Process to use I/NET Encryption feature to encrypt an existing network or segment of network

Issue

Process to use I/NET Encryption feature to encrypt an existing network or segment of network

Environment

I/NET

Cause

I/NET system contains or protects items that need addition security or separation from other I/NET networks.

Resolution

To encrypt the Xenta 527 and Host network

Important:

********** The Unencrypted and Encrypted UDP ports should be different from each other     (Ex. Unencrypted: 50069, Encrypted: 49152)

********** The Unencrypted UDP port for all routers and workstations should be the same (Ex. Routers: 50069, Workstations: 50069)

********** The Encrypted UDP port for all routers and workstations should be the same (Ex. Routers: 49152, Workstations: 49152)

********** The Encrypted password for all routers and workstations should be the same (Ex. Routers: Test, Workstations: Test)

1. Choose an unencrypted UDP port, either default 50069 or a number between 49153-65535
2. Set the workstation Advanced IP UDP setting to the chosen unencrypted port
3. Shutdown I/NET, Shutdown I/O Server(make sure I/O server is shut down) <-check Task Manager to see if all I/NET services are shutdown
4. Bring all new 527 routers online within the network
5. Log into the 527 web interface, go to I/NET configuration profile
6. Set 527 UDP to the chosen unencrypted port you chose in step 1, set the host reference to the workstation IP that is the filemaster/standalone
7. Save and Restart 527, restart I/NET Filemaster/Standalone
8. Bring up NP routers under I/O server, check if all routers in the network have appeared in the list
9. If not all routers have appeared in the list check the unencrypted udp port of the workstation and 527 udp port match
10. Once all routers have appeared in the online list, click on each router and modify its Advanced IP settings
11. Check mark the Enable Encryption box, the default encryption port is 49152, make sure you leave the encryption port default or choose an encryption port that will be the same for all routers
12. Enter a password for encryption(Ex. Test), make sure the password is the same password for each router
13. Click OK, the router should restart with the new encrypted settings
14. Repeat steps 10-13 on all routers within the list
15. All routers should disappear one by one from the Online list as you enable encryption on each router and OK the settings change
16. Under the main IO configuration screen click on Advanced IP
17. Check mark the Enable Encryption box, the default encryption port is 49152 or choose the encryption port that corresponds to the same exact encryption port you choose for the routers
18. Enter in the password for encryption exactly as was done for the routers
19. Click OK, Click OK on the main screen to save the settings
20. Shut down I/NET, Restart I/O Server(make sure I/O server is shut down)
21. Restart I/NET
22. Open up IO configuration once logged in
23. Click on NP Routers
24. The routers you have encrypted should appear back onto the Online list
25. Troubleshoot: If the routers you have do not appear back onto the list, check each router’s web interface and make sure that the UDP port is set to the encrypted port. If the routers come back but there Name appears as numbers (Ex. 1023,1124) then what happened is the routers are encrypted but the host workstation cannot understand the encryption. To undo everything and start over uncheck encryption on the host workstation and then login to each of the router’s web interface and reset the UDP port to the default I/NET port. Make sure to restart I/O server to make changes take affect.
26. Test the encryption by having standalone machines and other filemasters not on the same encrypted port try to pull up the routers either by NP routers in IO configuration or Host->Netcon, they should not be able to see any of the routers/host workstations that were encrypted.

To add a 527 to an existing encrypted network

1. Bring the router online on the chosen unencrypted port
2. Shutdown I/NET and I/O server
3. Modify IO configuration
4. Uncheck enable encryption on host settings Advanced IP
5. Make sure the unencrypted port is the same port with the router you are bringing online
6. Shutdown I/NET and I/O server and then restart I/NET
7. Modify the active IO configuration, under NP routers you should be able to see the new router but none of the old encrypted routers
8. Modify the new router’s Advanced IP settings
9. Enable encryption on the new router and assign it the default/chosen encrypted port and enter in the chosen password for encryption
10. Click OK, the router should restart with the new encrypted settings
11. Edit the Advanced IP of the host workstation
12. Recheck enable encryption and reenter the default/chosen encrypted port
13. Reenter the chosen encrypted password
14. Click Ok to confirm settings
15. Shutdown I/NET and I/O server then restart I/NET
16. Modify the active IO configuration, go to NP routers
17. All routers should appear on the list now, the existing encrypted routers on the network and the new encrypted router on the network