FAQs

NetCloud Engine

Summary

This article describes what a NetCloud Engine network is. This also shows how to configure and use multiple networks on your NetCloud Engine account.

A NetCloud Engine network is a secured logical container that allows you to group remote computers to be able to communicate as if they were on the same local network. When you first create an account with NetCloud Engine, your first network is named and created. All devices that you add at that point will be added to your new network. This includes new users you added or invitees (if the invitee is a new account).

Setting up multiple NetCloud Engine networks can be very helpful in controlling who has access to particular devices, as well as to help in managing the local networks.


Configuration

Configuration Difficulty: Beginner

Creating multiple networks

NetCloud Engine allows you to create as many networks for one account as you wish. Each network is completely separate, so when you switch a device from one network to another, it will no longer be able to communicate remotely to the devices on the previous network. It will still have a membership of the previous network, but will appear offline.

  • Step 1: Log into the web management console.
  • Step 2: At the top right of the page, click the Create a network button.

User-added image

  • Step 3: Give your network a name, then click Create new network.

User-added image

Switching from one network to another

There are two ways you can switch a device from one network to another.

From the web management console:

  • Step 1: Select your network.

User-added image

  • Step 2: Click Manage devices at the top right.

User-added image

  • Step 3: Select the device that needs to be moved.
  • Step 4: In the I want to.. menu at the top of the page, then select Switch Network.

User-added image

  • Step 5: Choose the new network and click Switch network.

From the device itself:

  • Step 1: Click on the NetCloud Engine icon in the system tray, and then select Network.
  • Step 2: Choose the network you want to switch to.

User-added image

Renaming a network

Tip: To rename a different network than the one you’re currently on, switch to it by clicking on the name of the current network next to the search box at the top of the page.

  • Step 1: Select your network.
  • Step 2: Click the stacked three dots at the top right.
  • Step 3: Click the pencil icon next to the Network Name to edit it.
  • Step 4: Enter a new name as necessary.

User-added image

Permalink


Summary

This article describes the operating systems supported by NetCloud Engine.


 

Cradlepoint Routers

All Cradlepoint Routers require firmware version 6.2.0 or later

  • AER Series: AER16x0, AER2100, AER31x0
  • COR Series: IBR350, IBR6x0B, IBR11x0
  • ARC Series: CBA850

 

Windows

  • Windows 7 Editions: Home Premium, Professional, Ultimate, Enterprise
  • Windows 8 Editions: All
  • WIndows 10 Editions: All, except Metro UI
  • Windows Server 2008 Editions: All
  • Windows Server 2008 R2 Editions: All
  • Windows Server 2008 SP2 Editions: All
  • Windows Server 2012 Editions: All

 

Mac

  • Mac OS X version 10.7 (Lion)
  • Mac OS X version 10.8 (Mountain Lion)
  • Mac OS X version 10.9 (Mavericks)
  • Mac OS X version 10.10 (Yosemite)
  • Mac OS X version 10.11 (El Capitan)
  • iOS 7.x and higher with iOSConnect Beta

 

Linux

  • Ubuntu Server 12.04 and 14.04
  • CentOS 6.4 and 6.5

 

Android

  • Android 4.2.x (Jelly Bean Only) and higher
    • Minimum screen density 160 dpi (MDPI) and ARMv7-A (32-bit) architecture

Permalink


Summary

This article describes the reasons NetCloud Engine reserves certain IP address blocks for internal use, and how this affects the network administrator.

The Problem

One of the major headaches in setting up networks across multiple sites is designing the subnets and routes so that none of the addresses overlap. The RFC1918 private address space provides several sub-spaces to work with, but one assumption is that the administrator knows and has control over all of the subnets that will interact with a network. As workers and their devices become more mobile, this challenge becomes even more complicated: more people need VPN access from more diverse locations and cloud computing increases the number of separate subnets that an administrator has to keep track of. With traditional remote access VPNs the administrator must choose an address block for the remote workers and hope that it does not conflict with any LAN environment that the remote worker encounters. If there are conflicts, the administrator must reconfigure the VPN address scheme and try again.

For illustration, imagine a network configured as shown below. In this scenario, there are multiple subnets in each of the three available private subnets, which means that there is no available non-conflicting space. Even after the administrator’s best efforts to design a conflict-free address space, users can still encounter routing conflicts resulting in a support call.

User-added image

NetCloud Engine Solution

NetCloud Engine maintains address blocks that are reserved for use by our service. We then allocate them dynamically, much like DHCP, to devices on customer networks. For example, 50.203.224.0/24, in the diagram above, is a private address that guarantees the VPN address will not conflict with any other corporate network, personal network or public network. This also means that the network administrator never has to think about subnet blocks, address conflicts, or route rules when deploying NetCloud Engine.

These addresses are also re-usable. Since each NetCloud Engine network is securely isolated from every other network, the addresses can be re-used for each network just like private address blocks. This provides scalability as well as anonymity within the network.

Please note: As of the night of 8/26/2015, the NetCloud Engine IPv4 address block is changing from 50.203.224.0/24 to 172.86.160.0/20.

Permalink


Summary

This article lists the outbound ports used by NetCloud Engine.


Ports

For the NetCloud Engine service, the following outbound ports need to be open on your external firewall:

TCP 443

UDP 12201 for system logging

Permalink


Summary

This article documents how to install NetCloud Gateway and add/remove externals.

Install NetCloud Gateway

Note: Firmware version 6.2.0 and later is required to install NetCloud Gateway

Configuration

  • Step 1: The Gateway installation procedure begins with adding the NetCloud Client software to the Gateway device. Log into the NetCloud Engine web console with an admin account.
  • Step 2: Select Devices tab from the left menu, then select the desired Gateway device.
  • Step 3: Select Commands from above menu, then select Add NetCloud Client from the drop down menu.

    User-added image

  • Step 4: Select which LANs to forward, then select Save. Next navigate to NetCloud Engine tab on left menu.

    User-added image

  • Step 5: Under the Devices tab above the new client can be seen in a pending status. The device must be approved before Enabling NetCloud Gateway. Select the device, then select Approve above.

    User-added image

  • Step 6: A confirmation pop up screen will appear, select Approve Device button.

    User-added image

Enable NetCloud Gateway and Add Externals

Note: Please ensure that Active Directory and DNS Servers in your network are running the latest NetCloud Client.

Enable Gateway

  • Step 1: Navigate to the Gateway tab above, then select Enable Gateway link for desired device located under Externals column.

    User-added image

  • Step 2: Select Save to the right to Enable Gateway.

    User-added image

Add Externals

Note: Externals cannot have NetCloud Client Installed and must be within the same subnet as LANs advertised on the Gateway.

  • Navigate to Externals link located under Externals column from the Gateway tab above
Adding Individual Devices
  • Step 1: Select Add an External button
    • Three input fields display – Hostname, Custom Name, and External IPv4 Address. THESE FIELDS ARE REQUIRED.

User-added image

  • Step 2: Enter the Host Name of the desired device.
    • WARNING: Please limit the hostname to 15 characters of less with no spaces!
  • Step 3: Enter the Custom Name description of the device.
    • Note: This field cannot contain spaces.
  • Step 4: Enter the External IP Address of the device.
    • *Note: This field is referring to the IP address of the device assigned within the same subnet of the Gateway device.
    • Additional devices can be added by selecting Add an External button multiple times.
  • Step 5: Select Save to the right.

    User-added image

Adding Multiple Devices in CSV Format
  • Multiple devices can be added using a CSV file.
  • NOTE: Device fields in CSV format MUST be in the following order:
    • Hostname
    • Custom Name
    • External IPv4 Address
  • Select Upload CSV button. A file browser will display requesting the CSV file to upload. Select desired CSV format file.

    User-added image

  • WARNING: Please use Chrome or Safari to upload multiple devices in CSV format. There are known issues with Firefox.
  • Select Save to the right.

    User-added image

Whitelist Router Clients
  • Existing clients of the Gateway router can be added by selecting Whitelist Router Clients button.
  • Select desired devices, then select Add clients to gateway button to the right.

    User-added image

  • Select Save to the right.

    User-added image

Disable NetCloud Gateway and Remove Externals

  • Navigate to Externals link located under Externals column from the Gateway tab above
*NOTE* When You Disable a Gateway The Externals will be Orphaned and still visible in the list of devices.
  • Select Disable Gateway button.

    User-added image

  • A confirmation pop up window will appear, select Disable Gateway button.

    User-added image

    • A notification will appear to display that the Gateway has been successfully disabled.

User-added image

Remove Externals
  • Hover over the desired device and an “X” will appear to the right, select that “X” to remove that device as an External.

    User-added image

  • Select Save to the right.

Permalink


Summary

This article documents how to install NetCloud Client software on a Windows device. Additional links provided for installing NetCloud Client software on non-Windows devices.

Installing NetCloud Client – Windows

First Download NetCloud Client software on desired Windows device

Installing NetCloud Client – Other

Permalink


Summary

How to install a Windows device with a Device Authentication Key (no user login).


Configuration

Configuration Difficulty: Intermediate

When you download the Device Authentication Key apikey.pertino, open the file with a text editor (notepad) and copy the key and paste API_KEY value shown below. The Device Authentication Key only works with a fresh install using the MSI installer.

From Windows Command (Run as administrator) use the following syntax:

msiexec /i <path/filename> /quiet API_KEY=

For example:

msiexec /i c:\windows\temp\pertino-440-4473-64.msi /quiet API_KEY=b9f71132-1149-4efc-9e2d-19b116c1111

Note: The latest MSI installer is now available on: http://pertino.com/download

Permalink


Summary

Using a Device Authentication Key to install a Linux NetCloud Client (no user login).


Configuration

Configuration Difficulty: Intermediate

When you download the Device Authentication Key apikey.pertino, you must place the file into the “/tmp/” directory of the linux machine BEFORE you install the NetCloud Client and the file needs to be owned by root and have permissions 600.

When you install NetCloud Client, it will look for this file and use it for authentication to the NetCloud Engine or NetCloud Engine (Formerly Pertino) network. If the Device Authentication file is missing, the client will operate the same as today, awaiting a username/password with the “pauth” command.


Related Articles/Links

Permalink


Summary

SmartZones were created to help NetCloud Engine connected devices always use the optimal network path when communicating with other devices.  Once configured, devices located in the same SmartZone will always use the local network path when communicating with each other.  Devices outside of the SmartZone will use NetCloud Engine to connect.

Since you’ve enabled ADConnect you should configure SmartZones for all networks where local devices plug in.  This way, when your remote users come into the office, their connection will automatically know to use the LAN rather than NetCloud Engine.


Configuration

Configure SmartZones from the web portal

- Log into https://app.pertino.com and choose your network.
- Under "Control", choose "SmartZones", then choose "Add a Smart Zone".
- Name your SmartZone, choose which devices to add and choose "Save".

User-added image

That’s it.  You have successfully created a SmartZone for your environment.

Permalink


Summary

This article describes the functions of the NameStation App and how the app would be used.


Configuration

The NameStation App allows for Alternate Naming with NetCloud Engine DNS (available on select plans):

So, if you had a Resource with the name of SVR_X43.ax4g32.pertino.net — it can be changed in a couple of ways:

  • In the app you can choose a custom subdomain for your network instead of ax4g32. Such as “acmecorp” (Release 270)
  • You can create up to 3 alternate names for the hostname portion, SVR_X43. Such as “corpfiles”or “corpdata” (Release 280)
  • With those applied, this Resource can be reached via NetCloud Engine DNS with the following lookups:
 **corpfiles.acmecorp.pertino.net** or **corpdata.acmecorp.pertino.net**

Permalink


Summary

The Secure Internet Access feature allows you to specify that the default route for selected devices will point to the NetCloud Engine network.


Configuration

Configuration Difficulty: Easy
  • Step 1: Navigate to the NETCLOUD ENGINE tab.
  • Step 2: Select one or more devices using the check boxes along the left-hand column.
  • Step 3: Choose Enable from the Full Tunnel action drop-down.

User-added image

The traffic from the devices selected will now traverse the NetCloud Engine private cloud before accessing any applications or the Internet. This is useful for mobile workforces who need to securely access applications from public WiFi hotspots—such as restaurants, train stations, or airports.

Permalink


Summary

This article describes the steps necessary to set up the ADConnect App.


Configuration

This simple app lets you specify which AD Name Servers to use over NetCloud Engine, so that your remote machines know how to reach your domain controllers. In just three steps, you can provide domain access for remote machines, without policy updates, DNS changes, or firewall configuration. Once you apply this change, all the devices on this network will be pushed down the DNS setting on the NetCloud Engine Virtual Interface. (All the PC’s must be running 300 and above to get the DNS setting)

Note: This article will be reformatted after the release of our next NetCloud Engine update

Note: ADConnect will not apply to NetCloud Gateway routers, or the external devices behind them.

Three Step Overview:

  1. Install the NetCloud Engine client on your Domain Controller(s), and your remote machines
  2. Convert the device to a server

    User-added image

  3. Specify your Name Servers, and you’re done. Your remote machines now have full domain access, from anywhere.

    User-added image
    Key features:

  • NetCloud Engine networks are 100% compatible with Active Directory domains and services
  • Extend domain services to members and devices anywhere
  • Domain membership is maintained over time, without the need for periodic domain “check-ins.”

Note: After you enable ADConnect, you will need to setup a SmartZone to ensure optimal routing of local traffic.

Permalink


Summary

The NAC function of NetCloud Engine provides an extra layer of security for administrators looking to control which devices can or cannot join their Network. When enabled, any new devices attempting to join the network must be explicitly allowed by the administrator in order to become a member of the Network.


Configuration

Configuration Difficulty: Beginner
  • Step 1: Log into Cradlepoint NetCloud.

User-added image

  • Step 2: Navigate to the NetCloud Engine tab.

