1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Industrial Equipment
  5. SINEMA Remote Connect
  6. Operating instructions manual

Siemens SINEMA Remote Connect Operating Instructions Manual

Sinema rc server
Hide thumbs
Table of Contents

Advertisement

Quick Links

SIMATIC NET
Industrial Remote Communication -
Remote Networks
SINEMA Remote Connect - Server
Operating Instructions
11/2017
C79000-G8976-C383-04
___________________
Preface
___________________
Application and properties
___________________
Requirements for operation
___________________
Installation and
commissioning
___________________
Configuring with Web Based
Management
___________________
Upkeep and maintenance
___________________
Appendix A
___________________
Appendix B
1
2
3
4
5
A
B

Advertisement

Table of Contents
loading

Related Manuals for Siemens SINEMA Remote Connect

Summary of Contents for Siemens SINEMA Remote Connect

  • Page 1 Requirements for operation SIMATIC NET ___________________ Installation and commissioning Industrial Remote Communication - Remote Networks ___________________ Configuring with Web Based Management SINEMA Remote Connect - Server ___________________ Upkeep and maintenance Operating Instructions ___________________ Appendix A ___________________ Appendix B 11/2017 C79000-G8976-C383-04...
  • Page 2 Note the following: WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems.

  • Page 3: Preface

    SINEMA Remote Connect 64 6GK1722-1JH01-0BV0 SINEMA Remote Connect 256 6GK1722-1MH01-0BV0 +256 SINEMA Remote Connect 1024 6GK1722-1QH01-0BV0 +1024 Also available for enabling connection to the SINEMA Remote Connect server: Product name Article number SINEMA Remote Connect Client 6GK1721-1XG01-0AA0 KEY-PLUG SINEMA RC (SCALANCE M-800, 6GK5908-0PB00...

  • Page 4: Operating Instructions, 11/2017, C79000-G8976-C383

    ● CP1543-1 Abbreviations/acronyms and terminology ● SINEMA RC In the remainder of the manual, the "SINEMA Remote Connect" software is abbreviated to "SINEMA RC". ● SCALANCE M-800 This abbreviation applies to the following devices if the content of the description applies equally to these devices in the relevant context: –...
  • Page 5 SINEMA RC Client. ● Getting Started "SINEMA Remote Connect" Based on an example, the configuration of SINEMA Remote Connect is shown. Current manuals and further information You will find the current manuals and further information on remote networks products on the Internet pages of Siemens Industry Online Support: ●...
  • Page 6 Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customers’...

  • Page 7: Table Of Contents

    Network configuration ......................49 4.6.2.1 Interfaces ..........................49 4.6.2.2 DNS............................51 4.6.2.3 Web server settings ........................ 52 4.6.3 Date and time settings ......................52 4.6.4 SMS messages and e-mails ....................53 SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 8 Changing the current password ................... 105 Upkeep and maintenance ........................107 Backing up and restoring the system configuration ............. 107 Appendix A ............................111 OpenVPN connection to an iOS device ................111 SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 9 Using a "virtual machine" ...................... 114 Appendix B ............................115 Enabling the e-mail address ....................115 Monitoring and time response of wake-up SMS messages ..........116 Structure of the csv file ......................116 Index..............................119 SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 10 Table of contents SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 11: Application And Properties

    Application and properties Application Use of the SINEMA Remote Connect server The SINEMA RC Server provides end-to-end connection management of distributed networks via the Internet. This also includes secure remote access to underlying networks for maintenance, control and diagnostics purposes. The communication between SINEMA RC Server and the remote participants is via a VPN tunnel taking into account the stored access rights.

  • Page 12: Overview Of Functions

    Application and properties 1.2 Overview of functions Overview of functions Configuring the SINEMA Remote Connect server The SINEMA RC Server can be configured via a Web Based Management (WBM). Configuration of the SINEMA RC Server In the WBM, you can use the following functions: ●...

