down to the section headed Registry.
Specify the Registry Server.
- If you are using your own Registry Server, enter its public I.P. address in the first Registry address field.
- If you wish to use the Güralp public Registry Server, enter 52.34.40.123 into the first Registry address field and enter your organisation's name in the Group ID field. This separates your systems from those of other users.
In the Discovery Tunnel section, ensure that the Tunnel Auto Connect check-box is ticked.
Reboot the Minimus to save and activate the configuration.

Configuring the Registry

These instructions apply if you are running your own Registry Server. If you wish to use the Güralp public Registry server, you can skip to Configuring Discovery.

Stop the registry server and restart it with the -t argument. Check that the console output contains the line

[TUNNEL] Initialising Tunnel Relay Server

If this line does not appear, update the Registry software. Early versions did not support this feature.

Configuring Discovery

The following one-time configuration is required for each copy of Discovery that needs to access the remote sites.

Select Cloud server configuration from the front screen of Discovery.
- If you are using the Güralp public Registry Server, enter your organisation's name in the Cloud registry group identifier field. This separates your systems from those of other users (and must match the name you entered when configuring the Minimus).
- Enter the I.P. address of the Registry server in the Cloud end point address field. This must be the same I.P. address that you entered when configuring the Minimus.
- Click to save this setting.
On the front screen of Discovery, Click to put Discovery into Registry mode.
Select Show from the Window menu and tick the Tunnel Available check-box.

A new column will appear in the main window containing the word Available for all remote devices that have been configured for tunnelling.

Use

When accessing a Minimus without using a tunnel, you can choose whether to access it via its LANLAN stands for Local Area Network, which is typically a network within a single organisation, building or office. Two devices on the same LAN can communicate without using routers. Devices on the same LAN have I.P. addresses that share the same prefix, such as 192.168.0.1 and 192.168.0.2. or WANWAN stands for Wide Area Network, which normally refers to the public Internet, although it can refer to a network used by a large organisation that spans multiple sites. Communication over a WAN requires the use of routers. address by right-clicking in the appropriate column. To access a Minimus via a tunnel, right-click on the entry in any column except WAN Address or LAN Address.

When you right-click, the title of the context menu will display an address beginning 127. This is confirmation that the tunnel has been created and is available.

The right-click context menu now has a new item, Tunnel Status. Selecting this displays a screen showing the I.P. address and port for each of the TCP protocols used by the Minimus. This could be used, for example, to configure Scream to pull GCF data from the Minimus. Note that UDP is not supported.

For more information, please contact .