User-added image

  • Step 3: Click on the Settings tab.

User-added image

  • Step 4: Enable NAC by clicking on the status button.

User-added image

  • Step 5: Select the new device from the list.

User-added image

  • Step 6: Approve the new device.

User-added image

  • Note: The status icon will change from this:User-added image to this:User-added image

Permalink


Summary

Now that we’ve built an offsite AD Controller for backup and replication, let’s use ADConnect to extend our Windows domain to remote users. This how-to will show you how to use NetCloud Engine to connect remote users to your AD domain. Your remote computers will be connected to your AD domain just like LAN connected machines. Remote users will be able to perform functions such as receiving Group Policy, reset user passwords, and pass-through authentication to domain services just as if they were connected to your local LAN.



Configuration Difficulty: Intermediate

Download and install NetCloud Engine

Download and install NetCloud Engine on your remote computer by visiting the Download NetCloud Client page.

Configuration

You can add the remote user to your NetCloud Engine network via the NetCloud user interface.

Log into NetCloud and click on ACCOUNTS & USERS.

User-added image

In the ACCOUNTS & USERS page click add User-added image button.

  • On the Add Users page fill out the First Name, Last Name, Email column set the Role to ‘User’ and press Save.

User-added image

  • Select NetCloud Engine Permissions tab and confirm the new users role

User-added image

Verify your Network

Once NetCloud Engine is successfully installed on the remote computer, confirm that it is online and connected to the correct network.

  • Click NetCloud Engine tab

User-added image

  • Review devices assigned to the user.

User-added image

Reboot

The next time the user reboots, the user will be connected to your AD domain and will log on directly to the server. They will now get group policy, pass-through auth to all your domain resources, and password reset prompts. All client side functions (like password reset) will sync to the AD Controller.

That’s it. You have successfully configured AD Connect and used it to manage remote users.

Permalink


Summary

This article provides a workaround to the issue of host name resolution not functioning correctly.


Issue

You try to access a remote computer listed in the NetCloud Engine Connect workgroup and get the error message “Windows cannot access \Computer Name”. However, you can ping the remote computer’s IPv6 address successfully.

In this situation, it is possible LLMNR (IPv6 name resolution) is not able to respond because DNS is responding first, or LLMNR is turned off or being blocked.


Workaround

To workaround this issue you can edit the hosts file by adding the IPv6 address and hostname of the remote machine.

  • Check what IPv6 address is assigned to the host:
    • In windows command prompt type ipconfig and look for the IPv6 address under the Ethernet adapter NetCloud Engine Connection.
  • From Notepad (Run As Administrator), select File and then Open.
  • Navigate to the C:\Windows\System32\drivers\etc\hosts file.
    • Make sure to select All Files (.) to show the file called hosts.
  • Add the IPv6 address then the name of the machine at the bottom of the page. Select File, then Save.

Permalink


Summary

This article describes the most frequently asked questions regarding Device Authentication


FAQ

  • What is Device Authentication?

    Device Authentication (Device Auth) lets devices with the NetCloud Engine Linux client join your network without requiring a username and password.

  • How does it work?

    With Device Auth, you generate a key, similar to a license file, which a device uses to authenticate to your network.

  • What are some use cases for Device Auth?
    1. Device authenticated servers are not impacted by password changes, so you can use this authentication to prevent the loss of connectivity that occurs when traditional passwords are changed.
    2. Today, every device requires a username/password to connect to NetCloud Engine. If you do not want to invite your individual end users to the network or have them create accounts, you can install NetCloud Engine with Device Auth on each end user’s machine.
    3. With Device Auth, you can securely script and spin up servers. For example, debian shows cli commands in clear text. If you use Device Auth, you do not need to transmit or show your password.
  • How do I generate the key?

    You can navigate to the key generation page by selecting the three dot settings icon at the top right.

    User-added image

    This will take you to the network settings page. Now select the “Generate Authentication Key”.

    User-added image

    This will create a new key, revoking the old key, and prompt you to download a file called “apikey.pertino”

  • Why is it called “Device Authentication Key”?

    Device Authentication Key is a term used for a token that identifies and authenticates devices when accessing a system. What is an API key?

  • What happens to the key after the client uses it to authenticate?

    The key file that the client uses to join the network is deleted from the client machine once it is successfully joined.

  • How long is the key valid?

    The key is valid until you revoke and generate a new key. This means that you can have multiple clients use the same key to join your network.

  • What if someone shared the key with family members and I want to revoke the key?

    You can revoke the key by generating a new key (only one key is valid at a time). By revoking the key, no clients can authenticate with that key after it is revoked.

  • What if someone used the key and I no longer want them on my network?

    You can remove a device by selecting Re-Authenticate in the Device’s “I want to” dropdown.

    User-added image

    NOTE: Re-Authenticate will remove the device from all NetCloud Engine networks. It will also delete the authentication token. This means the device will be unable to join any network unless a username/password or valid API key is entered on the client side.

  • What happens to clients that have authenticate with key, which I have just revoked?

    Clients that have successfully authenticated are not affected by a revoked key and remain connected to the network. (They have exchanged the key for an authentication token and already deleted the key). Only clients that have not successfully authenticated who attempt to use the revoked key will be unable to join the network.

  • If I have multiple networks, which network does the device join by default?

    When you generate a key, the devices that use that key will join the network that is “active” or selected in the top left of the Admin Portal.

  • Can I move the device to another network?

    Yes. In the Admin Portal, you can use the “Switch Network” option to move that device to another network.

    Note: Unlike user-authenticated devices, you will not be able to change the network from within the client. There will be no networks listed in the client tray, and changes will need to occur within the admin portal.

  • Can I generate multiple keys on multiple networks?

    While you cannot have MORE than 1 key PER network, you can have a key for each network you own. For example, if you have an “Engineering Network” and a “Sales Network,” you can generate a key for each network and then provide the corresponding key to the sales or engineering teams, respectively.

Permalink


Summary

This article describes the steps necessary to uninstall the NetCloud Engine client from various operating systems


 

Configuration

Configuration Difficulty: Basic
Windows

To uninstall NetCloud Engine on a Windows machine, go to the Windows Start button on the bottom corner of your screen and type in the search box “Program and Features”. Next, select “Program and Features” and in the list of programs, select NetCloud Engine Connect and then uninstall.

Mac

To uninstall NetCloud Engine on a Mac, please use the following steps:

  • Step 1: Click on Finder to get the menu bar
  • Step 2: Select Go in the menu bar

User-added image

  • Step 3: Select Go to Folder…

User-added image

  • Step 4: Enter “/Library/Application Support/Pertino” and select Go button
  • Step 5: Double-click on NetCloud Engine Uninstaller.app to run the uninstaller
  • Step 6: Once it is uninstalled, you will see the following message:

User-added image

Linux Client

To uninstall the Linux client, see the following instructions:

Centos
rpm -qa | grep -i pertino

rpm -e <enter pertino-connect-xxx name returned in the query>
Ubuntu
sudo dpkg -r pertino-client

Note: After you uninstall Pertino, make sure you go to the DeviceView page on Web Management Console (app.pertino.com) and delete the device as well. If you own the device, select Deactivate Device instead of Delete from Network.

Permalink


Summary

This article describes the steps to restart the NetCloud Engine Client service on Windows, MAC, and Linux operating systems.


Configuration

Configuration Difficulty: Easy

Windows PC:

  • Step 1: Open a Command Prompt.
  • Step 2: Enter the command net stop pgateway to stop the service.
  • Step 3: Enter the command net start pgateway to restart the service.

MAC:

  • Step 1: Open a Terminal window.
  • Step 2: Enter the command sudo pkill pGateway to restart the service.

Linux:

  • Step 1: Open a Shell window.
  • Step 2: Enter the command sudo service pgateway restart to restart the service.

Permalink


Summary

This article describes how to properly install NetCloud Engine in a mixed NetCloud Engine/non-NetCloud Engine environment.

If you install NetCloud Engine on your AD/DNS server which serves both computers running NetCloud Engine as well as computers not running NetCloud Engine, you could experience connectivity issues as non-NetCloud Engine machines that are trying to resolve the AD servers computer name could get the NetCloud Engine IP which is only routable through the NetCloud Engine tunnel.


Solution

Enable ADConnect

When you enable ADConnect, we install a filter driver which prevents DNS response of NetCloud Engine IP’s to non-NetCloud Engine installed devices.


Workaround

Schedule a DNS IP removal periodically

You can schedule a DNS entry removal so non-NetCloud Engine devices are not getting NetCloud Engine returned IP’s.

See the following example:

Create a batch file:

    C:\Windows\System32\dnscleanup.bat

    REM dnscleanup.bat
    REM dnscmd /RecordDelete <domain name> <AD Server name> <Record Type> <NetCloud Engine IPv4 Address> /f
    dnscmd /RecordDelete pertinotest.local David-2012-ad A 50.203.224.15 /f

Next, create a schedule to run every 5 mins:

    C:\Windows\System32>schtasks.exe /create /SC MINUTE /mo 5 /TN DNSREMOVE /TR c:\windows\system32\dnscleanup.bat

Basically this script will run ever 5 mins and checks for the computer name in the domain and looks for the specific IPv4 address to remove.

Permalink


Summary

This article describes the steps necessary to move a device currently in one NetCloud Engine network to a different NetCloud Engine network.


Configuration

Configuration Difficulty: Beginner
  • Step 1: Select the “I Want To” button at the top right of the screen and then select the “Invite a Person” option from the popup menu.
User-added image
  • Step 1b: Add/invite a user that already has a NetCloud Engine network by putting in their name and email address.
User-added image
  • Step 2: Once you invite the user, they will receive an email and popup message on the NetCloud Engine Management console (app.pertino.com) to accept.
  • Step 3: Once the user accepts the invite, they would then be able to list the network they were invited from either the NetCloud Engine tray icon or the management interface by selecting the device in DeviceView and then select the option to Switch Networks.
User-added image
  • Step 3b: Select the current network at the top right of the Management console and select the network you want to switch to from the menu.                     User-added image

 

User-added image

Permalink


Summary

How to resolve workgroup or DNS access for devices on the Pertino network when utilizing a service such as OpenDNS.


Solution

If you have OpenDNS set as your DNS server, you may experience connectivity issues to the NetCloud Engine network since by default a feature called typo correction will automatically respond to host names even if they are not actually setup in DNS. To confirm OpenDNS is responding incorrectly, ping one of the host names listed in the NetCloud Engine network. If you get a public IPv4 response (hit-nxdomain.opendns.com IP address) that is not the actually local IPv4 or IPv6 address, then “typo correction” is turned on.

Note: You can even use names that are not real and it will respond with a public IP address.

To resolve this issue, un-check the “typo correction” box on the OpenDNS Dashboard.

https://www.opendns.com/dashboard/settings/0/advanced/

If you are not using openDNS (quick test is to use a public DNS server 8.8.8.8) but you see the same behavior with the ping test, it is possible you have configured DNS suffix on the machine and is appending the .mydomain.com to the name of the host. Normally it would fail but if the your DNS record is configured with a wildcard *.mydomain.com, it will respond to any requests that it appended to.

The best workaround to resolve this problem is to remove the DNS suffix or change the DNS record to not use a wildcard option.

To remove the DNS suffix on your Windows machine:

  1. Select the Windows start button
  2. Right click on Computer and select Properties
  3. Under Computer name, domain, and workgroup settings select Change settings
  4. Select Change in the Computer Name tab
  5. Select More… and remove the Primary DNS suffix

After you select Ok, it will require you to reboot the machine.

Permalink


Summary

This article explains what a resource is on a NetCloud Engine network, as well as how to configure a device as a resource.

What is a Resource?

A Resource is a device or service that is accessed by all the users on a network. Think of a resource as something owned by the network or business, rather than being owned by someone. The most common example of a Resource is a file server hosting network shares. It is generally connected and available 24×7, and although the network administrator usually “owns” this Resource, it is not the administrator’s personal computer.

Notable differences from other devices:

  • Resources will automatically upgrade to the latest version of NetCloud Engine software when it is available. Non-resource devices typically do this only when their user initiates the update.
  • A Resource is not associated with any person for the purposes of “online” status, so the Resource has its own status icon to show whether it is available. In comparison, an ordinary device (say, a laptop or desktop computer) is associated with a person, so when it is connected, its owner also appears “online” in the Web Management Console.

Note: Linux clients are automatically defined as resources.


Configuration

Configuration Difficulty: Intermediate

User-added image

  • Step 3: Click Manage devices at the top right.

User-added image

  • Step 4: Place a check next to the server to select it, then in the “I want to…” menu at the top of the page, choose Convert.

User-added image

  • Step 5: Click Convert # Device(s).

The icon for this server in the device list will change, indicating it is now a Resource.

Permalink


Summary

This guide introduces NetCloud Engine SmartZones and discusses how to configure and use them.

Note: For SmartZones to work, client version 430 or above is required.


Introduction

What is a SmartZone?
A SmartZone enables a client on a NetCloud Engine network to achieve optimal traffic paths through a local network if a local network is available. In other words, SmartZones are designed for remote users who occasionally come into central or branch offices from time to time and don’t want network traffic to traverse the NetCloud Engine network when there is a local—and possibly better performing—network.

How it works
This feature ensures that if two devices are in the same SmartZone, NetCloud Engine-based addresses and name resolution information will not be injected into the NetCloud Engine network. The effect of creating a SmartZone is that a user achieves local connectivity.

For example, imagine an office with two networks: a wired network and a wireless network. A common default router serves these two different subnets and a server is located on the wired network. A user, who is typically a remote employee but who comes into the office, wants access to the server on the wired network but is only configured for wireless access. By creating a SmartZone with that server, the user will not see the NetCloud Engine address/name that they see when they are remote, but instead will resolve the host locally through the local default router. The user can then access the server on the wired network using the wireless network.