  • Page 13: User Concept

    Every role can be assigned various rights that are transferred automatically to all its members (users, participant groups). Each user can have several roles and be a member of several participant groups. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 14 Participant group in SINEMA RC Server, there is a predefined participant group available. Standard participant group Description vpn_user_group The communication between the nodes is not permitted. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 15: Configuration Example

    SINEMA RC Server is established only after successful authentication. Depending on the configured communication relations and the security settings, the SINEMA RC server connects the individual VPN tunnels. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 16 4. Set up the connection to the SINEMA RC Server on the device. 5. Put the new device into operation. You will find instructions on the procedure in the Getting Started for SINEMA Remote Connect. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 17: Requirements For Operation

    Hard disk RAID5, 2 TB(3x 1 TB HDD SAS, Stripping with Parity), in the removable drive bay, hot swap; and 1 TB HDD SAS as hot spare in the removable drive bay SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 18 If devices do not need to communicate with one another, this function should be disabled to ensure optimum device behavior. See also Using a "virtual machine" (Page 114) SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 19: Connectable Nodes

    ✓ ✓ * SCALANCE S-600 VPN to SINEMA RC: In contrast to SCALANCE M-800 , S615 and SC-600 the Configuration is performed with autoenrollment (OpenVPN) via SCT (IPsec) with export/import functions. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 20: License Information

    To run the SINEMA RC Server application, you require a license for the product SINEMA Licenses The license SINEMA Remote Connect is already included in the installation of the SINEMA RC Server. With this license you can configure up to 4 participants. The number of participants can be increased with the following licenses.

  • Page 21: Permitted Characters

    Passwords must be at least 8 characters long and contain special characters, upper and lowercase characters as well as numbers. Hostname Permitted characters The following characters from the ANSI X 3.4-1986 character set are permitted: 0123456789 A...Z a...z SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 22: Performance Data

    Requirements for operation 2.5 Performance data Performance data Maximum number of participant groups Unlimited Maximum number of participants per participant Unlimited group Maximum number of local backup copies Maximum number of log archives SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 23: Installation And Commissioning

    – Check regularly for security updates for the product. You will find information on this at (https://support.industry.siemens.com/cs/ww/en/ps/21713/dl): – Inform yourself regularly about security recommendations by published by Siemens ProductCERT (http://www.siemens.com/cert/en/cert-security-advisories.htm). ● The SINEMA RC Server includes an automatic logging function. Check this information regularly for unauthorized access.
  • Page 24 The port is always open and cannot be closed. To use it, authentication is necessary. – Open (when configured), authentication necessary The port is open if it has been configured. To use it, authentication is necessary. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 25 Port number Port status Outgoing when configured Outgoing when configured E-mail client 25 or other Outgoing HTTPS - CRL according to URL Outgoing retrieval HTTPS - license Activating the product activation SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 26: Installing Sinema Rc Server

    DVD. The update must be performed in the correct order: V1.0 > V1.1 > V1.2 > V1.3 Requirement ● In the startup order, the CD/DVD is set as the first boot medium. ● The hardware requirements are met. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 27 1. Insert the data medium in the drive. Installation starts automatically. 2. Switch on the PC or restart the server. Installation starts automatically. 3. In the following dialog, select the entry "Install/Update SINEMA Remote Connect Server". Press <Return> to confirm the selection.
  • Page 28 3. Perform a restart from the "Energy Management (Page 59)" WBM page. Installation starts automatically. 4. Select the "Install/Update SINEMA Remote Connect Server" entry in the following dialog. Confirm the selection with the Enter key. SINEMA Remote Connect - Server...
  • Page 29 Installation and commissioning 3.2 Installing SINEMA RC Server 5. Select the "Update - Update an existing SINEMA Remote Connect" entry in the following dialog. The SINEMA RC Server was updated to version 1.3. After this update installation, two boot partitions are available. One partition also contains your operational V1.2 server version.
  • Page 30 If it is not possible to deactivate the license in the WBM (for example, there is no connection to the license server), you need to contact our hotline. All further steps for a renewed activation of the license will then be coordinated with the hotline. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 31 3.2 Installing SINEMA RC Server 9. Perform a restart from the "Energy Management (Page 59)" WBM page. 10.Select "SINEMA RC (1.3.0)" in the Boot menu and confirm by pressing the Enter key. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 32 PC if it becomes necessary to undo the update. No more devices or users can be created in V1.2. When you restart the server, the last partition that was started is always used. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 33: Initial Commissioning Of End Devices Using The Wbm

    1. At the device end: e.g. creation of firewall rules, NAT You will find precise step-by-step instructions in the Getting Started for SINEMA Remote Connect and in the Getting Started of the relevant device. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 34 Installation and commissioning 3.3 Initial commissioning of end devices using the WBM SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 35: Configuring With Web Based Management

