How do you securely manage devices that are located at customer sites or branch offices? Hopefully the answer doesn't include driving there every time something goes down.
If it does-and you've got enough offices and devices to take advantage of the price and architecture-then Lantronix's ManageLinx "virtual device network" could help you out of a pickle.
ManageLinx establishes machine-to-machine secure remote access to just about any IP-enabled equipment. In many cases, this can be accomplished through firewalls, although in my testing I found this to not be as easy as it might sound. A complete solution includes the DSM (Device Service Manager) and multiple DSCes (Device Service Controllers).
At a high level, each DSC establishes a secure SSH-based tunnel back to the DSM, where a directory service resides that transparently connects DSCes. A technician at one location can quickly and easily gain access to remote equipment over the Internet via the secure DSC-to-DSM-to-DSC tunnel.
ManageLinx is primarily geared to the remote product service market. No one just sells a piece of office or manufacturing equipment anymore; now everything from network copiers to closed circuit video surveillance systems to industrial monitoring and control equipment comes with the option to purchase a proactive service agreement. To distinguish themselves in today's rough economic market, equipment manufacturers need to monitor customer product performance, diagnose failures, trigger corrective workflows and perform service repairs.
Aberdeen Group research shows that RPS (remote product services)-or "smart services"-reduce service calls by 30 percent or more. With an average cost of $209, an organization with just 50 technicians making three calls a day can save $2.3 million a year. Service organizations can not only increase asset uptime and decrease mean time to repair, but also grow service revenues and profitability by offering proactive monitoring and corrective service while decreasing the number of truck rolls.
Yet there are uses for the ManageLinx solution beyond service contracts on office equipment. Large enterprises can use the system to support remote servers and network devices in branch offices. Consultants can evolve to become managed service providers who keep an eye on client systems remotely.
The applications for such a solution encompass remote monitoring and service of medical equipment, security systems, inventory control systems, B2B data sharing, and home automation.
The system comprises-at a minimum-two DSCes and one DSM. The DSM is a 1U proxy connection point, directory service, and Web-based management system. Essentially a Linux server, the DSM is the brains of the operation, configuring and monitoring DSCes, setting up automated device discovery on remote networks, keeping track of how to connect to each DSC, and building secure SSH tunnels over TCP/IP.
The DSC is a smaller box that can be bolted to the wall or under a desk and be powered over a separate power supply or power over Ethernet.
DSCes, once configured, find a way out onto the Internet and start communicating with the DSM. Between them is an OpenSSH v4.3/4.4 tunnel with default configuration of a 2048-bit RSA public key for authentication and a 128-bit AES encryption. It supports other encryption algorithms, such as 3DES, Blowfish and Arcfour. A DSC can be a Device Controller, in which case it is providing remote access to devices, or a Host Controller, where it is an entry point to the remote network. In other words, a technician uses the Host Controller to tunnel to the Device Controller and gain access to devices.
Devices are given VIP (virtual IP) addresses, and access control lists can be built to restrict or permit access to them.