Introduction
The modern industrial landscape is increasingly relying on remote access solutions to enhance productivity and security. This is where setting up a VPN environment becomes crucial. It does not only ensure secure remote connections to manufacturing machinery but also allows precise control over who can access each machine. By following this guide, you will learn how to effectively implement a CloudConnexa VPN, optimizing both operational efficiency and security.
The diagram illustrates what will be set up in the next steps, a user access structure within a VPN environment that employs CloudConnexa's services. It breaks down into three main components:
-
User Group Structure: In the diagram with the example of the "OEM" User Group, the company's internal structure where different users (like User01, User02) have various devices (Device01, Device02, etc.) assigned to them.
-
User Groups: This segment shows the different user groups that have been created. There are groups for the OEM and separate groups for different customers (like customer01, customer02, etc.).
-
Machines: This is a list of machines that are specific to each customer. For instance, customer01 has at least two machines listed under their name.
The lines connecting these components indicate the relationships and access privileges. For example, the OEM group has access to all machines, as shown by the line connecting the OEM user group to all the customer machines. This represents a hierarchical access control where the OEM can oversee and manage all devices, while customers are granted access only to their respective machines.
Prerequisites
- ctrlX OS instance with Internet access like ctrlX Core or ctrlX Corevirtual
- ctrlX AUTOMATION - VPN Client
Step-by-Step guide
The following steps will show how to configure the VPN network as shown in the diagram and how to connect the machines.
Step 1: Register on CloudConnexa
- Open CloudConnexa.
- Create your account and give your Wide-area Private Cloud (WPC) a name.
After that you should be logged into the platform.
Step 2: WPC Settings
Set your default connection region and change the Topology so that access rights can be configured.
Step 3: User Groups
Create customer01 and customer02.
Step 4: Users
Create oem_user1, customer01_user1, customer02_user1
Step 5: Hosts (Machines)
Create customer01_machine1, customer01_machine2, customer02_machine1
Step 6: Access Groups
Create oem, customer01, customer02
customer01
customer02
Don't forget to delete the default group. If not it will allow all Users to access everything!
Now it should look like this.
Step 7: Connect the machines
Download the OpenVPN config file for the machine you want to connect.
Open ctrlX OS on the corresponding machine and install VPN App.
Open the VPN UI.
Upload the previously downloaded OpenVPN config file.
Optional: Set to automatically connect to VPN on restart of the device.
If not already connected you can connect manually.
Check connection status in CloudConnexa.
Step 8: Login as user and test connection
As we connected a machine from customer01 we should log in as a user of the group customer01 to test the connection. First, get the password.
Now act as the customer01 and open the URL which you defined for your WPC. Ideally in an anonymous browser window so you don't get automatically logged in as an admin.
Follow the instructions for your OS to connect to the network via OpenVPN.
When you are connected you can access the machine directly via the IP address of it. Look it up here.
Now connect from remote!
When the other machines are connected you can test the permissions. You should be able to connect to the machines according to the drawing. All users of Customer 1 are able to connect to customer01_machine1 and 2. All users of Customer 2 are able to connect to customer02_machine1. All users of the group OEM can connect to all machines.