Captools/net Documentation

Remote Desktop Access

Remote Desktop Access

Previous topic Next topic  

Remote Desktop Access

Previous topic Next topic  

Both the Captools/net Desktop and browser based applications can access your Captools/net server on a local area network simply by specifying the server's network name on the login dialog, e.g.:

 

RemoteAccess01

 

 

Accessing your Captools/net server from outside the local area network requires that you know your server's external Internet Protocol (IP) address, e.g.:

 

RemoteAccess02

 

 

Alternatively, if a domain name has been mapped to your server's IP address, you simply need to use that domain name for the Server http address, e.g:

 

RemoteAccess03

 

 

Depending upon how your domain and subdomain is setup with your domain provider, you may need to prefix your address with "www", e.g. www.captoolsnet.mycompany.com.  See the following topics for an outline on how to establish an externally accessible IP address and mapping a domain name to that address.

 

 

Mapping Server to IP Address

 

Note: The following information pertains to network configuration and affects your network security.  Captools Co. is providing this information for your convenience, but cannot guarantee its accuracy, nor ensure that these settings will provide you with adequate security.  Furthermore, since this is not an area of our expertise, and falls outside the scope of our software since it depends upon hardware and operating system settings outside of our control, we will not provide support on this subject.  We suggest that if you are not able to achieve needed results on your own using this information, that you employ the services of a competent network consultant to set up remote hosting capability for Captools/net.

 

When you first install the server machine that hosts Captools/net and connect it to your local area network, it will not be accessible from the internet.  If you want to access your Captools/net remotely, i.e. from a computer not connected to your local area network, you can do so through the following steps:

 

1) Obtain a static IP address from your Internet Service Provider.  Often, if you have a commercial ISP subscription, you will be eligible for a static IP address as part of your subscription, but you may have to make a request to have the number assigned.   Once you have that address (a four part number e.g. "216.168.123.45"), it will need to be installed on your internet DSL or cable modem. Refer to you modem documentation or ask your ISP how to do this through the modem configuration dialog (most modems can be configured through your browser).

 

2) Configure the TCP/IP properties on your Server Computer (through Windows Control Panel/Network Connections/Local Area Network/Internet Protocol/Properties) to specify a fixed local network IP address, which should start with "=192", e.g. "192.168.1.99".   This will ensure that the local network address of that computer will not change whenever the network router is rebooted:

 

RemoteAccess05

 

3) Map the local area network IP of your Captools/net server machine to the external IP address that you've configured in step #1.  This can generally be done through an advanced configuration screen on your DSL or cable modem which allows you to specify a "DMZ Host" setting.  Enter the local network IP address of your server computer which you established in step #2 in the DMZ Host field (see topic Remote Access Security below, for information on using firewall port forwarding as a more secure alternative to using a DMZ host).   You now should be able to access your Captools/net server from a remote computer by typing in the static IP address that you obtained in step #1 into the Captools/net desktop log-in, or in the URL field of your browser.

 

4) To use a domain name to access your Captools/net server, you first need to register a domain name with one of the companies that perform that service, such as Network Solutions Inc.  Once you have the domain name, it is best to specify your Captools/net server as a subdomain.  Usually your domain subscription will allow a number of such subdomains at no additional cost.  To implement "captoolsnet" as a subdomain, simply log onto your domain name provider's site (they should have given you a log-in ID and password) and find the configuration page, such as the example below, that permits you to specify a subdomain.  Then specify "captoolsnet" (or whatever you want, subject to URL formatting restrictions) as the subdomain and the external static IP address that you obtained in step #1 as the relevant IP address.  In the following example, where you see "captoolsnet.com" you would see your own domain name e.g. "mycompany.com".

 

RemoteAccess04

 

Multiple Servers - If you already have a webserver connected to your DSL or cable modem, you will need to have a modem or other hardware which supports more than one "DMZ Host" in order to setup your Captools/net server as a second webserver.  Consult your network technologist or modem provider in this situation.

 

 

Remote Access Security

 

Exposing your Captools/net server to the internet in order to allow remote access has the potential to compromise the security of your server and the data it contains.

We therefore strongly suggest that you employ a competent network technologist to help you set up your network, firewall and Captools/net server in a fashion that will ensure data security, as the information provided here is intended only to provide an overview, and is not sufficient to address every configuration and security issue.

 

Firewall Port Forwarding

 

If you are using a hardware firewall, you will need to forward the port 80 and/or port 443 used by Microsoft IIS (used by Captools/net for HTTP and HTTPS communications respectively) to the Captools/net server (rather than implementing DMZ on the firewall) to permit remote access.  If you would like to assign alternative ports to IIS please see the topic Alternative IIS Port Specification.

 

Secure/Encrypted (HTTPS) Connection

 

Although a user is required to supply a user name and password to log into Captools/net using the Captools/net desktop or browser applications, this does not ensure against data being intercepted as it is transmitted over the internet during a remote session.  You can implement HTTPS data transmission with Captools/net by purchasing and installing an SSL Certificate on your server.  Once this is installed, remote users can access it using the Captools/net desktop by using the "Https" option during log-in:

 

 

CTnetDTSecureLogIn

 

Important Note: In October 2010 we started transitioning users from using the IIS to perform Captools Desktop to Server communications to using direct port to port communications.  A side effect of this is that for "remote users", port 443 is no longer used for Captools Desktop to Server communications, rather, port 2112 is used for that.  While the IIS did that communications it handled the security encryption/decryption process.  During the transition the communications over port 2112 will be "in the clear", though in our opinion not without security since data transfer between the Desktop and Server are in a proprietary binary format.  Longer term, we expect that the Desktop/Server communications over port 2112 (or any other port specified) will be again in encrypted format using encrypted components embedded directly into Captools/net.  Captools/net "browser based" functions such as reports and imports will continue to be passed through port 443 for remote users and thus continue to enjoy full 128-bit encryption security.