    Note You set the port for access to the Web server in the "System > Network configuration > Web server settings" tab. Result The start page of the WBM opens. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 36: Starting The Wbm

    5. Once you have logged on successfully, the start page appears. Possibly a user agreement will be displayed, see section "User agreement (Page 86)". If you click the "Accept" button, the start page appears. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 37: Logon With The Smartcard / User Certificates

    Depending on the PKI, the function of root certificates can be, for example, to sign certificates of lower-level certification authorities, so called intermediate certificates. This transfer the trust from the root certificate to the intermediate certificate. An intermediate SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 38 (Page 96)". ● A smart card with a valid PKI certificate derived from one of the PKI CA certificates imported into SINEMA RC. ● PKI DN filter rules have been created. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 39 If the file is password protected, enter the password. 3. Click the "Log on" button. Possibly a user agreement will be displayed, see section "User agreement (Page 86)". If you click the "Accept" button, the start page appears. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 40 The attributes of the names (Distinguished Name acc. to the X.509 standard) are used as filter criteria for the filter rules. You specify the PKI DN filter rules for the user and the role. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 41 In this case, there is only the restriction to C = DE. rule is defined: As placeholder the "*" character is used. CN = *, OU = *, O = *, C = DE SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 42: Layout Of The Window

    When you enter the IP address, the start page is displayed after a successful login. You cannot configure anything on this page. Figure 4-1 Help General layout of the WBM page The following areas are available on every WBM page: SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 43 To exit a submenu again and to return to the main menu, use the "Exit dialog" button. ④ Content area In the navigation area, click a menu to display the pages of the WBM in the content area. Buttons you require often SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 44 In the overview lists of the devices, users, roles and participant groups you can search for certain entries. To do this, enter the name or part of the name in the search box . Then press the <Enter> key on your keyboard. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 45: Start Page Of The Web User Interface

    Number of active VPN connections Users Number of active VPN connections to the users created in the project. Devices Number of active VPN connections to the devices created in the project. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 46: Language Selection

    The user interface of the SINEMA RC Server is displayed in the selected language regardless of the Web browser being used. If the language is not changed immediately, use the "Update" button or the "F5" function key. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 47: System

    Info, e.g. when a user has logged on • Debug • Function Coded operating status Category Category of the log message Message Displays a description of the event that has occurred. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 48: Log Archives

    The log is saved in the log archive after reaching 1,000,000 log messages. A maximum of 100 log archives are possible. Calling the Web page In the navigation panel, select "System" > "Logfile" and the "Logfile archive" tab. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 49: Network Configuration

    – UDP port 500 (cannot be changed) and UDP port 4500 (cannot be changed) – IP protocol ESP (layer 3 protocol) Calling the Web page In the navigation, select "System > Network configuration" and the "Interfaces" tab. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 50 The WAN IP address via which SINEMA RC can be reached. This can, for example, be the WAN IP address of a DSL router via which SINEMA RC is connected to the Internet. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 51: Dns

    Enter the IPv4 address of the primary DNS server. Secondary DNS server Enter the IPv4 address of the secondary DNS server that is then used if the primary DNS server is not reachable. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 52: Web Server Settings

    You can set the system time yourself manually or have it synchronized automatically with an NTP server. Only one method can be active at any one time. Calling the Web page In the navigation, select "System > Date & time settings". SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 53: Sms Messages And E-Mails

    Due to special events, an SMS message can take a long time to arrive. Take this into account when you send the wake-up SMS message, see sectionMonitoring and time response of wake-up SMS messages (Page 116). SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 54 3. For address, enter the e-mail address of the recipient. For the phone number, use the placeholder "$SMS-NO". 4. As the "Subject" or "Text" enter the placeholder "$MSG". This depends on your network provider. 5. Click the "Create" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 55: Settings

    The E-mail address specified as the sender when transferring to the mail server. With the transmission method relay host, the e-mail address of the user ac- count of the SMTP relay server is specified. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 56 Sending a test e-mail After configuration, you can send a test e-mail in the "Test e-mail" tab. To do this, enter the Recipient, the Subject and a text. Then click the "Send" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 57: Managing Licenses

    3. Click the "Activate" button to confirm the online license. Result The system checks whether the license number is valid and which license package is activated. The license is activated and is displayed in the overview of the existing licenses. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 58 The license is imported and it is displayed in the overview of existing licenses. Deactivate offline license 1. Send an e-mail to your Siemens contact with the license number of the license package you want to release. 2. Select the required offline license.

