pinbox manual - pintexx · connect the power adapter to the pinbox and the mains electricity...
TRANSCRIPT
pinBox Manual
Version 1.2
pinBox
Table of contents 1 Introduction ..................................................................................................................................... 4 2 Setting up ......................................................................................................................................... 5
2.1 Scope of delivery and device features ........................................................................................ 5 2.2 Security ...................................................................................................................................... 5 2.3 Hardware Installation .................................................................................................................. 6 2.4 Software installation ................................................................................................................... 7
2.4.1 Determine IP address .......................................................................................................... 7 2.4.2 About "Detection Tool" ........................................................................................................ 7 2.4.3 About the DOS box ............................................................................................................. 7 2.4.4 Opening the admin tool ....................................................................................................... 7
3 Quick test ....................................................................................................................................... 11 4 Access via internet ........................................................................................................................ 12
4.1 Setting up a domain ................................................................................................................. 12 4.1.1 Public IP ............................................................................................................................ 13
4.2 Dynamic DNS service .............................................................................................................. 14 4.2.1 Integrated DynDNS services ............................................................................................. 14 4.2.2 Router ............................................................................................................................... 15
4.3 Port authorisation ..................................................................................................................... 15 5 Configuring encryption ................................................................................................................. 16
5.1 Let's Encrypt ............................................................................................................................ 16 5.2 Own certificate ......................................................................................................................... 17
6 Configuring direct access............................................................................................................. 18 6.1 Target computer ....................................................................................................................... 23
6.1.1 Determine IP address ........................................................................................................ 23 6.1.2 Allowing access to PCs ..................................................................................................... 23
6.2 Link generation ......................................................................................................................... 25 6.3 Two-Factor Authentication ........................................................................................................ 25
6.3.1 By Email ............................................................................................................................ 25 6.3.2 Via Google Authenticator................................................................................................... 25
7 Two-Factor Authentication ........................................................................................................... 27 7.1 Email ........................................................................................................................................ 27 7.2 Google Authenticator ................................................................................................................ 27
8 Active Directory ............................................................................................................................. 28 9 Notification .................................................................................................................................... 29 10 System ........................................................................................................................................ 30
10.1 Display language ...................................................................................................................... 30 10.2 Access via internet ................................................................................................................... 30 10.3 System logging ......................................................................................................................... 30 10.4 Static IP Address ...................................................................................................................... 31 10.5 Restart ..................................................................................................................................... 31
11 Print ............................................................................................................................................ 32 12 Licensing .................................................................................................................................... 33 13 Change password ...................................................................................................................... 34 14 Info .............................................................................................................................................. 35 15 Log out ....................................................................................................................................... 36 16 Using pinBox .............................................................................................................................. 37 17 Technical Data ........................................................................................................................... 38 18 Miscellanea ................................................................................................................................ 39
18.1 System requirements ............................................................................................................... 39 18.2 Copy protection ........................................................................................................................ 39
pinBox
18.3 Legal information ...................................................................................................................... 39 18.4 Disposal ................................................................................................................................... 39
pinBox
1 Introduction
The pinBox is a hardware box based on ARM technology (Raspberry Pi). It is connected to a local area network, usually to a router or a switch. Appropriate port authorisations in the router/firewall will allow access to any PC in the network via a browser. Unlike a so-called VPN, the pinBox does not require any installations or configurations on the user side. Moreover, it needs no browser extensions or other tools.
The combination of HTML5 technology and the Internet allows access -provided Internet is available - to PCs, mobile devices and desktops of all operating systems. You just need a browser.
Access security is based on Internet standards such as HTTPS/SSL and the use of certificates. The pinBox supports the free certificate system "Let's Encrypt" for free certificates. Furthermore, it also supports the so-called two-factor authentication via email or Google Authenticator.
pinBox
2 Setting up
It is necessary to install the hardware and the software for the initial setup of the pinBox.
2.1 Scope of delivery and device features
The package includes the hardware box, a network cable and a power adaptor.
2.2 Security
Please note the following safety instructions:
- Operate the pinBox in a dust-free and dry place away from direct sunlight with adequate ventilation
- The pinBox may only be operated inside buildings. Ensure that liquids do not enter the device
- The pinBox must not be opened, as you may endanger yourself by improper opening
pinBox
2.3 Hardware Installation
1.) Remove the pinBox from the packaging and connect it to a router, hub or switch using the
network cable.
2.) Connect the power adapter to the pinBox and the mains electricity supply.
Switch on the device.
