Tosibox: Remote support via a secure connection

Being able to access your RoboJob system remotely can be tremendously helpful in case you need support with it.Remote access to your system allows RoboJob personnel to make a swift diagnosis of the issue and permits to immediately take the necessary steps to resolve it.All this to guarantee the highest possible uptime of your investment.

RoboJob implements robust, industrial-grade, VPN technology from Tosibox for a secure connection between the network of your RoboJob system and our company’s headquarters.This document gives some more information about this product.

A VPN or Virtual Private Network allows a private, local network to be securely accessed over a larger public network, for example the internet.Greatly simplified a VPN can be seen as a virtual network cable that permits us to access the local RoboJob system’s network as if we were sitting right next to it physically.

The VPN connection between your RoboJob system’s network and our headquarters is fully encrypted and can only be accessed by trusted devices that possess the right credentials.Each Tosibox device is linked to a Tosibox key that is stored securely on RoboJob premises.Without this key it is not possible to make a VPN connection to your system.

It is important to note that the Tosibox device contains a firewall.This firewall protects the RoboJob system from unauthorized access coming from your company network and the greater internet.However it also fulfills a secondary function: it also shields your company network from the RoboJob system’s network.This means that, even with full access rights for the VPN connection to the RoboJob system, it is not possible to access your company network itself.

Most of our clients leave the Tosibox Lock permanently connected.It is however very easy to control remote access to the RoboJob system by simply disconnecting the power from the Tosibox Lock.When remote access needs to be granted, the device can simply be plugged in again.

There are cases in which it isn’t possible to make a direct VPN connection between Tosibox® devices using the UDP protocol.Here it is possible to make a VPN connection using a fallback mechanism using the TCP protocol, with a relay server.This server works like a router that re-routes the encrypted VPN data between the connection end points.However, this method, which does not use UDP ports, has the disadvantage that it will lower performance compared to direct UDP connections.

The first step is physical matching the devices.This can be done by inserting the Tosibox® Key into the USB port of the Tosibox® Lock.When this connections is established the devices exchange certificats and establish a trust relationship.

Now a connection can be established.First the Key and Lock register themselves to the MatchMaker service.After this the Key requests a connection to the Lock.Then the VPN tunnel is Authenticated and the VPN tunnel is created directly between the Tosibox® devices.

These steps have already been performed by RoboJob.

For more information about the working of the Tosibox® technology: https://helpdesk.Tosibox.com/support/solutions/articles/2100033960-how-does-Tosibox-technology-work-

There are 2 ways in which the network can be set up: Lock in gateway mode and Lock in client mode (not used by RoboJob).

RoboJob utilises the Tosibox® Lock 150, the Lock 150 can utilise following means to connect to the internet:

It goes without saying that a wired connection is by far the most robust, we therefore strongly suggest to provide one whenever possible.

We are happy to assist you in commissioning the remote support connection.For clients with a more advanced IT infrastructure some more technical details are included below so that their IT staff can prepare the installation:

The Tosibox can be set up to receive it’s IP settings dynamically over DHCP or can be set up with a fixed IP address manually by our technicians.Please provide the necessary data (address, mask, gateway) during installation.

It is possible that changes to the company firewall are required.Latest Lock and Key software uses the following ports.At least one of the TCP ports need to be open for the devices to work.For best performance, the outgoing UDP ports should not be blocked.

There are multiple ways in which the Tosibox was made to be secure.One of these build-in principles is End-to-End encryption, what this means is that there is a VPN connection established between the installed Tosibox devices, but the data can only be decrypted at a connection end point, meaning at a device.This means that it isn’t possible to decrypt data in between these end points.The Tosibox devices also use two-factor authentication (2FA), this means two things are required to authenticate and get access to the device.The different things needed to get access are: The physical Tosibox® Key and a password.

More information about what makes a Tosibox® secure can be found on the Tosibox website: https://helpdesk.Tosibox.com/support/solutions/articles/2100033957-what-makes-Tosibox-so-secure-

More information can be found on the Tosibox website: https://helpdesk.Tosibox.com/

More information about the Security can be found on this website: https://www.Tosibox.com/support/security-center/