Start a conversation
Note

Tosibox® Lock 150 is an intelligent remote access and networking device that serves as an endpoint for secure remote connections.Devices connected to the Lock are securely accessed over the Internet through an encrypted VPN connection.


1. Description

1.1. Hardware definitions

1.1.1. Tosibox Lock

The Tosibox Lock is used for controlling other devices remotely over the internet via VPN connection.

devices tosibox
Figure 1. Tosibox Lock

1.1.2. Tosibox Key

The Tosibox Key is used to establish a secure connection to the Tosibox Lock.

devices tosibox key
Figure 2. Tosibox Key

1.2. Remote Access via Tosibox VPN connection

Being able to access your RoboJob system remotely can be tremendously helpful in case you need support with it.Remote access to your system allows RoboJob personnel to make a swift diagnosis of the issue and permits to immediately take the necessary steps to resolve it.All this to guarantee the highest possible uptime of your investment.

RoboJob implements robust, industrial-grade, VPN technology from Tosibox for a secure connection between the network of your RoboJob system and our company’s headquarters.This document gives some more information about this product.

1.3. VPN connections

A VPN or Virtual Private Network allows a private, local network to be securely accessed over a larger public network, for example the internet.Greatly simplified a VPN can be seen as a virtual network cable that permits us to access the local RoboJob system’s network as if we were sitting right next to it physically.

The VPN connection between your RoboJob system’s network and our headquarters is fully encrypted and can only be accessed by trusted devices that possess the right credentials.Each Tosibox device is linked to a Tosibox key that is stored securely on RoboJob premises.Without this key it is not possible to make a VPN connection to your system.

It is important to note that the Tosibox device contains a firewall.This firewall protects the RoboJob system from unauthorized access coming from your company network and the greater internet.However it also fulfills a secondary function: it also shields your company network from the RoboJob system’s network.This means that, even with full access rights for the VPN connection to the RoboJob system, it is not possible to access your company network itself.

Most of our clients leave the Tosibox Lock permanently connected.It is however very easy to control remote access to the RoboJob system by simply disconnecting the power from the Tosibox Lock.When remote access needs to be granted, the device can simply be plugged in again.

There are cases in which it isn’t possible to make a direct VPN connection between Tosibox® devices using the UDP protocol.Here it is possible to make a VPN connection using a fallback mechanism using the TCP protocol, with a relay server.This server works like a router that re-routes the encrypted VPN data between the connection end points.However, this method, which does not use UDP ports, has the disadvantage that it will lower performance compared to direct UDP connections.

devices tosibox topology
Figure 3. Tosibox Topology

1.4. Working of the Tosibox technology

The first step is physical matching the devices.This can be done by inserting the Tosibox® Key into the USB port of the Tosibox® Lock.When this connections is established the devices exchange certificats and establish a trust relationship.

tosibox connection lockAndKey
Figure 4. Connection Lock and Key

Now a connection can be established.First the Key and Lock register themselves to the MatchMaker service.After this the Key requests a connection to the Lock.Then the VPN tunnel is Authenticated and the VPN tunnel is created directly between the Tosibox® devices.

tosibox connection pcAndKey
Figure 5. Connection pc and Key

These steps have already been performed by RoboJob.

For more information about the working of the Tosibox® technology: https://helpdesk.Tosibox.com/support/solutions/articles/2100033960-how-does-Tosibox-technology-work-

1.5. Different ways to set up the network

There are 2 ways in which the network can be set up: Lock in gateway mode and Lock in client mode (not used by RoboJob).

  • The default mode puts the Lock in gateway mode.In this mode remote users can only access devices in the Lock’s own protected LAN network.Access to the company network is not allowed for remote users in the Gateway mode.RoboJob uses this mode to access the RoboJob installations without having access to the whole company network.

1.6. Technical Details

RoboJob utilises the Tosibox® Lock 150, the Lock 150 can utilise following means to connect to the internet:

  • Ethernet 10/100 Mbit/s, auto-negotiation

  • WLAN

  • 4G USB modem (sold separately)

It goes without saying that a wired connection is by far the most robust, we therefore strongly suggest to provide one whenever possible.

We are happy to assist you in commissioning the remote support connection.For clients with a more advanced IT infrastructure some more technical details are included below so that their IT staff can prepare the installation:

The Tosibox can be set up to receive it’s IP settings dynamically over DHCP or can be set up with a fixed IP address manually by our technicians.Please provide the necessary data (address, mask, gateway) during installation.

It is possible that changes to the company firewall are required.Latest Lock and Key software uses the following ports.At least one of the TCP ports need to be open for the devices to work.For best performance, the outgoing UDP ports should not be blocked.

  • Outgoing TCP ports: 80, 443, 8000, 29000, 57051

  • Outgoing UDP ports: random, 1-65535

1.7. Security features

There are multiple ways in which the Tosibox was made to be secure.One of these build-in principles is End-to-End encryption, what this means is that there is a VPN connection established between the installed Tosibox devices, but the data can only be decrypted at a connection end point, meaning at a device.This means that it isn’t possible to decrypt data in between these end points.The Tosibox devices also use two-factor authentication (2FA), this means two things are required to authenticate and get access to the device.The different things needed to get access are: The physical Tosibox® Key and a password.

More information about what makes a Tosibox® secure can be found on the Tosibox website: https://helpdesk.Tosibox.com/support/solutions/articles/2100033957-what-makes-Tosibox-so-secure-

1.8. More information

More information can be found on the Tosibox website: https://helpdesk.Tosibox.com/

More information about the Security can be found on this website: https://www.Tosibox.com/support/security-center/

2. How to get further help

Do not hesitate to contact us when you need additional support beyond the documents provided in the RoboJob Service Knowledge Base.

You may contact the RoboJob Service department using following means:

We kindly ask you to provide us the following information:

  • Serial number xx-xx-xxx

  • Description of the fault or defective part

  • Exact error code or message

  • What did the robot do

  • What was the robot supposed to do

  • Pictures or videos

You can send this information to us via email.To send large files you may make use of a file transfer service like WeTransfer: robojob.wetransfer.com.

An automatic confirmation will be sent upon receipt of your mail.

Choose files or drag and drop files
Was this article helpful?
Yes
No