3.) Wait approx. 2-3 minutes until the system is ready for operation.
pinBox
2.4 Software installation
2.4.1 Determine IP address
In order to access the web interface, the IP address must first be determined.
2.4.2 About "Detection Tool"
Download the pinBox Detection Tool from the Pintexx Home Page. The tool detects all corresponding networks and then starts to determine the IP address.
If a pinBox system is found, a link with the IP address is displayed which allows direct access to the web interface.
2.4.3 About the DOS box
Open a DOS box (right-click on Windows icon, run, "cmd" and enter "nslookup pinbox" in the box. The
IP address should then be displayed
2.4.4 Opening the admin tool
If the IP address is known, the system can be retrieved via http: // <IP address> in a browser. The first time you log in, the setup wizard appears:
pinBox
Enter an appropriate password here and repeat it. The password must be at least 8 characters long and contain at least one uppercase letter. Warning: Please note the password, otherwise access to the system is no longer possible. Thereafter, the system is restarted, and the login screen is displayed.
pinBox
Enter the password to access the Admin area.
pinBox
Overview of the administration interface:
pinBox
3 Quick test
Enter "gwdemo.pintexx.com" in the "Direct access" menu as RDP host / IP and go to "Generate link" at
the bottom.
Then open the desktop connection with "open link".
In the login dialog, enter "testuser1" as the login and "12345678" as the password.
You should then be able to log in to the desktop.
When you log out of the desktop, the window should be closed automatically.
pinBox
4 Access via internet
Warning: The pinBox should always communicate via an encrypted line.
4.1 Setting up a domain
To set up an encrypted connection, a so-called domain is required. e.g. https://www.myportal.co.uk or https://myaccess.mydomain.co.uk Domains can be obtained from well-known Internet providers. The domain must then point to a public IP address of the router. Example:
pinBox
4.1.1 Public IP
You need a public IP address to connect to the Internet. This is visible in the router. Example:
The domain must point to this IP address. Warning: If your Internet provider does not provide a static IP address, the IP changes constantly. This means that the outside access will stop working after a change, because the domain will point to the wrong IP address. A so-called dynamic DNS service (DYNDNS) might be suitable in this situation. See 4.1.2
pinBox
4.2 Dynamic DNS service
If the Internet provider does not provide a static IP address, you can also use a dynamic DNS service. The service can be configured in pinBox or in router.
4.2.1 Integrated DynDNS services
From version 1.2 dynamic DNS services can be directly used inside pinBox.
The following services are available:
DynDNS
No IP
Dynu DNS
Free DNS An account is required for the corresponding service. For each service a login/password as well as the domain hast o be entered. By pressing „IP Update“ the current IP can be manually updated. Warning: It can take some minutes until the service is available!
pinBox
4.2.2 Router
This service always "connects" a domain to the current IP address of the provider. Example:
4.3 Port authorisation
Once the domain has been set up, access to the pinBox from the outside must be possible. To that end, set up a so-called port authorisation. This "connects" the corresponding ports with the IP address of the pinBox. Please ensure that ports 80 and 443 remain available for setup should you wish to use the free certificate system "Let's Encrypt". If, conversely, you intend to use your own certificates, only port 443 is required. Example:
pinBox
5 Configuring encryption
Access to pinBox should definitely be done via an encrypted connection. PinBox supports its own certificate as well as the free certificate system "Let's Encrypt".
5.1 Let's Encrypt
The free certificate system "Let's Encrypt" provides free certificates. In order to use Let's Encrypt, pinBox must be accessible via a domain such as pinBox.pintexx.com. Only in this situation will the installation be authorised. Furthermore, ports 80 and 443 must be accessible over the Internet to allow installation and updates. Finally, the option "Allow Internet access" in the menu "System" must be enabled. If these conditions are met, you may install a Let's Encrypt certificate.
1) Access pinBox via the domain e.g., pinbox.mydomain.co.uk 2) Log in to the pinBox
pinBox
3) Go to tab "SSL"
4) Press on Install "Let's Encrypt" 5) Provide your email address. This serves informational purposes alone, e.g., when the certificate
has expired. 6) Wait until Status shows: Installed 7) Log out 8) Access pinBox at https://pinbox.mydomain.co.uk.
From now on, all traffic to and from pinBox will be encrypted. Warning: The certificate is automatically prolonged. For this the ports 80 and 443 have to be available.