Remote Users
SmartZones are primarily used for remote workers who are typically connected via DSL or a cable modem from a wireless network, but who travel to central or branch offices. Once at the central or branch office, they want access to local resources without their traffic going through the NetCloud Engine network.

Branch offices, remote data centers
A similar scenario is where a user works at a branch office or remote data center and typically accesses resources at the remote location. However, they are required to come to central offices from time to time and don’t want their traffic traversing the NetCloud Engine network since there is a fast, local option.


Configuration

Configuration Difficulty: Intermediate

Note: Only network administrators can configure SmartZones.
Note: Once a SmartZone is added and saved, clients will be provisioned with their SmartZone membership immediately.

  • Step 1: Log into the NetCloud Engine portal and select a network by clicking its name.

User-added image

  • Step 2: Click the Settings icon at the top left of the screen, then choose SmartZones in the drop-down.

User-added image

User-added image

  • Step 3: Click the Add a Smart Zone button.

User-added image

  • Step 4: Name the new SmartZone.
  • Step 5: Select devices to add to this SmartZone by clicking the checkboxes to the left of each device.
    • Note: Devices are shown in the list based on their membership by subnet.
  • Step 6: Click the Save button at the top right to create the new SmartZone.

User-added image

Once the SmartZone is created, devices within it will use local traffic patterns and optimal name resolution for local network access.

User-added image


Editing SmartZones

To edit a SmartZone, click on it in the SmartZone list.

User-added image

Adjust the SmartZone name or device membership as necessary, and then click Save to update those settings.

User-added image

Deleting SmartZones

To delete a SmartZone, click on it in the SmartZone list.

User-added image

Scroll to the bottom of the device list and click Delete SmartZone.

User-added image

In the confirmation dialog, choose Delete SmartZone again.

User-added image


Troubleshooting

ADConnect Environments

If you are using the ADConnect app, DNS responses from ADConnect-enabled DNS servers are filtered so that only non-NetCloud Engine addresses are received when two devices are in the same SmartZone. Likewise, if they are in different zones, only the NetCloud Engine addresses are received.

NameStation Environments

NameStation is not affected by SmartZones.

MAC Address Implications

Any device that clones or duplicates MAC addresses for a router (either virtual or physical) could be problematic for a SmartZone. Traffic may not be directed to the proper resource.

Permalink


Summary

This article has instructions on the procedure to install NetCloud Engine from a Windows command line interface.


Configuration

Configuration Difficulty: Easy
  • Step 1: From the directory where the NetCloud Engine installer is located run the following command:
    • C:\Users\test\Downloads>Pertino.exe /sp- /verysilent /u username:password
  • Step 2: Use the NetCloud Engine account email and password (username:password)

Note: If you are running Windows Hyper-V which has no GUI, you may get an error message regarding the oledlg.dll file. You can get a copy from another Server (same OS family for example 2012 server if your Hyper-V is also running 2012) and place in the c:\windows\system32 & SySWoW64 directory.

Permalink


Summary

This is a tutorial of how to deploy the NetCloud Engine installation to your Microsoft Active Directory Domain using Group Policy.


Configuration

Configuration Difficulty: Easy
  1.  Download NetCloud Engine msi installer here
  2.  Copy the msi to a network share and verify DOMAIN COMPUTERS have READ and EXECUTE file access permissions to the share and file.
  3.  Open Active Directory Group Policy Management
  4.  Select the Organization Unit you want to apply the Group Policy, Right Click and Create a new Group Policy

User-added image

  1.  Right Click your new GP and Edit

User-added image

  1.  Under Computer Configuration/Policies/Software Settings/Software Installation/New and create a new Package

User-added image

  1.  Browse to your network share and select the msi installer file
  2.  In the Deploy Software window, verify that the Assigned Radio button is selected and hit OK

User-added image

  1.  Click Ok and save.

Permalink


Summary

How to resolve connectivity issues with NetCloud Engine Linux Gateway:

With NetCloud Engine Linux Gateway installed, and a registered web server as an “external device” associated with that Gateway.


Configuration

Configuration Difficulty: Intermediate

This scenario is for NetCloud Engine Linux Gateway on CentOS “minimal server”, running on an ESX VM. The CentOS server was a default installation, with no additional software besides the NetCloud Engine Linux Gateway.

The ESX box, in this example, is in a data center behind an L3 switch. L3 switch connected to the site router/firewall, which connects to the Internet. A web server is also connected to the L3 switch.

A static rule is applied to the site router/firewall for traffic destined to 172.86.160.x: the next hop would be the L3 switch. On the L3 switch, another static rule sends traffic for 172.86.160.x to the NetCloud Engine Linux Gateway on the ESX VM.

HTTP connectivity to the web server is okay using the internal network addresses (ex. 192.168.0.x) but there is no connectivity using NetCloud Engine Linux Gateway FQDN or 172.86.160.x address for that external device.

Solution:

The CentOS “minimal server” includes a firewall that’s enabled by default. In effect, the customer had installed a firewall in front of the NetCloud Engine Linux Gateway that was blocking L4 traffic. We simply disabled the firewall, as root on the CentOS server:

# systemctl stop firewalld

# systemctl disable firewalld

Permalink


Overview

Logmein Hamachi VPN client is not compatible with the NetCloud Engine client. If you installed both clients, there is a high possibility that you could lose network access. At this time, to resolve this problem you must uninstall the Hamachi client.

Permalink


Summary

This article describes the steps necessary to re-install NetCloud Engine after you have cloned a device.


Issue

If you clone a machine after NetCloud Engine was installed even if you uninstall NetCloud Engine before you cloned it, you will not be able to reinstall NetCloud Engine again unless you remove the NetCloud Engine generated system ID.

Important Note: Make sure you uninstall the NetCloud Engine client first before manually making the following changes.


Solution

  • On a Windows computer, use regedit and delete the following Pertino Folder:
    • HKEYLOCALMACHINE\SOFTWARE\Pertino
  • On a linux computer, delete the pertino.conf file:
    • /etc/pertino.conf
  • On a Mac, delete the com.pertino.config.plist file:
    • /Library/Preferences/Pertino/com.pertino.config.plist file

Permalink


Summary

It is recommended that you use RDP when accessing QuickBooks over NetCloud Engine. This is because QuickBooks was not designed to work well over non-LAN topologies due to lower latency and higher bandwidth requirements.

See Intuit’s support knowledge article below under “Networks That Are Not Recommended”:

http://support.quickbooks.intuit.com/support/Articles/INF26626

Permalink


Overview

If you have NetCloud Engine installed and you decide to upgrade your Windows OS version to 8.1, it will not properly load the NetCloud Engine network drivers. To resolve this issue, execute the latest version of NetCloud Engine client and the proper network drivers will be loaded.

Note: Re-installing NetCloud Engine is NOT required to accomplish this.

Permalink


Summary

This article will explain iOSConnect, and provide instructions for configuring iOSConnect on your NetCloud Engine network and your iOS device.

NOTE: a business account is required for iOSConnect.


Frequently Asked Questions

What can an iOS device do on a NetCloud Engine network?

iOS devices on the NetCloud Engine network can access any server using any protocol. The preferred way of accessing services is using the NetCloud Engine fully qualified hostname (hostname.yournetwork.pertino.net), but direct access via IP address, which you can see in the Web Management Console under device properties, is also supported. Apple’s app store has many well-regarded applications for remote control via RDP and VNC as well as file access over the SMB protocol. Mobile Safari can be used to access any internal web applications. iOS devices on the NetCloud Engine network are client devices only. Connections FROM another computer on the network TO an iPad will not work, even if you do manage to find an app in Apple’s app store that supports incoming connections.

What is new in iOSConnect?

This version enables user-level config profiles as opposed to a shared secret. The user level profiles are built upon our PKI infrastructure.

What is the end-user workflow?

  • Users receive the mobile config URL via email.
  • Users click on the mobile config URL and are directed to the login page.
  • Users log in with their NetCloud Engine credentials.
  • The mobile config is downloaded, and the user will be walked through a standard iOS config install flow.
  • Once the installation is complete, the user can turn on the VPN service under Settings and use the NetCloud Engine network as desired.

What OS versions are supported?

iOS 7.x and greater


Configuration

Configuration Difficulty: Intermediate
  • Step 1: Log into the NetCloud Engine web console with an admin account.
  • Step 2: Select the Network for which iOSConnect will be enabled by clicking on its name.

User-added image

  • Step 3: Click the Settings button at the top right of the screen.

User-added image

  • Step 4: In the list of Entitled services, click the iOSConnect toggle to enable it.
    • Note: This step may take a while. In some cases the browser window will need to be refreshed before you see the option has been enabled.

User-added image

  • Step 5: Expand the NetCloud Engine options navigation menu by clicking it at the top left of the screen.

User-added image

  • Step 6: Select Users.

User-added image

  • Step 7: Click the enable toggle next to the mobile users you would like to give VPN access to.

User-added image

  • Step 8: Click Get iOS Profile at the top of the page to generate the user link.

User-added image

  • Step 9: Copy the iosprofile link and email it to the users of enabled iOS Connect accounts.

User-added image

  • Step 10: Have the user click the received link to download and install the client on the iOS device.

User-added image

  • Step 11: Once they’ve logged into the web portal, they should be prompted to Install Profile. Click to Install.

User-added image

  • Step 12: Go to Settings and turn on your VPN to connect to your network and access devices.

User-added image

Once connected, you need to install the appropriate app to do the job on your iOS device. Below are examples of a few free to use apps to get you started:


Troubleshooting

Known Issues

  • The last step of the end-user workflow results in a web page displaying only the NetCloud Engine logo. This is expected, represents completion of the profile delivery and can be closed.
  • VPN connections must be manually established. On-demand connections are not available in this release.
  • Apps like GeoView and UsageMonitor will not recognize individual iOS devices
  • On certain iOS devices, config for one network overrides the config for a different network resulting in just one mobile config on the device at a time.
  • When deactivating the iOSConnect app from AppScape, make sure you only click the Deactivate button once. To re-activate the app, please wait until the button text states Activate (about 15 seconds).

Failed to install iOSConnect Beta v2 mobile config profile on iOS device

If you encountered an unknown error (failed to install profile) while attempting to install your iOSConnect Beta v2 mobile config profile, please check if your NetCloud Engine network name includes one of the following characters:

  • quotation mark (“)
  • ampersand (&)
  • apostrophe (‘)
  • less than sign (<)
  • greater than sign (>)

If the network name includes any of the above 5 characters, the mobile config profile will fail to install.

As a workaround ask the network owner to change the NetCloud Engine network name and recreate the iOSConnect mobile config.

iOS Connect not working on iOS 9

There is a known issue in Apple’s iOS 9 release that breaks many VPN features.

A high-level description can be found here.

Until Apple addresses the issue, users can downgrade to iOS 8.4.1 and continue to use VPN connectivity.

Permalink


Overview

Google Chromecast does not work when NetCloud Engine is running simultaneously. Chromecast uses a protocol called DIAL which is used to discover other devices. DIAL incorporates SSDP (Simple Service Discovery Protocol) which is what NetCloud Engine uses as well for the discovery process.

Current workaround is to disable NetCloud Engine Virtual Interface when using Chromecast.

Permalink


Summary

This article describes the steps necessary to set up NetCloud Engine to work with Virtual OpenVZ server (Parallels).


Configuration

OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. You must make TUN/TAP device available inside a container:

sudo vi /etc/modules (add “tun” to the end)
:wq Save and Quit vi
sudo reboot This will stop all containers

Granting a container access to TUN/TAP:

CTID=container id
vzctl set $CTID --devnodes net/tun:rw --save
vzctl set $CTID --devices c:10:200:rw --save
vzctl set $CTID --capability net_admin:on --save
vzctl exec $CTID mkdir -p /dev/net
vzctl exec $CTID mknod /dev/net/tun c 10 200
vzctl exec $CTID chmod 600 /dev/net/tun

Permalink


Summary

This article describes the steps necessary to set up file sharing on a Mac computer.


Configuration

Configuration Difficulty: Intermediate

 

Configuring File sharing:

  • Step 1: From the Apple menu select System Preferences

1860_img1.png

  • Step 2: Select Sharing

1860_img2.png

  • Step 3: Check the box on the left “File Sharing”
  • Step 4: Click the + icon at the bottom of Shared Folders to add shared folders

1860_img3.png

  • Step 5: Add folders that will be shared

1860_img4.png

  • Step 6: Click the plus sign under Users to add users that will have access to the folders

1860_img5.png
1860_img6.png

  • Step 7: Select Options

1860_img7.png

  • Step 8a: To share with Macs, make sure AFP is selected
  • Step 8b: To share with Windows, make sure SMB is selected
  • Step 8c: Select accounts to turn file sharing on for

1860_img8.png

File sharing from one Mac to another Mac:

  • Step 1: Select Go and then Network
  • Step 2: Select the device to access files on and click “Connect As”
  • Step 3: Provide the username and password when prompted
  • Step 4: The shared files will now be displayed

To access the new shared folder from your NetCloud Engine Network:

  • Mac – From Finder, select Go and then Network and Shared. Double-click the name of the Mac and provide the username and password to access the share.
  • Windows – From the Windows File Browser, select Network and on the right pane window double-click the name of the Mac and provide the username and password to access the share.

Permalink


Summary

This manual illustrates the installation process of the NetCloud Engine (Formerly Pertino). It also introduces you to some of the powerful features, applications, and usage of NetCloud Engine, and shows you how to perform some basic networking functions.

CRADLEPOINT WEB MANAGEMENT CONSOLE USER MANUAL

Permalink


Directions

Configuration Difficulty: Beginner
  • Step 1: From Finder, select Go, then select Network.
  • Step 2: Select “All…” under SHARED folder.
    • All of the devices shared in your network (with or without NetCloud Engine) will display on the right panel.
  • Step 3: Double-click the name of the Mac or Windows device (connected to NetCloud), and provide the username and password to access the share.