  • Page 59: Update

    Update If a new version is available for the SINEMA RC Server, you will find the update on the Internet pages of Siemens Industry Online Support under the following ID:21713 (http://support.industry.siemens.com/cs/ww/en/ps/21713) The update must be performed in the correct order: V1.0 > V1.1 > V1.2 > V1.3 Note System update V1.2 >...

  • Page 60: Server Upload

    To upload the file to a subdirectory, specify the subdirecto- ry here. Provided that the subdirectory is created in the home directory. User name User name for access to the SFTP server Password Password for access to the SFTP server SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 61: Backing Up & Restoring

    ● The user has been assigned the right "Edit system parameters". Procedure 1. In the navigation panel, select "System > Backup & restore" and the "Settings" tab. 2. Enter the number of permitted backup copies. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 62 With this function, a previously created backup copy that was saved as a file is loaded. 1. Click the "Import backup copy" button. 2. In the dialog that follows, if required enter a comment on the backup copy. 3. Click the "Browse" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 63 All settings made up to this point that have not been saved in a backup copy are lost. For more detailed information, refer to section "Upkeep and maintenance". SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 64: Debug Login

    4.6 System 4.6.9 Debug login The Debug login allows your Siemens contact access to the SINEMA RC Server for a certain time. In SINEMA RC Server, there are predefined user names intended for service and debugging purposes via SSH. On this page, you specify the password for the Debug login.

  • Page 65: Remote Connections

    "none" is displayed, refer to the section "Creating a new device (Page 68)". If several IP addresses are created, is displayed. If you hover over with the mouse pointer, this information is displayed. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 66 Only available with the type of connection "Wake-up SMS" or "Digital input & Wake-up SMS". If the device is not connected, the SINEMA RC Server sends the wake-up SMS message to • the device. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 67 2. Enter a name or part of the name in the search box. 3. Click the "Apply filter" button. Result The list is updated based on the settings made. To show all entries again, click the "Show all" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 68: Create New Device

    For SCALANCE M-800 with SIM card: Call number of the end device to which the wake-up SMS is sent. – If required, enter additional device information and click the "Continue" button.. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 69 Enter the port at which the SINEMA RC Server receives the OpenVPN connection. IP protocol • Specify whether the OpenVPN connection goes via TCP or UDP. Actions • To delete, click on in the actions. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 70 – Click the "Add" button. The IP address of the remote subnet is displayed in the table. – To change an entry, you must first delete this entry and then create a new one. To delete, click on in the actions. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 71 9. Click the "Continue" button. 10.Enter a password and confirm it. See also the guidelines in the section "Permitted characters (Page 21)". 11.Click the "Continue" button. Check your settings and click the "Finish" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 72: Creating Several New Devices

    (Page 21)". 4. Click "Finish". Result The devices will be created on the SINEMA RC Server. Depending on how many devices you have selected, creating them may take some time. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 73: Updating Devices

    6. Select the devices to be updated. 7. Save your selection. Result: After saving, the SINEMA RC Server sends the request to the device to load the new firmware. The device downloads the firmware and restarts. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 74: Address Spaces

    Note The first IP address of the address space is always assigned to the SINEMA RC Server. Calling the Web page In the navigation, select "Remote connections > Address spaces". SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 75: Creating Node Groups

    Once the participant groups have been created, you can define communication relations between the groups (see section "Communication relations between participant groups (Page 77)"). Requirement for creating participant groups ● The user has been assigned the right "Manage remote connections". SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 76 The participant group is created. You have specified whether communication between the members of this group is permitted or forbidden. Changing settings of the participant groups 1. Change the corresponding settings of the participant groups. 2. Then click the "Save" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 77: Specifying Communications Relations Between Node Groups

    Result The participant groups that have already been created are displayed. 2. Select the group/groups to which the participant will be assigned. 3. Click the "Save" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 78: User Accounts

    The IP address of the device used during communication via VPN. The address is automatically assigned by SINEMA RC. If communication via VPN is not active, "none" is displayed. First name First name of the user Second name Second name of the user SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 79 The list is updated based on the settings made. To show all entries again, click the "Show all" button. See also Creating node groups (Page 75) Managing roles and rights (Page 80) SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 80: Managing Roles And Rights