5.2 Own certificate
A separate certificate should be available in P12 or PFX format. This file must be selected via "Browse". The certificate password must also be specified. Afterwards, you may activate the certificate with "Install certificate". Once the certificate is successfully installed, the pinBox can be accessed at https://pinbox.mydomain.co.uk .
pinBox
6 Configuring direct access
Access to a PC is achieved by generating a link. The link is encrypted and can only be decrypted by the pinBox. The link contains NO passwords. The link will then be sent to the respective user. Warning: Please ensure that the link does not fall into the wrong hands! The direct access function generates a link for the user.
pinBox
pinBox
Users access the link through their browser. If a cookie is used, a login dialogue appears on the first access (depending on the setting in "Cookie Duration"):
At this point, users must enter their desktop credentials. If a domain is available, the domain name + "\" + login must be specified. Using this information, the system attempts to connect to the desktop. If the Cookie Duration is > 0, the credentials are stored in a cookie that is valid for the specified time. In this case, no further credentials must be provided for this period. If the Cookie Duration is set 0, you must always log in. If no cookie is used, the Windows login screen appears.
pinBox
The following options are available for link configuration:
Option Description
Use cookie If this option is activated, a so-called cookie is created during the first execution of the access link that stores the login and password information. This enables the options "cookie duration" and "cookie reset link". If no cookie is used, a login on the target computer is ALWAYS necessary.
Cookie duration Determines the duration of the cookie storing the credentials. If the duration is set to 0, you must always log in.
Cookie Reset Link Users can access this link to delete the cookie from their computer
RDP Host/IP The address of the desktop to be accessed. This can be specified as an IP address or a host name.
Load Balance Info If a terminal server with load balancing is used, enter the load balance information here. This has the following format: tsv://MS Terminal Services Plugin.1.<Name of collection>
Languages Setting for the message display language
Keyboard Keyboard layout setting
Upload/Download Enables/disables the upload/download function via the toolbar
Clipboard Enables/disables access to the clipboard
Print This option is available only when printing is enabled in the Print menu. Enables/disables the print function.
Sound Enables/disables the sound function.
WakeOnLAN If this function is enabled, the MAC address of the destination computer must be entered. Then pinBox can automatically start the target computer before establishing a connection. The WakeOnLAN function must be activated in the BIOS of the target computer.
Display the Toolbar Once the desktop connection has been established, the toolbar can be displayed by moving the mouse to the top.
Mobile keyboard The toolbar displays an icon for displaying an on-screen keyboard.
Min. Width Sets the minimum width of the desktop on mobile devices. This allows increasing the display width.
Min. Height Sets the minimum height of the desktop on mobile devices. This allows increasing the display height.
pinBox
Colours Sets the colour depth in bits
RDP Background Optimizes the background display
RDP Topics Optimizes the topic display
RDP character smoothing Optimizes the display of text characters
RDP window content If a window is moved, the entire window content moves
RDP window animation Allows window animation
RDP desktop design The desktop design represents the user interface elements of Windows Aero, such as Windows Vista. For example, transparent windows are available for Remote Desktop sessions
pinBox
6.1 Target computer
The target computer is the PC or VM to be accessed from outside.
6.1.1 Determine IP address
The unique identifier in the network is the so-called IP address. This is entered in the "RDP IP/Host" field in the "Direct access" menu. The IP address can be determined as follows:
- Run the command prompt on the target computer - Run the ipconfig command
The IP address consists of 4 individual numbers, separated by a dot. In the example: "192.168.1.30".
6.1.2 Allowing access to PCs
This access must be allowed for pinBox to access PCs. To do so, go to the "System and Security" section of the Control Panel and click on "Allow remote access".
pinBox
Then, click on the option "Allow connection of computers on which ..." for Windows 7. For Windows 10 "Allow remote connection to this computer".
Confirm with "OK". This allows remote access to the PC and the access link can now be generated.
pinBox
6.2 Link generation
Click on "Generate link" to display the corresponding link.
The link can be copied to the clipboard or opened directly.
6.3 Two-Factor Authentication
6.3.1 By Email
If two-factor authentication via email has been configured in the "Two-Factor" menu, an email address must be specified when configuring the link.
A numeric code is sent to this email address, which must be entered before the connection is established. Correct notification settings are required to use 2FA by Email
6.3.2 Via Google Authenticator
If two-factor authentication via Google Authenticator has been configured in the "Two-Factor" menu, the login and domain (optional) information must be provided when configuring the link.
pinBox
In addition the option „Use cookie“ has to be activated with Cookie Duration = 0. If the link is generated, a link to the QR code and the code itself will also be generated.
The QR code link should be sent to the user who then executes it in the browser.
