VPN
BLACKbox hardware device can also serve as a VPN server over various protocols that are:
- P2P
- L2TP with pre-shared key
- L2TP with certificate
Port and static IP of the ISP router needs to be forwarded to BLACKbox for a secure connection.
No, BLACKbox is not an internet load-balancing device and hence cannot support multiple VPNs currently.
If there are multiple Internet connectivity over which a VPN connection needs to be established, a router with a round-robin configuration will be required. This router can then forward the VPN port from multiple static IPs to the LAN IP of BLACKbox in the network.
However, multiple VPN support would be provided in the next version of BLACKbox.
The bandwidth requirement for a VPN connection is totally based on usage. The size of the bandwidth at the hub location, spoke location, and remote user’s end will depend on the average file size accessed by the users, the number of users at each spoke location, types of software being used, and the type of client-server applications being accessed over VPN.
A leased line on the host side (hub location where BLACKbox is hosted) and broadband with static IP on spoke locations is recommended for a multiple office locations use case. MPLS between the hub and spoke will give the best results.
For single hub and remote users (Work From Home) use case, leased line on the host side and stable 4G connectivity on remote user’s end is recommended.
VPN is a hardware-specific feature of BLACKbox. Hence, the following products of BLACKbox are equipped with VPN functionality:
- BLACKbox Prime T
- Turbo T
- Twin Prime T
- Twin Turbo T
DHSS, BLACKbox AAA, BLACKbox Duo, and DCDR solutions do not come with the VPN functionality.
Yes, BLACKbox uses open SSL for VPN connectivity. The user also has an option to integrate their own enterprise digital certificate to create an SSL tunnel.
Yes, it is possible to use a third-party VPN. It is not necessary to use the BLACKbox VPN. Any VPN router or firewall with VPN capability can be configured to access BLACKbox data or AAA from outside the office network.
Yes, suppose it is intended to use a single BLACKbox for multiple locations by hosting BLACKbox at one location and making it accessible from other locations. In that case, static IP is required at each location wherefrom multiple users require to access BLACKbox hosted at the central location.
It will create an IPSEC tunnel, which will provide essential data security.
It can be done by having MPLS or P2P, or Internet Bandwidth with Static IP at each location. The ISP router or firewall at the central location should be configured to accept connections on specific ports from the trusted locations’ static IPs and should be forwarded to BLACKbox. This is how IPSEC can be used to connect BLACKbox with multiple locations.
Every firewall or ISP router has a port forwarding function. It is required to forward a list of ports which will accept connection from outside and forward the request to the BLACKbox IP address assigned in LAN. This is how NAT can be configured for BLACKbox.
As far as the hardware is concerned, BLACKbox should be placed at a safe location. For data security, BLACKbox is accessible only on a VPN from outside the office network (LAN).
One drive is accessible on the internet. If the computer is connected to the internet, one drive will be connected. But, this will lead to the possibility of data leakage. BLACKbox folders will serve as a private cloud.
Please check if there is an actual need for the user to connect to one drive, as it will compromise the objective of data leakage prevention.
If forced centralization is applied, all the files will reside on BLACKbox.
Specific ports related to VPN should be opened in the firewall and should be forwarded to BLACKbox.
In case of VPN failure, the SMB port can be opened to allow access. However, this is not recommended due to security concerns.
You can configure VPN to allow or disallow local internet. If you choose to disallow local internet, local internet will not work.
No.
There are two options:
- If you have restricted browser-based access to remote users through VPN, only those who have got a VPN client installed can access the application over the browser.
- If you have not provided a VPN, anybody who has a user name and password can access the application over the browser.
So if you want to restrict the usage of your application on certain devices, you should install a VPN on those specific devices only, and the user should not know the password of the VPN so that the user cannot configure that VPN on any other device.
Installing an agent to access data from a private cloud is compulsory. If you want to access data without installing the agent, you need to subscribe to the BLACKbox AAA license for the required number of users through which you can access the data over an internet browser.
If BLACKbox is installed on-premise and you want to access it remotely, you need static IP. You do not need a static IP for the BLACKbox OneCloud subscription.
Yes