    VPN settings for the device; Manage users and roles Create new users and roles, edit and delete existing User accounts > Users and users and roles; assign rights and change your own roles assigned rights. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 81 0: The setting is disabled • 1 - 5: If, for example, you enter 3, the current password • can be reused only after 3 different passwords. As default, 3 is set. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 82 0: The setting is disabled. The temporary user • must be deleted manually. 1 - 72 hours: When the time expires, the temporary • user is deleted. 7. Click the "Finish" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 83: Create A New User

    You can change the user name later. If you change the user name, you must either change the password or the user must log on to generate a new certificate and a new PKCS#12 file. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 84 To cancel the role assignment click the "-" button beside the role. – Assignment of rights without role assignment: If you have not selected a role, enable the rights by clicking the check box. – Click the "Next" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 85 Enter a password and confirm it. The assigned password can be changed later by the relevant user, refer to the section "Changing the current password (Page 105)". 8. Click the "Finish" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 86: User Agreement

    The changed user agreement is displayed only when these users log on again. After accepting the user agreement, these users can access the WBM of the SINEMA RC Server. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 87: Security

    (Page 104) *.pem PKI CA certificate For the logon with the PKI certificate. *.pem PKI CA certificate (Page 96) The PKI CA certificate is created by an external certification authority. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 88 When using secure communication (for example HTTPS, VPN...), make sure that the devices involved have the current time of day and the current date. Otherwise the certificates used will not be evaluated as invalid and the secure communication will not work. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 89: Certificate Overview

    With the "Renew" button, you can when necessary, e.g. with compromised certificates, generate a new certificate. To do this, enter the corresponding password. The serial number is automatically incremented by one. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 90: Ca Certificate

    By clicking on the icon, the CA certificate (*.crt) is exported. The file is, for example, exported to the end device or to the destination server. Renewing a CA certificate With the "New CA certificate" button, you can when necessary, e.g. with compromised certificates, generate a new certificate. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 91: Server Certificate

    The certificates are derived from the currently valid CA certificate. The serial number is automatically incremented by one. Importing the Web server certificate With the "Import" button, you can import CA certificates for the encryption of the data traffic. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 92: Importing The Web Server Certificate

    Examples of the content of a CA chain file (.crt, .pem): Several certificate blocks one after the other: -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 93 Specifies the key length being used. Signature method Specifies which digital signature method with the corresponding sig- nature key ("hash value") was used for the certificate. 9. To finally import the files, click the "Import" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 94: Making Settings For Certificates

    CA certificate. Validity of client certificates Specify for how many days the certificate will be valid. A certificate whose CA has al- (days) ready expired can no longer be used. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 95: Device Certificate

    Specifies which digital signature method with the corresponding sig- nature key ("hash value") was used for the certificate. 5. To load the files on the SINEMA RC Server, click the "Import" button. Result: SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 96: Pki Ca Certificate

    To lock out users, you have two options: ● Certificate Revocation List (CRL) ● PKI DN blacklist Calling the Web page In the navigation panel, select "Security > PKI CA certificate management". SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 97 Date on which the certificate revocation list will next be updated. Origin Shows where the certificate revocation list originates from: File: The certificate revocation list was imported URL: The certificate revocation list is stored at the distribution point. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 98 When enabled, the absence of the certificate revocation list is al- lowed. Please note that if the certificate revocation list is missing, all the user certificates derived from the PKI CA certificate are permit- ted. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 99: Vpn Connections

    Requirement for changing the OpenVPN settings The user has been assigned the right "Edit system parameters". Calling the Web page In the navigation, select "Security > VPN basic settings" and the OpenVPN tab. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 100 OpenVPN partner (SINEMA RC client, device) is established. WAN: Connection only via the WAN interface • LAN 1-n: Connection via available LAN interfaces: • WAN + LAN 1-n: Connection via all interfaces • SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 101: Making The Ipsec Settings

    The devices and users are assigned IPsec profiles The profiles contain the settings of phase 1 and phase 2. Calling the Web pages In the navigation, select "Security > VPN basic settings" and the "IPsec profile" tab. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 102: Creating Ipsec Profiles