The code can then be scanned using the Google Authenticator app. After opening link the Windows login ad password have to be entered. In the following dialog the code from Google Authenticator has to be entered.
pinBox
7 Two-Factor Authentication
Two-factor authentication provides another security level. Further to logging in using login and password, users must specify another number that is known only to them. Whilst not strictly necessary, its use is highly recommended. You can choose from "Email" and "Google Authenticator".
7.1 Email
If the user chooses "Email", a corresponding code word is sent to their email address. This code must be entered before the connection is established.
7.2 Google Authenticator
If the user chooses "Google Authenticator", the Google Authenticator app must first be installed on the user's smartphone. The URL of the QR code or the code is displayed directly when creating the direct access link. This QR code must be scanned by the user through the Google Authenticator app. The app then generates a code that must be entered before the connection is established. Warning: The time of the smartphone and the time of the pinBox system must be roughly the same.
pinBox
8 Active Directory
If an Active Directory is used, it is possible to perform a logon data verification before the connection is established.
The AD domain can be specified If pinBox is part of the domain. Otherwise, the IP address should be used. Using this feature is recommended when an AD is available because it provides an extra security layer.
pinBox
9 Notification
The "Notifications" section allows setting up parameters for email submission. The notification function is required if you use two-factor authentication via email.
These are required for general system information and when using two-factor authentication via email.
pinBox
10 System
The system area allows various actions and settings.
10.1 Display language
The display language can be set to "German" or "English".
10.2 Access via internet
Access via the Internet can be allowed. This option should be enabled as long as the system is configured. Internet access should be switched off when the configuration is completed. At that point, only access via the local network is possible.
10.3 System logging
System logging can be activated and the system log displayed as required. This is needed for any support cases.
pinBox
10.4 Static IP Address
The system is configured from the start so that the IP address is received from a DHCP server. Alternatively, you may set up a static IP address. If this is entered in the "Static IP address" field, then further values can be set for Gateway and DNS. The "Set" option carries out the data transfer. The "Switch off" option switches back to DHCP.
10.5 Restart
The "Restart" option restarts the system.
pinBox
11 Print
This function requires additional software. This can be automatically installed by activating the "Print" box. License conditions are recognized upon activation.
pinBox
12 Licensing
The pinBox is licensed using the so-called "concurrent users" metric, i.e. a 2-user license allows two users to access a PC simultaneously. The pinBox is either already delivered with a valid license or the license key is pending installation. If the license information contains "Evaluation", then a license key is required. Otherwise "Release" should be displayed. If a license file must be installed, you will receive the license file upon purchase. Select it by clicking "Browse" and press "Install". This will install the license on the system and reboot the system. License information about the validity of the license will be displayed afterwards.
pinBox
13 Change password
You can change the access password on the "Change Password" page. The password has a minimum length of 8 characters and should contain a capital letter, a lowercase letter, and a number.
pinBox
14 Info
The info area provides information about the version status as well as a link to additional information on our home page.
pinBox
15 Log out
You can log out from the admin tool via the "Logout function".
pinBox
16 Using pinBox
When using the pinBox to access a PC over the internet, you should observe the following advice:
- ALWAYS use encrypted access to the pinBox. If not, your credentials (login, password) will be transmitted unencrypted and can be spied on by hackers!
- Use a two-factor authentication This gives you another level of security and therefore increased security!
- Switch off external access to the admin area Disabling the "Allow Internet access" option in the "System menu" prohibits access to the admin area via the Internet. You can still access the local network.
pinBox
17 Technical Data
Option Description
Dimensions: 105mm * 75mm * 35mm
Operating voltage: 230V, 50Hz A / C
Operating temperature: 0 - +40 degrees Celsius
Active power (max): 3.7 W
Active Power (average): 2.4 W
Weight: 100g
Network connection: Via RJ45 socket
pinBox
18 Miscellanea
18.1 System requirements
For correct operation, the pinBox requires a connection to a network, usually to the Internet. This is done by connecting to a network router, hub or switch.
18.2 Copy protection
The pinBox has copy protection on the SD Card. Therefore, to check the correct version, it will run read-only access to Pintexx servers.
18.3 Legal information
It is forbidden to make a copy of the enclosed SD Card. CE- Declaration of Conformity Pintexx GmbH hereby declares that the device complies with the essential requirements of EU directives. The full CE Declaration of Conformity can be found at https://www.pintexx.com/ce
18.4 Disposal
The pinBox, the power adaptor and the cable must not be disposed of with household waste in accordance with the German Electrical and Electronic Equipment Act (ElektroG). Please contact your local authority regarding disposal.