Permalink


Summary

This article explains the best practices for choosing an email to use for your NetCloud Engine (Formerly Pertino) account.


Configuration

If you are planning on creating a NetCloud Engine (Formerly Pertino) account for your company, one thing you should consider is which email address you should use for the account.

There is currently a system limitation that prevents you from changing the email once chosen. This can be problematic if you use a personal email or an email for a specific employee. If the employee leaves the company, you are stuck using his or her email forever (or at least until we remove that system limitation–which is tricky to do!).

If you plan ahead, however, there is a way to circumvent this limitation. Our recommended best practice is to use a generic email address, or better yet an alias for your account email–something like netcloudengine@[yourCompany].com. If you use an alias, then you can point it to whichever person in your company is responsible for NetCloud Engine (Formerly Pertino) account administration. If that person’s role changes for any reason, you can simply redirect the alias to the new admin.

Regardless of which email you end up using for your account, please remember that it has to be a valid email address and able to receive mail. This is needed to validate your account.

Permalink


Summary

By default, Digital Ocean droplets allow all incoming traffic from the internet.  Some may consider this acceptable as long as no services are installed on the machine.  This how-to will walk you through blocking all internet traffic to your server, and only allowing secure NetCloud Engine traffic to pass.   We will provide step by step instructions to install NetCloud Engine on a Digital Ocean Droplet, join it to a NetCloud Engine Overlay Network, and modify iptables rules to restrict public access to the server.


Download and install NetCloud Engine

Configuration Difficulty: Intermediate

Download and install NetCloud Engine onto your Digital Ocean Droplet.

Follow the step by step instructions here: http://knowledgebase.cradlepoint.com/articles/Support/Linux-installation-guide


Make sure your device is connected to NetCloud Engine

Verify that you are connected and logged into the same network.

On Linux:

cd /opt/pertino/pgateway ./pertino –list-networks

Test connectivity

NetCloud Engine will install a virtual adaptor which will get assigned an IPv4 or IPv6 from the NetCloud Engine network. Test connecting to your droplet using one of these IPs via your preferred SSH/RDP client.

Check your iptables

Run the commands below to see your current rules

Sudo iptables –list The default firewall rules should look like this: Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

These rules show that we are ACCEPTING all inbound and outbound connections!

Update your iptables rules

Run the command below to block all inbound traffic on your physical network interface.  The commands assume your public interface is eth0

iptables -F INPUT iptables -A INPUT -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -j REJECT

Commit your iptables rules

The rules above will be lost in if your system reboots.  Save the changes to a file which can be loaded after reboot.  The commands for your linux distribution may be different but for reference the commands below are for Ubuntu.

sh -c “iptables-save > /etc/iptables.rules”

Configure rules to run on your public interface

  • vi /etc/network/interfaces
  • add the following to the end of eht0 (public interface) to load the firewall rules at startup

pre-up iptables-restore < /etc/iptables.rules

  • it should look like this
# Label public

auto eth0

iface eth0 inet static

address XXX.XXX.XXX.XXX

netmask 255.255.255.0

gateway XXX.XXX.XXX.XXX

pre-up iptables-restore < /etc/iptables.rules

That’s it.  You have successfully installed NetCloud Engine on your cloud server and restricted access to the machine from only NetCloud Engine connected devices.

Permalink


Configuration

Configuration Difficulty: Intermediate

The current NetCloud Engine beta client install for linux (Ubuntu 12.04) is mainly done through command line. To complete the NetCloud Engine install you must edit the following files:

Avahi

You must enable IPv6 and Point-To-Point in Avahi. Edit the Avahi configuration file as follows:

$ sudo vi /etc/avahi/avahi-daemon.conf

  -- edit the following lines to match what is shown

 use-ipv6=yes

 allow-point-to-point=yes

  -- save and exit (':wq')

$ sudo service avahi-daemon restart

MDNS for IPv6

Modify the host lookup configuration as follows to enable IPv6 MDNS lookups.

$ sudo vi /etc/nsswitch.conf

  -- locate the following line

 hosts:  files mdns4_minimal [NOTFOUND=return] dns mdns4

  -- edit to match the following (remove the 4)

 hosts:  files mdns_minimal [NOTFOUND=return] dns mdns

  -- save and exit (':wq')

Samba

To access the linux client from other NetCloud Engine client devices in the same network, you must set up linux as a samba server.

$ sudo apt-get install samba samba-common

$ sudo apt-get install python-glade2

$ sudo apt-get install system-config-samba

For example, we’re going to share /home/public directory with other devices in the NetCloud Engine network.

Place any files you wish to share in this directory.

$ cd /home
$ sudo mkdir public
$ cd /etc/samba
$ sudo vi smb.conf

[public]
comment== Public files
path = /home/public
browseable = yes
read only = yes
guest ok = yes
    
-- save and exit (':wq')
  1. Install samba packages if not installed yet.
  2. Create a sharing directory
  3. Add the shared directory in the samba configuration file called smb.conf.
  4. Configure Samba Server

Go to Ubuntu Linux Dash Home and type samba. This will open the Samba Server Configuration application.

User-added image

Hit the plus(+) sign below to add a new share.

User-added image

Specify the directory to share, add name and description, choose permission whether Writable (read/write) or Visible (read-only).

User-added image

Next, go to the Access tab and select whom to allow access and then hit OK.

User-added image

Verify the Server configuration and close the application when done.

User-added image

Now it’s ready to be access from other NetCloud Engine clients in the same network. We recommend that you restart the Ubuntu server after you make these changes to ensure proper behavior.

Permalink


How do I install the Gateway?

The Gateway installation procedure begins with the standard NetCloud Engine client installation procedure.  Please follow the instructions provided here.

NOTE: Please ensure that Active Directory and DNS Servers in your network are running the NetCloud Engine client.

How do I install the Gateway on Amazon AWS?

Create a VPC:

  1. Start the VPC wizard from AWS Console Home > VPC page.
  2. Click “Start VPC Wizard”.
  3. In “Step 1: Select a VPC Configuration”, choose “VPC with a Single Public Subnet”
  4. In “Step 2: VPC with a Single Public Subnet”, provide a VPC name.
  • Don’t change the auto-populated fields.
  • Click “Create VPC”.
    • AWS will respond with a “VPC Successfully Created”.
    • Click OK.

Create instances that will be the NetCloud Engine Gateway:
1. Navigate to the AWS Console > EC2 page.
2. Click on Launch Instance.
3. Navigate to the AWS Marketplace and search for Ubuntu 12.04.
4. Choose the “m3.large” instance and click “Next: Configure Instance Details”.
5. In “Step 3: Configure Instance Details”:

  • Select the VPC you created above in the Network drop-down.
  • Enable auto-assign Public IP.

NOTE: This is a toggle selection.  Be sure it is “enabled”.

6. Review the storage settings.
7. Configure the Security Group settings.

  • Specify SSH.
  • Click “Review and Launch” and, in the next screen, “Launch”.

Select or create key pairs:

You will need to choose an existing key pair or create a new key pair to connect your instances.

  1. If using an existing key pair, you will need to acknowledge that you have access to the selected private key file.
  2. The “Launch Status” page will display indicating that your instances are launching.
  3. Click “View Instances”.

View instances:

You will need to disable the “Check Network Source/Destination” on the new instance.

  1. Select the instance you created.
  2. In the “Actions” drop down, select “Networking > Change Source/Dest. Check”.
  3. Ensure that the setting is “Disabled” in the resulting dialog box.

Configure route tables for Gateway:

Next, we need to configure route tables so resources in the VPC use the Gateway for communication.

  1. Navigate to the AWS Console home page.
  2. Select “VPC” from the left-hand column in the “Resources” pane.

3. Select your VPC from the list.
4. Select that VPC’s “Route table” from the Summary tab.
5. Select the Route table and then select the “Routes” tab below.

6. Select “Edit”.
7. Select “Add another route”.
8. In the Destination field add 50.203.224.0/24
9. In the Target field add the ID of the instance you created above.
10. Click Save.

SSH to your instance and install NetCloud Engine

You need to SSH to your instance and install NetCloud Engine.  More information can be found here in the “Using apt” section, but this procedure duplicates that process.

1. SSH to your instance and install the NetCloud Engine GPG signing key:

$ wget -O – http://reposerver.pertino.com/Pertino-GPG-Key.pub | sudo apt-key add –

2. Add the NetCloud Engine repository server to the distribution sources list:

$ sudo sh -c “echo ‘deb http://reposerver.pertino.com/debs precise multiverse’ > /etc/apt/sources.list.d/pertino.list”

3. Install the NetCloud Engine client:

$ sudo apt-get update && sudo apt-get -y install pertino-client

4. Enter your username and password when prompted.

5. Confirm that NetCloud Engine has installed correctly by issuing an ifconfig command to check that a pertino0 interface has been added.

Restarting the Pertino client

You will need to restart the NetCloud Engine client.  Issue the following command from the Linux CLI:

$ sudo service pgateway restart

Adding a route to your router configuration

You will need to add a route to your router configuration to enable communication between your network and the Gateway.  This usually involves command-line or web access to a router’s configuration.  A typical CLI command might look like this:

$ ip route 50.203.224.0 /24 10.10.130.10

where 10.10.130.10 is the IPv4 address of the NetCloud Engine gateway.  This static route will need to be added to the site router configuration or to an Amazon VPC route table to enable connectivity to NetCloud Engine Gateway.

Permalink


Summary

This article explains what needs to be done when the “Network path was not found” error occurs when trying to access a remote Samba share from a Windows computer.  It may be related to the samba security configuration listed below.


Configuration

Configuration Difficulty: Intermediate
  • Make sure if you are using interface and/or host-based protection that you are considering the following in the Samba configuration file:
    smb.conf
    
    [global]
    
    workgroup = pertino connect 
    interfaces = lo, eth0, pertino0
    bind interfaces only = True 
    hosts allow = 50.203.224.0/32 2001:470:813b::1/64 
    hosts deny = 0.0.0.0/0
    
  • The pertino0 interface is what NetCloud Engine uses for the NetCloud Engine virtual interface.
    Note: In previous linux client versions (270 and below) the NetCloud Engine interface was named tun.
  • If you are using host-based protection, you must specify the NetCloud Engine IPv4 and IPv6 subnets.

Permalink


Summary

This article provides a workaround to the issue of host name resolution not functioning correctly.


Issue

You try to access a remote computer listed in the NetCloud Engine Connect workgroup and get the error message “Windows cannot access \Computer Name”. However, you can ping the remote computer’s IPv6 address successfully.

In this situation, it is possible LLMNR (IPv6 name resolution) is not able to respond because DNS is responding first, or LLMNR is turned off or being blocked.


Workaround

To workaround this issue you can edit the hosts file by adding the IPv6 address and hostname of the remote machine.

  • Check what IPv6 address is assigned to the host:
    • In windows command prompt type ipconfig and look for the IPv6 address under the Ethernet adapter NetCloud Engine Connection.
  • From Notepad (Run As Administrator), select File and then Open.
  • Navigate to the C:\Windows\System32\drivers\etc\hosts file.
    • Make sure to select All Files (.) to show the file called hosts.
  • Add the IPv6 address then the name of the machine at the bottom of the page. Select File, then Save.

Permalink


Summary

SmartZones were created to help NetCloud Engine connected devices always use the optimal network path when communicating with other devices.  Once configured, devices located in the same SmartZone will always use the local network path when communicating with each other.  Devices outside of the SmartZone will use NetCloud Engine to connect.

Since you’ve enabled ADConnect you should configure SmartZones for all networks where local devices plug in.  This way, when your remote users come into the office, their connection will automatically know to use the LAN rather than NetCloud Engine.


Configuration

Configure SmartZones from the web portal

- Log into https://app.pertino.com and choose your network.
- Under "Control", choose "SmartZones", then choose "Add a Smart Zone".
- Name your SmartZone, choose which devices to add and choose "Save".

User-added image

That’s it.  You have successfully created a SmartZone for your environment.

Permalink


Summary

This article addresses persistent “Failed to create dispatcher” exceptions that prevent the Windows client from connecting to its assigned Tunnel Server (TS). The client will cycle endlessly trying to repair the TS connection.

Here is sample gateway.log output (in the C:\Program Files\Pertino\logs folder):

2015-09-05 00:33:36,979 UTC [0x00001bd8] INFO (g2.tunnelClientThread:361) – Failed to create dispatcher: An exception occurred. The error type is: class TunnelProtocolDispatcher::Exception The error text is: Could not allocate event base! Previous errno: 9 [Bad file descriptor] Last error: 6 [The handle is invalid.] Source file name: \gatetun-common\tunnelprotocol\dispatcher\tunnelprotocol_dispatcher.cpp, #416 Function name: TunnelProtocolDispatcher::TunnelProtocolDispatcher

The backtrace is: …

The key information is “The error text is: Could not allocate event base!” The NetCloud Engine Gateway Service (pgateway) uses Libevent for different areas of functionality that require asynchronous event handling. On Windows the client only uses Libevent for its internal dispatcher that manages its connection to the client’s TS.

Libevent uses environment variables with an “EVENTNO” prefix to determine which of its internal event multiplexing subsystems to use. On Windows, Libevent only has access to its “WIN32” subsystem. If a system environment variable, “EVENTNOWIN32″ exists on a Windows client, Libevent will fail and be unable to allocate any event base.

The easiest remedy is to remove the system environment variable via the System control panel (“Advanced system settings”, “Environment variables”, system NOT user dialog panel). Once it has been removed, the system will need to be restarted for the change to be noticed.

Permalink


Summary

What is a Personal-3 Network?

