Introduction
The modern industrial landscape is increasingly relying on remote access solutions to enhance productivity and security. This is where setting up a VPN environment becomes crucial. It does not only ensure secure remote connections to manufacturing machinery but also allows precise control over who can access each machine. By following this guide, you will learn how to effectively implement a CloudConnexa VPN, optimizing both operational efficiency and security.
Overview
The diagram illustrates what will be set up in the next steps, a user access structure within a VPN environment that employs CloudConnexa's services. It breaks down into three main components:
User Group Structure: In the diagram with the example of the "OEM" User Group, the company's internal structure where different users (like User01, User02) have various devices (Device01, Device02, etc.) assigned to them.
User Groups: This segment shows the different user groups that have been created. There are groups for the OEM and separate groups for different customers (like customer01, customer02, etc.).
Machines: This is a list of machines that are specific to each customer. For instance, customer01 has at least two machines listed under their name.
The lines connecting these components indicate the relationships and access privileges. For example, the OEM group has access to all machines, as shown by the line connecting the OEM user group to all the customer machines. This represents a hierarchical access control where the OEM can oversee and manage all devices, while customers are granted access only to their respective machines.
Prerequisites
ctrlX OS instance with Internet access like ctrlX Core or ctrlX Core virtual
ctrlX AUTOMATION - VPN Client
Step-by-Step guide
The following steps will show how to configure the VPN network as shown in the diagram and how to connect the machines.
Step 1: Register on CloudConnexa
Open CloudConnexa.
Create your account and give your Wide-area Private Cloud (WPC) a name.
Create Your WPC
After that you should be logged into the platform.
CloudConnexa
Step 2: WPC Settings
Set your default connection region and change the Topology so that access rights can be configured.
WPC Settings
WPC Settings Topology
Confirm WPC Settings
Step 3: User Groups
Create customer01 and customer02.
Add User Group
Create Group
Overview over Groups
Step 4: Users
Create oem_user1, customer01_user1, customer02_user1
Create Users
User Details
Add User Customer
Overview Users
Step 5: Hosts (Machines)
Create customer01_machine1, customer01_machine2, customer02_machine1
Add Host
Host Details
Overview Hosts
Step 6: Access Groups
Create oem, customer01, customer02
Adding an Access Group
Create New Access Group
Set the OEM Access definitions
customer01
Name the new Access Group Create the Customer01 Access Definition
customer02
Create New Access Group customer02
Define Access Group of customer02
Don't forget to delete the default group. If not it will allow all Users to access everything!
Delete Access Group which grants Full Access
Confirm Delete Access Group
Now it should look like this.
Overview over the Access Groups
Step 7: Connect the machines
Download the OpenVPN config file for the machine you want to connect.
Downlod the Connector Profile in .ovpn format
Open ctrlX OS on the corresponding machine and install VPN App.
Install from file in ctrlX OS
Open the VPN UI.
Overview of the ctrlX OS Settings
Upload the previously downloaded OpenVPN config file.
Upload VPN configuration file
Choose OpenVPN in Upload configuration file
Click upload in Upload configuration file
Optional: Set to automatically connect to VPN on restart of the device.
Edit the VPN configuration
Change to Automatic in Settings in VPN configuration
If not already connected you can connect manually.
If not already you can Start the VPN connection
The VPN status should show Connected
Check connection status in CloudConnexa.
One Connector should be online
Step 8: Login as user and test connection
As we connected a machine from customer01 we should log in as a user of the group customer01 to test the connection. First, get the password.
Show temporary password in Users
Copy the Temporary Password
Now act as the customer01 and open the URL which you defined for your WPC. Ideally in an anonymous browser window so you don't get automatically logged in as an admin.
Click on the given URL in Users
Paste Username and Password into the Login Form
You are asked to set a new password
Follow the instructions for your OS to connect to the network via OpenVPN.
This page describes how to get connected
When you are connected you can access the machine directly via the IP address of it. Look it up here.
Copy the IP address of the device in Connectors
Now connect from remote!
Remote Android Browser Client
When the other machines are connected you can test the permissions. You should be able to connect to the machines according to the drawing. All users of Customer 1 are able to connect to customer01_machine1 and 2. All users of Customer 2 are able to connect to customer02_machine1. All users of the group OEM can connect to all machines.
Related Links
VPN: Access Hardware behind the ctrlX OS Device
... View more