    Select the required Diffie-Hellmann group (DH) from which a key will be generated. Lifetime The lifetime of the authentication. When the time has elapsed, the VPN endpoints involved must authenticate themselves with each other again and generate a new key SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 103 AES128 CTR AES192 CTR AES256 CTR AES128 CCM 16 AES192 CCM 16 AES256 CCM 16 AES128 GCM 16 AES192 GCM 16 AES256 GCM 16 x: is supported -: is not supported SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 104: My Account

    Specifies which digital signature method with the corresponding signature key ("hash value") was used for the certificate. The value can be set in the menu "Security > Certificates" , "Settings" tab under "Pre- ferred hash method". SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 105: Changing The Current Password

    3. Enter the new password and confirm it. The new must be at least 8 characters long and contain special characters, upper and lowercase characters as well as numbers. See also the section "Permitted characters (Page 21)". SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 106 Configuring with Web Based Management 4.10 My account SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 107: Upkeep And Maintenance

    The coding key must be at least 8 characters long and contain special characters, upper and lowercase characters as well as numbers, refer to the section "Permitted characters (Page 21)". To the backup copy successfuly 4. Confirm the coding key. 5. Click the "Save" button. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 108 6. Click the "Finish" button. The backup is displayed in the overview. 7. Click on the "Restore" button to adopt the system configuration of the selected backup copy. Click the "Restore" button in the next dialog. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 109 Backup was imported into a different server / hardware and a new installation with different network settings. After the restart, the logon page of the SINEMA RC Server is opened. The certificates are not imported but created new. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 110 Upkeep and maintenance 5.1 Backing up and restoring the system configuration SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 111: Openvpn Connection To An Ios Device

    3. Click on PKCS#12 to load the user certificate on the iOS device in the format PKCS#12. Install the user certificate. 4. Click on PEM to load the CA certificate on the iOS device. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 112 6. Click on OVPN to download the OpenVPN configuration file "username.ovpn". 7. Open the file and delete the user certificate from the configuration file. Remove everything from <pkcs12>-----BEGIN CERTIFICATE----- ..to-----END CERTIFICATE---- -</pkcs12>. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 113 Insert everything from <ca>-----BEGIN CERTIFICATE----- ..to-----END CERTIFICATE-----</ca>. 9. Save the configuration file. 10.Load the OpenVPN configuration file on the iOS device. You can also send yourself the file in an e-mail. 11.Start the OpenVPN app. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 114: Using A "Virtual Machine

    64-bit Ubuntu system with it as the operating system and installs it like an operating system. When assigning parameters to the virtual machines base the assignment on the hardware requirements for SINEMA Remote Connect. See also Requirements (Page 17)

  • Page 115: Enabling The E-Mail Address

    Text: STOP Text: STOP Text: CLOSE Text: CLOSE Send SMS with text Short number: Short number: Short number: Short number: to short number 7676245 6245 8000 3400 See also SMS (Page 53) SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 116: Monitoring And Time Response Of Wake-Up Sms Messages

    SINEMA RC Server and the SMS gateway. Structure of the csv file On the data medium, you will find a template of the csv file. The entries are separated by semicolons. SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 117 2 = IPsec: The connection will be established via IPsec. Ipsec profile Name of the IPsec profile The requirement is that the IPsec profile has already been created. Fixed IP Fixed IP address for OpenVPN or IPsec connections SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 118 Appendix B B.3 Structure of the csv file SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

  • Page 119: Index

    DNS, 51, 91 Existing licenses, 57 Download configuration file, 90, 105 License update, 20 Downloading the configuration file, 66 Licenses (TCSB), 3 Log files, 48 Entries Creating, 44 Maximum Transmission Unit, 50 SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 120 Manage devices, 80 Managing a device, 65 Managing users, 80 Users, 13 Rights, 11 RAM, 17 Roles, 11 Recommended requirements, 17, 17 User rights, 11 Rights, 13 Role Administrator, 14 VPN user, 14 SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 121 Wake-up SMS Unsuccessful attempts, 116 WAN IP address, 91 external, 50 Buttons, 43 Layout of the window, 42 WBM: changing the language, Web user interface, 35 Wrong entry, user name, 37 SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...
  • Page 122 Index SINEMA Remote Connect - Server Operating Instructions, 11/2017, C79000-G8976-C383-04...

This manual is also suitable for:

Sinema remote connect 64Sinema remote connect 256Sinema remote connect 1024

Table of Contents