Personal-3 networks constitute NetCloud Engine (Formerly Pertino)’s free offering. Personal-3 networks are useful for personal or home use of NetCloud Engine (Formerly Pertino) services. Personal-3 networks include basic features only whereas free trials offer NetCloud Engine’s advanced features for a period of 30 days.

How long may I have a Personal-3 network?

You may keep your Personal-3 networks indefinitely. However, Cradlepoint reserves the right to discontinue Personal-3 networks in the future, although we currently have no plans to do so.

How many Personal-3 networks may I have?

In general, there is no limit to the number of Personal-3 networks you may have. You may add additional Personal-3 networks to your account using the https://app.pertino.com management interface.

How many devices can a Personal-3 network have?

As suggested by its name, a Personal-3 network may have up to 3 devices configured. Devices configured on the Personal-3 network count regardless of connection status. If you wish to add a different device to a Personal-3 network that already has 3 configured devices, you must first remove a device from the network using the Device View panel on the https://app.pertino.com management interface.

What do I do if I need more than 3 devices?

We have several pricing plans to accommodate your needs. Please refer to http://pertino.com/pricing for a description of these plans and included features.

Permalink


Summary

This article describes the steps necessary to manage users in the NetCloud Engine network.


Configuration

Adding Users

  • Step 1: In the web management console, click the Navigation menu to expand it.

User-added image

  • Step 2: Click the Users tab.

User-added image

  • Step 3: Click Invite a User button at the top right to begin adding users.

User-added image

  • Step 4: To add a single user, fill in the fields for First Name, Last Name, and email address.
  • Step 5: Check the CC me box to receive a copy of the email the users will receive with the instructions to create their password and accept your invitation.
  • Step 6: Click the Invite User button.
    • Note: To add another user, just click Add Another User first.
    • Note: To add multiple users at once, click the Upload CSV button to upload a CSV file containing a list of users, one per line.

User-added image

  • Step 7: The accounts are created immediately and can be managed in the web console even if the users haven’t yet set their passwords.
    • Note: Users will join the network only after they accept the invitation and set their passwords.
    • Note: If the user will be authorized to make changes to the network, they will also need to be promoted. Select the user from the list, and in the drop down at the top choose Promote User.

User-added image

  • Step 8: After users set their passwords, they can run the installer on their own machines and connect to your NetCloud Engine network.
    • NOTE: If you are installing the NetCloud Engine client for the users yourself, you can use your own credentials during the installation process. There is no need to ask anyone to share a password.

Deleting Users

  • Step 1: In the web management console, navigate to Users.
  • Step 2: Select the user(s) to be deleted.
  • Step 3: From the I want to… drop-down at the top of the page, select Delete User.

User-added image

  • Step 4: In the confirmation dialog box select Remove X User(s).

User-added image


Troubleshooting

User is unable to log in to web portal

If the user is authorized to make changes to the network, before they can log into the web management console, they will need to be promoted. In the Users list, select this user, then in the I want to… drop down at the top of the page, select Promote User.

Permalink


Summary

The Full Tunnel feature allows you to specify that the default route for selected devices will point to the NetCloud Engine network.


Configuration

Configuration Difficulty: Easy
  • Step 1: Navigate to the Devices tab.
  • Step 2: Select one or more devices using the check boxes along the left-hand column.
  • Step 3: Choose Enable Full Tunnel from the I Want To… action drop-down.
  • Step 4: Click Enable Full Tunnel in the dialog box.

User-added image

The traffic from the devices selected will now traverse the NetCloud Engine private cloud before accessing any applications or the Internet. This is useful for mobile workforces who need to securely access applications from public WiFi hotspots—such as restaurants, train stations, or airports.

Permalink


Summary

This article describes a few possible causes of this issue and solutions to those causes.


Issue

When trying to access a network share on a Windows computer, you may get an error message:

1787_Image_0.JPG


Name Resolution

Issue:

When double-clicking the name of a computer from Windows Explorer in the Network section, your computer will automatically try to connect to the device by resolving the name to an IP address. Depending on the order of resolution (the default is hosts file, DNS, LLMNR, etc.), you will receive an IP address and then you are connected to remote computer share. When using NetCloud Engine, we use LLMNR to discover the correct NetCloud Engine IP for the remote host you are trying to access. Since LLMNR occurs after DNS, occasionally there are setups that respond to the name resolution even though the computer is not accessible in that location. For example, your computer may be configured to append a DNS suffix (normally by your DHCP server), and it may have a wildcard in DNS so it will respond to any requests regardless if it exists or not. In this case, it would respond with a wrong IP, and therefore you would receive the above error message.

Solution:

In the case of DNS suffix, you would normally configure your DHCP server to not append a DNS suffix. Some home routers have a setting called Domain name, and if there is an entry you can remove it to prevent this behavior.

Another option is to use the hostname that NetCloud Engine provides which is located in the NetCloud Engine located at cradlepointecm.com as shown below. You can edit your alternate names to bypass DNS/LLMNR all together.

User-added image

Alternatively on the legacy portal app.pertino.com site shown below.

app.pertino.com (Devices)
1787_Image_2a.JPG

 


Personal Firewall

Issue:

There are several personal firewalls that block LLMNR and other required protocols like ICMP and SMB (Windows file sharing). Depending on which protocol that is being blocked, you may see different behaviors when you try to ping the computer name. For example, if you try to ping the name and you get the message “Ping request could not find host XXXXX. Please check the name and try again.” it is likely the remote computer is blocking LLMNR which is used for name resolution. Another example is if you ping the computer name and do get the correct IP address but it says ping failed, then likely the remote computer is blocking ICMP.

Windows firewall normally allows all traffic outbound and restricts on inbound traffic based on the network profile. For example, if you go to a public hotspot and select the network profile of Public (Windows will ask you when you connect for the first time), the firewall rules may block different protocols assuming the network you are connected is less secure.

1787_Image_2.JPG

Solution:

The first step to verify a firewall is blocking certain traffic is to turn off the firewall and try accessing the computer again. It is always a good idea to verify each side to speed up the troubleshooting process. If a personal firewall is blocking traffic through NetCloud Engine then add the following filter:

Allow outbound traffic for the following IP range or subnet:

2001:470:813b:: /48

50.203.224.0/32

172.86.160.0/20

If the problem is due to the fact you are connecting based on the network profile as Public, then you could change it by going to the “Network and Sharing Center” and clicking on the active network “Public network” and then select “Work” or “Home”.

1787_Image_3.JPG


File Sharing Enabled

Issue:

When you install NetCloud Engine, each computer will show up in the network list in the Windows Explorer network section even if file sharing is disabled. This is because NetCloud Engine is reflecting the information that is on the NetCloud Engine Network regardless of what options are enabled on the remote computers.

Solution:

Verify and enable file sharing for the specific Network profile that the your computer is connected to. In the “Network and Sharing Center” shown below, select “Change advance sharing settings” and make sure “Network discovery” and “File and printer sharing ” is turned on.

1787_Image_4.JPG

Permalink


Summary

The UI for NetCloud Engine is located at app.pertino.com which uses active script to display the login page section. If active script is disabled, the login section will not appear. This is disabled by default on Windows 2008 R2 using IE 8.


Configuration

Configuration Difficulty: Intermediate

How to enable Active Script in IE 8:

  • Step 1: Select tools and then Internet Options.
  • Step 2: Select the security tab and then ‘Custom level…’ button.
  • Step 3: Navigate to ‘Scripting’ section, then to ‘Active Scripting’, then select ‘Enable’
  • Step 4: Select ‘Yes’ within the warning to allow changes to apply, then select ‘Ok’
    • Note: You will need to close out all browsers to allow changes to apply.

Permalink


Configuration

Configuration Difficulty: Beginner
  • We don’t have to install anything to enable the remote desktop on Ubuntu. All we have to do is go to System > Preferences > Remote Desktop:
  • In the Remote Desktop Preferences window, you can configure the remote desktop connection. If you want others to just see your desktop, but not be able to make changes, enable “Allow other users to view your desktop only”. If they should be able to change settings (e.g. repair your system if there are problems), enable “Allow other users to control your desktop’ as well. Then you should write down the command that you can use on other Linux clients to connect to your desktop.

Permalink


Summary

This article describes the steps necessary to set up the ADConnect App.


Configuration

This simple app lets you specify which AD Name Servers to use over NetCloud Engine, so that your remote machines know how to reach your domain controllers. In just three steps, you can provide domain access for remote machines, without policy updates, DNS changes, or firewall configuration. Once you apply this change, all the devices on this network will be pushed down the DNS setting on the NetCloud Engine Virtual Interface. (All the PC’s must be running 300 and above to get the DNS setting)

Three Step Overview:

  1. Install the NetCloud Engine client on your Domain Controller(s), and your remote machines
  2. Activate the NetCloud Engine ADConnect App (You would do this from the Settings section.)
    User-added image
  3. Specify your Name Servers, and you’re done. Your remote machines now have full domain access, from anywhere. This has to be a computer designated as a “Resource”
    User-added image

Key features:

  • NetCloud Engine networks are 100% compatible with Active Directory domains and services
  • Extend domain services to members and devices anywhere
  • Domain membership is maintained over time, without the need for periodic domain “check-ins.”

Note: After you enable ADConnect, you will need to setup a SmartZone to ensure optimal routing of local traffic.

Permalink


Summary

By default Rackpace instances allow all incoming traffic from the internet. Some may consider this acceptable as long as no services are installed on the machine.

This how-to article will walk you through blocking all internet traffic to your server, and only allowing secure NetCloud Engine traffic to pass. We will provide step by step instructions to install NetCloud Engine on a Rackspace instance, join it to a NetCloud Engine Overlay Network, and modify iptables rules to restrict public access to the server.


Configuration

Configuration Difficulty: Intermediate
  • Step 1: Download and install NetCloud Engine on your Rackspace instance. Refer to these step-by-step instructions.
  • Step 2: Make sure your device is connected to NetCloud Engine.
    • Verify that you are connected and logged into the same network. On Linux:

    cd /opt/pertino/pgateway
    ./pertino --list-networks

  • Step 3: Test connectivity.
    • Pertino will install a virtual adaptor which will get assigned an IPv4 or IPv6 from the Pertino network.
    • Test connecting to your Rackspace instance using one of these IPs via your preferred SSH/RDP client.
  • Step 4: Check your iptables:

    Sudo iptables –list

    • The default firewall rules should look like this:

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    • These rules show that we are ACCEPTING all inbound and outbound connections!
  • Step 5: Update your iptables rules by running the commands below to block all inbound traffic on your physical network interface.
    • Note: The commands assume your public interface is eth0.

    iptables -F INPUT
    iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i eth0 -j REJECT

  • Step 6: Commit your iptables rules to avoid losing them after a system reboot. Save the changes to a file which can be loaded after reboot. The command for your linux distribution may be different but for reference, here is the Ubuntu command:

    sh -c "iptables-save > /etc/iptables.rules"

  • Step 7: Configure rules to run on your public interface.

    vi /etc/network/interfaces

    • Add the following to the end of eht0 (public interface) to load the firewall rules at startup:

    pre-up iptables-restore < /etc/iptables.rules

    • It should look like this:

    # Label public
    auto eth0
    iface eth0 inet static
    address XXX.XXX.XXX.XXX
    netmask 255.255.255.0
    gateway XXX.XXX.XXX.XXX
    pre-up iptables-restore < /etc/iptables.rules

That’s it! You have successfully installed NetCloud Engine on your cloud server and restricted access to the machine from only NetCloud Engine connected devices.

Permalink


Summary

This article will help provide guidance on enabling the Remote Desktop Connection application for Windows.

Note: NetCloud Engine is supported on some Windows operating systems which DO NOT include Remote Desktop Connection. Please consult the list of Windows operating systems that support Remote Desktop Connection.


Configuration

Configuration Difficulty: Easy

To enable Remote Desktop Connection on Windows, please follow the instructions provided by Microsoft Support:

http://windows.microsoft.com/en-US/windows7/allow-someone-to-connect-to-your-computer-using-remote-desktop-connection

(Advanced) Enabling remote desktop (RDC) from the command line (CMD)

We can enable remote desktop from Windows Command Prompt (run as administrator) using the following commands:

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

To disable Remote Desktop from Windows command line, use the following commands:

netsh advfirewall firewall set rule group="remote desktop" new enable=No

reg add "HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f

To check if Remote Desktop Connection is enabled on a Windows computer, use the following command:

netsh advfirewall firewall show rule name="Remote Desktop (TCP-In)"

Troubleshooting

Not able to access Remote Desktop

For troubleshooting remote desktop access issues, the following site is helpful: http://windows.microsoft.com/en-US/windows7/Why-can-t-I-connect-using-Remote-Desktop-Connection

No option available to enable Remote Desktop

Microsoft does not ship with RDC on Starter or Home edition OSs (including Windows 8 standard). Of the NetCloud Engine supported Microsoft operating systems, only the following support RDC:

  • Windows 10 Enterprise
  • Windows 10 Pro
  • Windows 8.1 Pro
  • Windows 8.1 Enterprise
  • Windows 8 Enterprise
  • Windows 8 Pro
  • Windows 7 Professional
  • Windows 7 Enterprise
  • Windows 7 Ultimate
  • Windows 2008 Server
  • Windows 2012 Server

If you are running an operating system that does not include built-in RDC functionality, try using a third-party application such as Real VNC.

Note: The remote desktop connection can be initiated from other operating systems, including all flavors of Windows XP, Vista, 7 and 8.

Permalink


How to send logs from Android device to NetCloud Engine

  • Step 1: Select Menu in the NetCloud Engine App
  • Step 2: Select About
  • Step 3: Tap on NetCloud Engine icon seven (7) times
    • You should see a NetCloud Engine notification icon in the status bar. Text should say, “Logs uploaded to NetCloud Engine”

Permalink


Summary

Now that we’ve built an offsite AD Controller for backup and replication, let’s use ADConnect to extend our Windows domain to remote users. This how-to will show you how to use NetCloud Engine to connect remote users to your AD domain. Your remote computers will be connected to your AD domain just like LAN connected machines. Remote users will be able to perform functions such as receiving Group Policy, reset user passwords, and pass-through authentication to domain services just as if they were connected to your local LAN.



