Date Published: December 13, 2012
Application: Accsense Technical Articles
Download the PDF version
Accsense Gateways and Network Pods from CAS DataLoggers
CAS DataLoggers Accsense gateways (B1-0x) and network pods (A2-0x) are shipped from the factory configured for DHCP. When they are plugged into the network and turned on, they will try to obtain an IP address, DNS, and gateway address from the local DHCP server. If they successfully obtain this information they will then try to contact the Accsense server at Accsense.com. This communication will be initiated by the pod (outgoing only) using HTTPS on port 443.
Assuming that the system can successfully contact the server, the initial communication will create a new account that you can then log into. The account will not exist until this communication is received by the server. The default login will use the MAC # (serial number) of the gateway or pod, where the user name is ‘Admin’ and the Password is also ’Admin’. You can log into your account by going to http://secure.sensornetworkonline.com.
Typical Installation Problems
- There is a problem with the Ethernet port that the gateway or pod is plugged into. If this is a new installation, the port may not be connected or active. The B1-0x gateway has a small LED where the network cable plugs in, and on the A2 pod there is a LINK LED on the front. If there is a hardware connection, the LED will be illuminated. If there is no hardware link, verify that you have a connection by removing the cable from the pod/gateway and plugging it into a computer to make sure that the Ethernet port is active.
- Your facility does not use DHCP – If your network uses static IP addresses instead of DHCP, the pod will not be able to obtain initial IP address, DNS, or gateway information. For the B1-0x, the pod will have a flashing red light on top, and for the A1, the STAT1 LED will be on to indicate that there is a problem connecting to the server. The solution is to use the ‘Remote Gateway Configuration’ tool to establish a local connection to the gateway/pod and manually configure it. You can download the tool from: http://www.accsense.com/sp_downloads.html. Download this program and install it on a PC which is on the same subnet as the gateway/pod. Start the program and it will search the local network for any Accsense systems: if it finds them, they will be displayed in the list box on the left. Click the MAC address of the unit you are trying to configure, go to the IP tab and uncheck ‘Obtain Network Address Automatically’. Then fill in the IP address that you want to assign to the unit along with the subnet mask, at least one DNS address, and the route or gateway address. Please note that with the A2 pods it may take several tries as this unit will keep rebooting in an attempt to get an address. Once this is done, click the ‘Submit Changes’ button to save the settings in the gateway/pod. The gateway/pod will restart with the new settings and after about a minute it should show up in the ‘Gateway Configuration’ software. Verify that the new settings are correct and check to see that both the top and bottom green lights are on for the B1 gateway or that the Connect LED is on for the A2 pod.
- The facility uses a Proxy server for communication to the Internet. Just like configuring the IP address, use the ‘Remote Gateway Configuration’ software to enter the information for the Proxy server. Click on the ‘Proxy’ tab and enter the information for your server.
The facility has blocked outgoing communications. There are a few possibilities here:
- Port 443 in the firewall between the local network and the internet is blocked. You will need to have IT open port 443 for HTTPS communication.
Unsolicited outgoing communications for the facility to the internet is blocked. This may have been done to prevent malicious software from sending data out. Someone will need to add the address of the Accsense servers to the whitelist in the firewall to allow the outgoing communications form the system to pass through. The destination addresses for the communications are:
The Accsense unit is designed as a plug-and-play device that does not require any technical configuration by the user. However, if the network imposes restrictions such as: the DHCP server requires the MAC addresses to be registered, a proxy server is used to provide Internet access, or the unit must use a static IP; then manual configuration will be required.
Generally MAC addresses do not need registering on a network. However, if it is required, the unit’s MAC address can be found printed on the side or bottom of the Accsense unit.
Manual configuration is performed using the ‘Remote Gateway Configuration Utility’ which can be downloaded from the following link: http://www.accsense.com/sp_downloads.html.
The Accsense A2 units support SOCKS4 and SOCKS5 Proxy servers; these can be setup using the ‘Remote Gateway Configuration Utility’. In environments where other proxy servers are used, an exemption to port 443 outbound on the router/firewall will be required to allow the unit to communicate directly with the Accsense Servers.
All communication with Accsense Servers is initiated from the Accsense unit over HTTPS on port 443 using 128 bit encryption to guarantee integrity and confidentiality. The units do not accept incoming connections from Accsense Servers; they only need to be able to initiate outbound connections to upload data.
Aside from needing access to DNS servers for name resolution, the Accsense unit will not communicate with any other servers on the Internet.
Communications from the Accsense unit to our Secure Servers are always initiated by the unit and are secured using the HTTPS protocol. They only require an outbound connection over port 443, so there is no need to explicitly open inbound ports on your firewall. HTTPS over port 443 is the industry standard protocol for accessing secure websites—for example it is commonly used when purchasing goods online or when using Internet banking services.
Data sent by Accsense units over the Internet benefits from two distinct security features of HTTPS:
- Encryption: Ensures the integrity and confidentiality of your data while it is in transit. Accsense units never use less than a 128 bit symmetric key length.
- Certificate Based Authentication: Ensures mutual authentication of each specific Accsense unit with the Accsense Secure Servers.
This combination of encryption with certificate-based authentication means that your data benefits from the highest level of security when transiting the Internet.
Only units with valid certificates signed by Accsense are permitted to connect to the Accsense Servers. When connecting, each unit verifies that the Accsense Server also presents a valid certificate. This mutual authentication prevents spoofing of either Accsense units or the Accsense Secure Servers. In the unlikely event that a unit’s security was ever compromised, its unique certificate could be revoked individually, sealing the breach without impacting other customers.
Additionally, the Accsense website is VeriSign Secured®, providing encryption and identity verification from one of the leading certification authorities. In line with our commitment to security, the Accsense secure website uses an Extended Validation SSL certificate, providing you with additional peace of mind.