Configuration Difficulty: Intermediate

Download and install NetCloud Engine

Download and install NetCloud Engine on your remote computer by visiting the Download NetCloud Client page.

Configuration

You can add the remote user to your NetCloud Engine network via the NetCloud user interface.

Log into NetCloud and click on ACCOUNTS & USERS.

User-added image

In the ACCOUNTS & USERS page click add User-added image button.

  • On the Add Users page fill out the First Name, Last Name, Email column set the Role to ‘User’ and press Save.

User-added image

  • Select NetCloud Engine Permissions tab and confirm the new users role

User-added image

Verify your Network

Once NetCloud Engine is successfully installed on the remote computer, confirm that it is online and connected to the correct network.

  • Click NetCloud Engine tab

User-added image

  • Review devices assigned to the user.

User-added image

Reboot

The next time the user reboots, the user will be connected to your AD domain and will log on directly to the server. They will now get group policy, pass-through auth to all your domain resources, and password reset prompts. All client side functions (like password reset) will sync to the AD Controller.

That’s it. You have successfully configured AD Connect and used it to manage remote users.

Permalink


Summary

The Application and Content Filtering application enables administrators to set security policies for both ports & protocols, as well as specific applications. These rules are similar to network Access Control Lists (ACLs) or firewall rules, where access is allowed or denied between a source and destination devices.

NOTE: All rules are analyzed in order, e.g. rule 1, then rule 2, then rule 3, etc. For example, if your first rule is to allow access to “ANY” device and your second rule is to deny access to a device, the second rule will not be “hit”. Changing the order of the rules will ensure the correct policy is applied.

How It Works

The DPI engine identifies traffic packet characteristics above layers 1-3 of the OSI model, and extends to layer 7. It uses techniques such as surgical pattern matching, conversation semantics, deep protocol dissection, behaviors and statistical analysis, future flow awareness, and flow association. These techniques allow for more in-depth visibility of network traffic by identifying applications that are delivered over HTTP port 80, or those that “port-hop” in attempt to avoid detection. So, customers can leverage DPI to provide insight into user behavior and traffic patterns. For example, which machines are communicating and what applications are being accessed.


Configuration

Configuration Difficulty: Intermediate

Application & Content Filtering is enabled through the Security tab. Administrators can access it via the left-hand drop-down menu from the main screen.

Cradlepoint adds an additional layer of segmentation through the Services button, allowing you to specify a specific service via well-known port/protocol combinations or via a list of nearly 1,500 applications.

NOTE: This feature offers “type-ahead”, where applications and services are selected via characters that you enter in the selection panes.

  • Step 1: To create a rule, click the New Rule button. An empty rule will appear with a rule number automatically supplied.
  • Step 2: Enter a name for the rule. It should be descriptive so that it enables you and other administrators to understand what the rule is intended to do.
    • In this example, an existing rule indicates to Block Dropbox for a specific source and destination via the Dropbox application rule and a Deny action.

User-added image

  • Step 3: Select a Source and a Destination.
    • Note: Multiple entries for each may be specified. The drop-down box allows for selection of displayed entries, but you may also enter specific values.

User-added image

  • Step 4: Select a Service from the list of well-known services that are displayed by default, or you may use type-ahead to specify your own (described in the next step).
    • In this example, we are seeking to block Facebook access.

User-added image

  • Step 5: (Optional) You may also choose to specify a custom service using the + icon immediately to the right of the Service menu.
    • Enter a Service Name, a Description, the Protocol, Start Port, and End Port in the Custom Services dialog box.
    • You may specify more than one service by clicking on New Service.
    • When finished, click Add Services.

User-added image

  • Step 6: Choose whether to Allow or Deny traffic between the Source and Destination.
  • Step 7: Select the Enable toggle to enable the rule.

User-added image

  • Step 8: Click Apply Policy at the top right of the page.
    • Note: You may add additional rules before applying the policy. All newly defined policies will be applied at once.

You may delete the rule by clicking the x icon in the righthand column. After you have added security rules and finalized your security policy, you can change the default Allow rule to a Deny rule, ensuring that only the traffic you have specified will be permitted.

  • NOTE: The default rule cannot be deleted. Its order also cannot be changed — it will always be the last rule in the policy list.

Permalink


Summary

By default Google Compute instances allow incoming traffic for RDP, SSH, and ICMP from the internet. This how-to will walk you through blocking all internet traffic to your compute instance, and only allowing secure NetCloud Engine traffic to pass.

We will provide step by step instructions to install NetCloud Engine on a Google Compute instance, join it to a NetCloud Engine Overlay Network, and modify your Firewall Rules on your Google Developers Console to block external connections.


Configuration

Configuration Difficulty: Intermediate
  • Step 1: Download and install NetCloud Engine onto your Google Compute Centos 6.5 instance. Follow the step by step instructions here.
  • Step 2: Make sure your device is connected to NetCloud Engine. Verify that you are connected and logged into the same network. On Linux:

    cd /opt/pertino/pgateway
    ./pertino --list-networks

  • Step 3: Test connectivity after NetCloud Engine installs a virtual adapter assigned an IPv4 or IPv6 address from the NetCloud Engine network.
    • Test connecting to your droplet using one of these IPs via your preferred SSH/RDP client. A good tutorial can be found here.
    • Note: Google Compute Instances requite SSH keys configure. Follow these directions to configure your client.
  • Step 4: Adjust your Google Firewall rules.
    • Within Google Console, navigate to Compute\Networks.
    • Select your default network.
    • Delete all firewall rules with the exception of internal.
    • Delete the default rules allowing HTTP, RDP, and SSH.

User-added image

That’s it! You have successfully installed NetCloud Engine on your cloud server and restricted access to the machine from only NetCloud Engine connected devices.

Permalink


Summary

When using ADConnect, NetCloud Engine configures the virtual interface with the defined DNS server(s). Since NetCloud Engine is usually the last interface installed, it gets put on the top of the list in the interface binding order. In Microsoft, this tends to be the first interface it looks at when determining which DNS server it will use for DNS look ups. This is normally OK but if you have a split DNS for a host that would resolve both publicly and privately (For example MS Exchange/Outlook Anywhere), this would cause problems resolving it properly.

In the case of Outlook Anywhere for remote users, using MS Outlook to connect to MS Exchange via the internet, the name of the server needs to resolve to public IP. If it were resolved internally it would get a private IP. When using ADConnect, the DNS query would go through the NetCloud Engine tunnel and directly to the internal DNS server. This is a problem if NetCloud Engine was not running on MS Exchange as it would not be able to connect to the server. (You could decide to install NetCloud Engine on MS Exchange but then there wouldn’t be a reason to use Outlook Anywhere).

The easiest way to resolve this problem is to change the binding order on the remote computer by moving the NetCloud Engine interface lower than the active LAN interface. This way it will be able to resolve the public IP using the LAN configured DNS.

To get to the screen below, go to the adapter settings and then select the Organize then layout and the menu bar. The menu bar will show Advance and then Advance Settings. Make sure in the Connections section that NetCloud Engine is lower and then select OK.

User-added image

Permalink


Summary

The Cradlepoint NetCloud Status page at https://status.cradlepoint.com allows you to subscribe to changes in NetCloud status (i.e. Upcoming maintenance) through either email, SMS, webhook, Atom Feed, or RSS Feed.


 

Configuration

Configuration Difficulty: Easy
  • Step 1: Open a browser and navigate to the Cradlepoint NetCloud Status page.                                                                     User-added image
  • Step 2: Click the Subscribe to Updates button at the top of the page                                                                 User-added image
  • Step 3: Choose your preferred method of notification and enter the required information.
    • For email: enter your email address.
    • For SMS: enter your mobile number.
    • For webhook: enter the URL we should send the webhooks to and the email we’ll send you email if your endpoint fails.
    • For Atom or RSS Feed: click either on Atom Feed or RSS Feed and copy the HTML code for your use.
  • Step 4: Click Subscribe via __ button.                                                                                                                                          User-added image

Permalink


Summary

On the NetCloud Engine network, devices are identified by the computer name, so in order for all machines to be associated to the same workgroup, each one needs to have a unique computer name. The purpose of this article is to provide instructions on how to change the name of your computer so that it is unique in your NetCloud Engine network.


Configuration

Configuration Difficulty: Beginner

Instructions for Windows

  • Step 1: Press the Windows key and the letter “E” on your keyboard at the same time to bring up the Windows Explorerwindow.
  • Step 2: Right click on Computer and then select Properties.
  • Step 3: Next to the computer name on the right, select Change settings.
  • Step 4: Select Change…, and in the Computer name text box add a unique name, then click OK.
    • Note: Windows allows for a max of 15 characters for the computer name.
  • Step 5: You will be required to reboot Windows for the settings to apply.

Instructions for Mac

  • Step 1: Click on the Launchpad from the Dock.
  • Step 2: Click on System Preferences.
  • Step 3: Under Internet & Wireless, click on Sharing.
  • Step 4: In the top section, change the Computer Name to be unique (among other devices on your NetCloud Engine Network).
  • Step 5: (Optional) To make sure the change is immediate, click on the NetCloud Engine icon in the menu bar and select Disconnect.
    • Step 5b: Once the icon changes to show a Pause symbol, click on it again and select Connect.

Permalink


Summary

This article describes the steps necessary to set up NetCloud Engine (Formerly Pertino) with Active Directory.


Configuration

Note: This is now automatic using the new feature called ADConnect for all Business Plans.

One of the major benefits of using AD through NetCloud Engine (Formerly Pertino) is you will not have to provide a username or password when accessing file shares on the domain. Also once you add the Pertino AD IPv4 address in the DNS settings on the network interface adapter, you will be able to add remote computers into the domain as you would normally when connected to the same network.

First you will need to find the Pertino IPv4 address of the AD server by pinging the computer name from the remote computer (you may have to use the -4 option when pinging the computer). Next, edit the Pertino Virtual network adapter from the remote computer by right clicking the interface and select Properties and double-click the IPv4 protocol. In the DNS settings, add the IPv4 address you got back from the ping.

User-added image

User-added image

Note: Keep in mind when you upgrade the NetCloud Engine (Formerly Pertino) client, you will have to reapply these settings. There is also a chance the Pertino IP address could change which would require you to reapply the changes as well. This is not a problem if you use ADConnect.

Make sure your DNS server is listening on the Pertino Virtual interface. To verify see below:

  1. Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
  2. In the console tree, click the name of the DNS server you wish to configure.
  3. On the Action menu, click Properties.
  4. On the Interfaces tab, make sure the Pertino IPv6 address is checked . By default, all IP addresses are selected.

Permalink


Overview

If you are running any pre-255 NetCloud Engine versions, you will not be able to delete a network.

Permalink


Summary

What is the new multiple network admin feature?

Previously, a NetCloud Engine network only allowed for one network admin (a network owner). The network admin performs administrative actions on a network and invites new users. NetCloud Engine now offers Multiple Network Admins. These network admins can perform the same actions as the network owner (the first and primary network admin). With this feature, you can promote another user to administer your network for after hours or out of office support.

Is there an extra charge for the multiple network admin feature?

This feature is included with all Business plans and free to try until January 15, 2015, for all Basic and Free plans.

How do I promote a user to network admin?

Navigate to Users, select the user you wish to promote to network admin and click the drop down “I Want to…” and select “Promote User”

User-added image

An icon will appear by the user you promoted to show that they are now a network admin.

User-added image

What can a new network admin do?

A network admin can perform the same admin actions as the network owner. This includes accessing admin apps such as UsageMonitor, promoting or demoting other users, inviting or deleting other users, generating device authentication keys and deleting devices from the network.

What are the limitations for new network admins?

  1. Today, only the network owner (the original network admin) can change the selected plan or manage Pertino apps. We will look to address this in a future release.
    User-added image
  2. The network owner cannot be deleted from the network or demoted and will be the billing contact for the network

User-added image

How do I remove a network admin from my network?

If you only want to take network admin privileges away from a network admin, navigate to Users, select the network admin you wish to demote and click “Demote User.”

User-added image

If you want to fully remove the network admin from your network, you must first demote them from the network admin position and then select “Delete User.”

Can I demote myself from network admin?

You can demote yourself only if you are not the original network admin. If you demote yourself, you will automatically lose access to administrative pages and need to be re-promoted by another network admin for future administrative access.

What happens if I demote a network admin who is currently logged in?

If you demote someone who is actively logged in, they will not see that they were demoted until they refresh their browser. The demoted network admin may be able to perform some actions during their active session but will be unable to perform any administrative actions after they refresh their browser or log out and log back in.

Permalink


Products Supported: NetCloud Engine


NetCloud Engine supports the following device operating systems:

Windows:

  • Windows 7 Editions: Home Premium, Professional, Ultimate, Enterprise
  • Windows 8 Editions: All
  • WIndows 10 Editions: All, except Metro UI
  • Windows Server 2008 Editions: All
  • Windows Server 2008 R2 Editions: All
  • Windows Server 2008 SP2 Editions: All
  • Windows Server 2012 Editions: All

Mac:

  • Mac OS X version 10.7 (Lion)
  • Mac OS X version 10.8 (Mountain Lion)
  • Mac OS X version 10.9 (Mavericks)
  • Mac OS X version 10.10 (Yosemite)
  • Mac OS X version 10.11 (El Capitan)
  • iOS 7.x and higher with iOSConnect Beta

Linux:

  • Ubuntu Server 12.04 and 14.04
  • CentOS 6.4 and 6.5

Android:

  • Android 4.2.x (Jelly Bean Only) and higher
    • Minimum screen density 160 dpi (MDPI) and ARMv7-A (32-bit) architecture

Permalink


How do I enable UsageMonitor Beta?

As the network owner of a Trial or Business plan, you can select the “Activate” button under UsageMonitor Beta on AppScape page. Once activated, the network owner can select “UsageMonitor” on MyApps page.

To whom is UsageMonitor Beta available?

UsageMonitor Beta is available to any network owner on a Trial or Business plan.

Is there an extra charge for UsageMonitor Beta?

No, there is no extra charge for UsageMonitor Beta at this time for Trial and Business plan network owners.

What does UsageMonitor Beta track?

UsageMonitor tracks traffic over the NetCloud Engine network only; it excludes local traffic and remote traffic that do not cross NetCloud Engine (e.g., Internet traffic). It tracks the last 1 day and last 7 days of usage for the network. For the 1-day graph, the horizontal axis is by hours (based on your local browser time) and the vertical axis is in Bytes/Kilobytes/Megabytes/Gigabytes depending on the traffic volume for the day. The 7-day graph’s horizontal axis is by dates for the last 7 days, and vertical axis is in Bytes/Kilobytes/Megabytes/Gigabytes depending on the traffic volume.

Why don’t I see Internet traffic?

NetCloud Engine is currently split tunnels meaning that only traffic destined to a NetCloud Engine device from a NetCloud Engine device traverses the NetCloud Engine Cloud. All other traffic bypasses it and is therefore not reflected in UsageMonitor Beta’s charts. When I transfer a file to another NetCloud Engine client, is the traffic double-counted? In a sense, yes. For example, when you send a 10MB file to another NetCloud Engine device, your usages will show a 10MB transmit (plus protocol overhead). The receiving device will show a 10MB receive. When the devices’ usages are aggregated, the result will appear to be double counted as 20MB (plus overhead).

What is a top talker?

A top talker is user or device that send more data throughout the NetCloud Engine network than other users. UsageMonitor keeps track of the top five users and top five devices.

How can I see the detailed usage of a top talking user or device?

Click on the top talker you wish to detail and you will be brought to the detail page for that user or device.

How do I see usage for a User or Device which is not a top talker?

This is not supported today; however, we plan to add this in future iterations of UsageMonitor.

Where did the OS breakdown on the Dashboard go?

With the initial release of UsageMonitor Beta, the OS breakdown is replaced by the 7-day usage chart if you have UsageMonitor Beta activated. With future releases, you will be able to rotate through the different dashboard pages (OS breakdown, Usage, etc.).

How can I get the OS breakdown on the Dashboard back?

Currently, you would have to deactivate UsageMonitor Beta for the network.

I transferred a file but I don’t see the usage.

UsageMonitor will display data about 15 minutes after your file transfer.

Why is my chart blank?

If your chart is blank it means that UsageMonitor did not see any traffic. Remember, only traffic that traverses the NetCloud Engine network is reported in UsageMonitor; Internet and local traffic are not measured.

Can I see the usage for all of my networks on my account?

Currently, the usage charts are available by network. With future releases, you will be able to view the usage for all networks on your account.

Permalink


Summary

After a Fedora 20 machine is rebooted, NetCloud Client does not automatically start. There may be a timing issue when the NetCloud Client service starts on Fedora 20. This can me fixed by adding the line “sleep 60” in the start() function of /etc/init.d/pgateway.


#!/bin/bash

# chkconfig: 345 98 81

# Description: The NetCloud Client provides access to the NetCloud Engine Network.

# pidfile: /opt/pertino/pgateway/run/pgateway.pid

# Source function library.

. /etc/init.d/functions

# Source networking configuration.

./etc/sysconfig/network

progdir=/opt/pertino/pgateway

prog=pGateway

pidfile=/opt/pertino/pgateway/run/pgateway.pid

start() {

[ “$NETWORKING” = “no” ] && exit 1

[ -x $progdir/$prog ] || exit 5

sleep 60

# Start daemons. echo -n $”Starting $prog: ”

cd $progdir

daemon ./$prog -f

Permalink


Summary

This article has instructions on the procedure to install NetCloud Engine from a Windows command line interface.


Configuration

Configuration Difficulty: Easy
  • Step 1: From the directory where the NetCloud Engine installer is located run the following command:
    • C:\Users\test\Downloads>Pertino.exe /sp- /verysilent /u username:password
  • Step 2: When prompted enter your NetCloud Engine account email and password (username:password)

Note: If you are running Windows Hyper-V which has no GUI, you may get an error message regarding the oledlg.dll file. You can get a copy from another Server (same OS family for example 2012 server if your Hyper-V is also running 2012) and place in the c:\windows\system32 & SySWoW64 directory.

Permalink


Summary

On August 15, 2016, Cradlepoint will be discontinuing support for clients prior to version 470 on all supported operation systems. After that date, old clients will no longer connect to your NetCloud Engine network(s). As such, it is imperative that you update old clients as soon as possible.


Latest Clients

As of this writing, the latest clients are as follows:

  • Windows – v544
  • Macintosh – v544
  • Linux – v544
  • Android – v544

How to Update My Client

Simply visit our download page found here: Download NetCloud Engine App, download the appropriate client and run the installer on each device that requires upgrade.


Frequently Asked Question – Required to Upgrade?

Do I need to update all my client each time a new version is released?

  • No. The latest client versions automatically upgrade to the latest version. Once you assure that all clients are running the latest version, you will no longer have to manually upgrade to future versions.

Permalink


Overview

If you change the user account password on computer sharing folders with password protect enabled, you may encounter a situation where you are unable to provide the correct password when attempting to access the shared folders. This is caused by Windows caching the user credentials. To force the new credentials either log off the machine and log back in with the new credentials or delete the network path using the net use command.

  • Option 1: Log off the machine that you are using to access the remote share. Next, log back in and try to access the share again. This should prompt you for a username and password.
  • Option 2: From the windows command line, type the command “net use” and find the network path to the remote machine. Next type the command “net use /delete”
    • For example: “net use \Davids-MacBook-Pro\IPC$ /delete”. Make sure you provide the “\IPC$” at the end of the path when running this command. Next, try to access the share again and it should prompt you for username and password.

Permalink


Summary

Why do I see a machine name with “.PERTINO”

When we detect two or more devices are in the same local subnet, we will append ‘.PERTINO’ to the name. This way you can decide if you want to connect to the machine through the Pertino cloud or just locally. To access the machine locally, you would use the machine name without the ‘.PERTINO’.

Permalink


Summary

This article describes the steps necessary to set up screen sharing on a Mac computer.


Configuration

Configuration Difficulty: Intermediate

Configuring screen sharing on the Mac:

  • Step 1: From the Apple Menu select System Preferences

1859_img1.png

  • Step 2: Select Sharing to enable Screen Sharing

1859_img2.png

  • Step 3: Make sure the check box on the left for Screen Sharing is checked

1859_img3.png

  • Step 4: Click the plus sign to add specific or any users you would like to provide access to the computer

1859_img4.png

  • Step 5: If screen sharing to a Windows computer is required: Click Computer Settings

Connecting to the Mac from another Mac:

  • Step 1: Select Go and then Network
  • Step 2: Find the Mac in the list of available device and select Share Screen
  • Step 3: Provide the username and password when prompted
  • Step 4: Select “Share Display” or “Log In”
  • Step 5: Screen sharing is now connected

Permalink


Overview

If you reboot your Mac after setting up a Mac share (and confirming you can access the share from a Windows machine before the reboot), you may encounter the following error message:

  • “You do not have permission to access \”…

Also, if you reboot the Windows machine after rebooting the Mac, you will no longer see the above error message and will be prompt for a user name and password. Once you provide the correct username and password, you will receive another error ” Logon failure: unknown user name or bad password.”

This is a known issue on the Mac. Two workarounds are available for this:

  • Go to System Preference…/Sharing/File Sharing /Options…/ uncheck “Share files and folders using SMB (WIndows)” and then recheck it.
  • From the Terminal: copy and paste the command: sudo touch “/Library/Preferences/SystemConfiguration/com.apple.smb.server.plist”

Provide the account (admin rights) password.

You should be able to access the Mac share again.

Permalink


Summary

Using NetCloud Engine to connect all of your remote AD controllers is great, but how do you know if they are actually replicating and in sync?  The tools listed below will provide you with a great view of your Active Directory environment including replication, backup status, and queue depth.


Configuration

Configuration Difficulty: Intermediate

AD Replication Status Tool

This free tools queries all of your connected Active Directory servers and provides on demand replication status.  Use it to generate a report to detect any replication issues you may have within your environment.

From the shell

If you don’t want to install another application, just open up a powershell window and use repadmin to see replication data

To get a quick status on all replication within your enterprise

  • repadmin /replsummary *

To see the replication backlog

  • repadmin /queue *

To force replication from all partitions

  • repadmin /syncall /Aped

To check last backup time for your DC

  • repadmin /showbackup

Use netdom to find your FSMO roles

One quick command to find which AD Controller is assigned which FSMO role

  • Netdom query fsmo

Permalink


Configuration

Configuration Difficulty: Intermediate

To share a folder on a Mac in your NetCloud Engine network, make sure File Sharing is enabled and SMB is selected as a protocol to use. First, select the Launchpad from the Dock and click on System Preferences. In the Internet & Wireless section select Sharing. Make sure “File Sharing” is checked and then select Options… Verify “Share files and folders using SMB (Windows)” is checked. From here you can specify the folder you would like to share. In the Shared Folders section, select the + to add the folder you want to be shared and then select Add. Next, add or remove users as well as provide the proper permission to the folder (Read or Read & Write).

You can also share a folder by right clicking the actual folder and select “Get Info”. Check the Shared folder option and then under “Sharing & Permissions:” select the + option to add a user or group as well the permissions to access this folder.

To access the new shared folder from your NetCloud Engine Network:

Mac – From Finder, select Go and then Network and Shared. Double-click the name of the Mac and provide the username and password to access the share.

Windows – From the Windows File Browser, select Network and on the right pane window double-click the name of the Mac and provide the username and password to access the share.

Permalink


Summary

This article describes the steps necessary to get a network API key for authenticating devices.


Configuration

Configuration Difficulty: Novice

Login to NetCloud Engine

  • New Users sign-up for a trial account here. Login and exit out of the setup wizard (by clicking the ‘x’ at the top right of the wizard)
  • Existing users Login to the NetCloud Engine console here

Download the Key

  • Navigate to the key generation page by pressing the settings button in the top right corner of the client.

User-added image

This will take you to the network settings page.

User-added image

  • Select the Generate Authentication Key option.

User-added image

  • Select Generate Key This will create a new key, revoking the old key, and prompt you to download a file called apikey.pertino. You can copy the API key and use it in a command line as appropriate.

Permalink


Summary

When you upgrade your NetCloud Engine client, AVG falsely detects an issue with a temporary file we generate in the temp directory.


Configuration

Configuration Difficulty: Intermediate
  • Step 1: Select ‘Allow’ to prevent AVG from blocking NetCloud Engine.
    • Note: A re-installation of NetCloud Engine will be required if ‘Allow’ is not selected

User-added image

Permalink


Summary

This article describes the steps necessary to share files and folders on a Windows machine.


Quick Setup

Configuration Difficulty: Beginner

  • Step 1: On the computer you will be sharing folders from, click on the Start button.
  • Step 2: Search for “Sharing” and select on Manage advance sharing settings from the results.

User-added image

  • Step 3: Select Turn on network discovery and Turn on file and print sharing.
  • Step 4a: (Optional) Select Turn on password protection sharing.

User-added image

  • Step 4b: (Only if “password protected sharing” is enabled) Navigate to Control Panel.

User-added image

  • Step 4c: Select Add or remove user accounts.

User-added image

  • Step 4d: Select Create a new account.

User-added image

  • Step 4e: Specify the user’s name and then click Create Account.

User-added image

  • Step 4f: Select the account you just created and then select Create a password.

User-added image

  • Step 5: Right click on the folder you want to share and select Specific people…
  • Step 6: Select the user you are giving access to, and click Add and then Share.

User-added image

  • Step 7: Right click the folder again and select Properties.
  • Step 8: Select the Sharing tab.

User-added image

  • Step 9: Select Advanced Sharing…
  • Step 10: Check the Share this folder and click OK.

User-added image


Detailed Instructions

Configuration Difficulty: Intermediate

To share files and folders on a workgroup or a domain:

  1. In Windows Explorer, select the file or folder to be shared, and then click the Share with menu at the top.
  2. Select Specific people to get to the File Sharing wizard:
    • If your computer is on a domain, click the arrow next to the text box, and then click Find people. In the Select Users or Groups dialog box, type a name in the box, click Check Names, and then click OK.
    • If your computer is part of a workgroup, click the arrow next to the text box, click a name from the list and then click Add.
    • Under Permission Level column, select one of the following options:
      • Read: Recipients can open, but not modify or delete the file.
      • Read/Write: Recipients can open, modify or delete the file.
  3. When you have finished adding people, click Share.
  4. After you receive confirmation that your item is shared, you can let the people know.
  5. When you are finished, click Done.

Notes:

  • If you try to share a file or folder in one of the Windows 7 Public folders, the Share with menu will display an option called Advanced sharing settings… instead of the sharing options for non-public folders and files. This option takes you to the Control Panel, where you can turn Public folder sharing on or off.
  • If password-protected sharing is turned on, the person you want to share with must have a user account and password on your computer for full access to shared items. Password-protected sharing is located in Control Panel under Advanced sharing settings. It’s turned ON by default.

To share files and folders on a homegroup:

  1. Right-click on the file or folder you want to share, and then click on Share with.
  2. Choose one of the following options:
    • Homegroup (Read): This option shares the item with your entire homegroup, but they can only open and read the item. They cannot modify or delete it.
    • Homegroup (Read/Write): This option shares the item with your entire homegroup and lets them open, modify or delete it.
    • Specific people: This option opens the File Sharing wizard which allows you to select individual people to share items with.

Turning Public folder sharing on or off:

Anyone on your computer or network can access Public folders if you have sharing turned on for that folder. When it’s turned off, only people with a user account and password on your computer have access.

  1. Click on Start button, click on Control Panel, click on Network and Sharing Center.
  2. Select Change advanced sharing settings in the left pane.
  3. Click the chevron to expand your current network profile.
  4. Under Public folder sharing, select one of the following options:
    • Turn on sharing so anyone with network access can read and write files in the Public folders
    • Turn off Public folder sharing (people logged on to this computer can still access these folders)
  5. Click Save changes.

Notes:

  • When you share the Public folder on your computer with other people, they can open and view the files stored there just as if they were stored on their own computers. If you give them permission to change files, any changes they make will change the files on your computer.
  • If you click a Public folder or its content, you will see Advanced sharing settings in the Share with menu. This option takes you to the Control Panel where you can turn Public folder sharing on or off.
  • By turning on password-protect sharing in Control Panel, you can limit Public folder access to people with a user account and password on your computer. This option is not available on a domain.

Turning password-protected sharing on or off:

  1. Click on Start button, click on Control Panel, click on Network and Sharing Center, and then click on Change advanced sharing settings in the left pane.
  2. Expand your current network profile.
  3. Under Password protected sharing, select one of the following:
    • Turn on password protected sharing
    • Turn off password protected sharing
  4. Click Save changes.

To stop sharing a file or folder:

Right-click on the item you want to stop sharing, click Share with menu at the top of File Explorer, then select Nobody.


Modifying File and Print Sharing and Network Discovery from Windows command line (CMD)

Network discovery and file and print sharing from Windows command line can be enabled using the following commands:

netsh advfirewall firewall set rule group="Network Discovery" new enable=Yes

netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

To disable these functions in Windows, use the same command, replacing all instances of “Yes” with a “No”.


Accessing shared resources

From a Windows machine:

  • Step 1: From Windows Explorer on a different Windows PC, Select Network to list the computers on your network.
  • Step 2: Double-click the computer you would like to access, then provide its username and password.
  • Step 3: You will now see the folders that are being shared on that remote computer.

User-added image

From a Mac:

  • Step 1: From Finder, select Go, then Network, then Shared.
  • Step 2: Double-click the computer you would like to access, and provide its username and password.
  • Step 3: You will now see the folders that are being shared on that remote computer.

Troubleshooting

  • Please ensure that the printer or file sharing device is powered on and connected to the network.
  • If you are still not able to access the files or folders you might have a permission issue, please refer to this Microsoft support link.

Permalink


Overview

Configuration Difficulty: Intermediate

A) To assign the user right: Allow log on locally

  • Step 1: Open the Group Policy Management Editor. To do so, select Start, then in the Start Search box, type gpedit.msc, and then press ENTER.
  • Step 2: If the User Account Control dialog box appears, confirm that the desired action is displayed, then select Continue.
  • Step 3: In the navigation pane: Open Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.
  • Step 4: In the details pane, double-click “Allow log on locally” or “Deny access to this computer from the network”.
  • Step 5: Select Add User or Group.
  • Step 6: Find the desired user or group account to add, then select OK.
  • Step 7: Selecting OK saves the changes to the Group Policy object (GPO).
  • Step 8: Users that are currently logged on must log off and back on for GPO settings to take affect.

B) To remove a user or group from the user right: Deny log on locally

  • Step 1: Open the Group Policy Management Editor. To do so, select Start, then in the Start Search box, type gpedit.msc, and then press ENTER.
  • Step 2: If the User Account Control dialog box appears, confirm the desired action is displayed, then select Continue.
  • Step 3: In the navigation pane, open Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment.
  • Step 4: In the details pane, double-click “Deny log on locally” or “Deny access to this computer from the network”.
  • Step 5: Select the desired user or group account to be removed, then select Remove.
  • Step 6: Select OK to save your changes to the GPO.
  • Step 7: Users that are currently logged on must log off and back on for GPO settings to take affect.

Note: Windows 7 Home edition (and Windows 8 standard) do not come with the local policy editor.

Permalink


Summary

This article shows how to remotely control a Mac from a PC.


Configuration

Configuration Difficulty: Intermediate
  • Step 1: Enable remote management on a Mac:
    • Click on the Sharing in System Preferences.
    • Select and check Remote Management.
    • Select Computer Settings.
    • Select and check “VNC viewers may control screen with password” and provide a password for login.

    User-added image
    User-added image

  • Step 2: Launch VNC Viewer on Windows:
    • Download and run the free VNC Viewer.
    • Provide the name of the Mac computer as it is displayed in the Windows network and select Connect.

    User-added image

  • Step 3: Access the remote Mac:
    • Provide the password you setup on the Mac for the VNC connection.
    • Provide your Mac username and password.

    User-added image

  • Step 4: Now you are connected to your Mac remotely!

    User-added image

Permalink


Summary

Dear Cradlepoint Customers and Partners:

Many of you are aware of the recently discovered UNIX Bash exploit commonly known as Shellshock (CVE-2014-7169).

The Cradlepoint engineering and dev-ops teams have investigated the potential implications of this vulnerability on our NetCloud Engine service. We have patched external facing systems as well as non-exposed systems that were subject to this vulnerability. Additionally, we are collaborating with our cloud infrastructure service providers to ensure the risk has been fully mitigated throughout our service delivery infrastructure. At this time, there is no risk to our customers and partners.

Cradlepoint is committed to protecting all of the information that you have entrusted to us, and we take this incident, and all security threats, very seriously.

Permalink


Summary

To access a remote computer from a Linux client, you must use .local at the end of the computer name.For example, if the remote computer name is called computer1 then when trying to access it use computer1.local.

You can also use the FQDN provided by Cradlepoint listed in the app.pertino.com by selecting the device and clicking more details.

Permalink


NetCloud Manager FAQ

 

Summary

This article provides a list of questions commonly asked about NetCloud Manager (NCM), and the answers to those questions. The Configuration Examples sections includes links to articles that demonstrate the function of the NCM service.

NetCloud Manager is Cradlepoint’s next generation network management solution. Rapidly deploy and dynamically manage networks at geographically distributed locations with NetCloud Manager, Cradlepoint’s next generation application platform. Improve productivity, reduce costs, and enhance the intelligence of your network and business operations.

A detailed explanation of the NetCloud Manager service can be found on the NCM product page.


 

Requirements

To establish a successful connection to NetCloud Manager, a Cradlepoint router must meet the following requirements:

1. Supported Product: Only the following router models can currently be added to ECM: AER2100, MBR1400v2, MBR1400v1, CBA850, CBA750B, IBR1100, IBR1150, IBR600, IBR650, IBR350, MBR1200B, CBR400, and CBR450.

2. Minimum Firmware: 4.3.2 (CBR4x0 only) and 4.4.0 (all other models). Using most recent available firmware version is recommended.

Note: Product support is planned for the following router models: CBA750, MBR1200, MBR1000, MBR900, MBR800, CTR500, and CBA250. Expected minimum firmware requirement for Series 2 products is 2.0.0.

Click here to identify your router. For information on upgrading NCOS, click here.

3. NTP Server Connection: Routers must sync with a time server before they can communicate with NetCloud Manager. NCM uses standard TLS-based encryption along with a proper signed certificate in our servers. This system has date range restrictions – devices must have a valid clock time in the 21st century. By default, the routers boot up at Unix epoch 0 (January 1, 1970), which leads the TLS client to think the certificate is invalid without a time sync.


 

What level of redundancy and reliability features do the NetCloud Manager Servers have?

NetCloud Manager servers are located within a physically secured area at a Tier IV datacenter that is SAS70 (SSAE Type II) certified. Only Rackspace authorized personnel have access to the secured area. Redundancy of the system includes the following:

Datacenter Redundancy and Reliability:

  • 24x7x365 onsite staff
  • Dual power circuits tied to N+1 redundant datacenter UPS systems
  • Onsite diesel backup power generators
  • Fully redundant enterprise-class core routing with connectivity to 3+ internet backbone carriers
  • Fiber carriers enter datacenters at disparate points to guard against service failure
  • N+1 redundant HVAC systems (Heating Ventilation Air Conditioning) with air filtering

Server and Software Redundancy:

  • Redundant load balanced application servers
  • Master database in isolated private network with one-hour replacement
  • Full nightly backups
  • Rackspace SLA guaranteeing network availability and critical infrastructure systems including power and HVAC 100% of the time in a given month excluding scheduled maintenance.

 

What are the security measures for the Enterprise Cloud Manager Servers?

Enterprise Cloud Manager servers are located within a physically secured area at a Tier IV datacenter with SSAE Type II certification (formerly SAS 70). Security features include the following:

Datacenter Security:

  • Cradlepoint servers are located in a secured area within a Tier IV datacenter.
  • Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitoring
  • 24x7x365 onsite staff
  • Only authorized data center personnel are granted access credentials. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.

Hardware and Software Security:

  • CISCO ASA Firewall
  • Only authorized Rackspace operations personnel are allowed physical access to production NCM servers.
  • Patch Management: Patches are applied quarterly, unless a high vulnerability issue is identified whereupon the process is expedited.

Event and Log Management:

  • All URL traffic is logged. These logs are kept for 90 calendar days for review by network security management.
  • Automated logs track and log changes, including backups of this data.

 

Does Cradlepoint perform vulnerability assessment of the NCM servers?

Cradlepoint uses a PCI Approved Scanning Vendor (ASV) service for external penetration testing of the NCM servers. Scans are run at minimum monthly, with remediation reports provided to management. Corrective actions are implemented based upon severity of potential threats.

 

How many devices can your system support and how many do you have on the system now?

Cradlepoint manages more than 80,000 devices on WiPipe Central today. NCM has a scalable, service-oriented architecture that can support many more customers with many thousands of devices under management.

 

As a System Integrator, can I have multiple primary accounts that I can use to manage my customers’ devices, and can I see all of my customers’ devices?

Yes, with NCM you can have multiple subaccounts for your customers. Your Account Administrator can manage all accounts, while creating other administrators to manage separate subaccounts (customers).

 

When an NCM account password is lost, how is it reset?

The user navigates to the “Request new password” page (link on the NCM central login page) where an email address is entered. If the email address entered matches an email address associated with an NCM user, an email with a unique link is sent to the user. Upon receiving the email, the user clicks on the link that will take them to a page to select a new password for their account. If the email address entered does not match any account email addresses, a message will be displayed noting the email address isn’t recognized.

Cradlepoint support personnel do not have access to NCM user passwords and thus cannot provide any passwords over the phone.

 

How strong are NCM passwords and how long do they last?

The following are password requirements:

  • Password minimum length (default = 8)
  • Require one or more CAPITALIZED letters in the password (default = yes)
  • Require one or more numbers in the password (default = yes)

The administrator can set a session timeout (default = 120 minutes) for each user under the User Settings.

 

How are passwords stored within the NCM Servers?

All passwords are stored in encrypted form using the NIST/FIPS Secure Hash Standard known as SHA-2. SHA-2 is a set of cryptographic hash functions designed by the National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. Our user passwords encryption uses the PBKDF2 algorithm with a SHA-256 hash.

 

Is User Data stored within the Cradlepoint devices?

No user data is stored on the Cradlepoint devices.

 

Do new users receive a unique password?

When a new account is set up, the Account Administrator will receive an email from Cradlepoint with a unique link to take them to a page to select a new password for their account.

When the Account Administrator sets up a new user account, the user will receive an email with a unique link that upon selecting will take them to a page to select a new password for their account.

 

How do you integrate with Network Management Systems?

NetCloud Manager can be integrated with any Network Management System via the NetCloud Manager API. The NCM API is accessed via HTTPS to the XML/JSON RESTful interface. We have customers doing this today using the WiPipe Central API.

 

How many levels of user account privileges does NCM support?

NCM supports three levels of user access privileges for a customer.

  • Account Administrator – has full access to all accounts and sub-accounts and can create accounts and users at any level within the account hierarchy. Only the Account Administrator can create accounts or users.
  • Full Access User – has access to resources within their account and any sub-accounts below their account. The Full Access User cannot create new accounts or users.
  • Read-Only User – has read-only access for their account and any sub-account(s) below their account.
  • Diagnostics User – Same access as read only user, but with additional ability to reboot the router.

 

How much data does being connected to NetCloud Manager consume?

Recent data shows that the average data usage is approximately 5–10 MB per router per month. This reflects what we expect to see in “typical” scenarios when routers have mostly default settings. Many settings could affect this amount, including generating lots of alerts, exporting lots of logs, and especially editing the connection pulse interval (default 120 seconds). A significantly faster connection pulse (e.g., 10 seconds) could increase data usage to 50 or even 100 MB per router per month, whereas a significantly slower pulse (e.g., 900 seconds) could decrease data usage to less than 1 MB per router per month (but runs the risk of slowing down the connection so much that the connection is broken and needs to reestablish itself, which uses additional data).
There are many variables that affect data usage and therefore Cradlepoint does not guarantee that a router will use any particular amount of data. These numbers are only provided to give a rough estimate of the amount of data usage you should expect based on data from other routers in the field.

 

How do you support Private Networks (cellular or wired)?

NCM can support a customer’s Private Network (3G/4G or wired networks). For device management, NCM uses a full-duplex, asynchronous SSL protocol to manage the Cradlepoint routers over a single TCP connection (port 8001).

Support for Private Networks can be achieve by either of the following:

  • Customers create a firewall rule to allow NCM management SSL traffic routed over the Internet to the Cradlepoint cloud datacenter (single TCP connection – port 8001).

Permalink


← FAQs