Control of security application in a LAN from outside the LAN

摘要

A method and a system are disclosed that enable an address at the edge router to be used to establish a multi-pipe virtual private network (MVPN) connecting controllers to multiple web enabled end user devices (EUDs) inside a security protected local area network (LAN). The EUDs connect to a central server (CS) outside the LAN during configuration establishing registration and identity (ID) for each EUD. Once the EUDs establish connection from inside the LAN, the CS is enabled to communicate with the EUDs using the address and ID provided during registration. The CS then acts as a facilitator establishing secure VPN connection between controllers in the cloud and the EUDs inside the LAN. CS further acts as a pass through for those LANs that do not allow direct connections to controllers outside the LAN. The CS continues to monitor the health of the overall system once connectivity is established.

主权项

1. A secure method for connecting to web enabled devices inside a secure firewalled local area network (LAN) through a secure fire-walled edge router, without enabling port forwarding, at an interface between the secure LAN and an internet cloud, for monitoring and control of the web enabled devices within the secure LAN comprising:
providing a secure central server outside the LAN, wherein the secure central server immediately identifies problems within the LAN and either automatically takes remedial action or informs an administrator for manual action, wherein the secure central server oversees a security monitoring health of a system of the secure central server and transmits a short message service (SMS) message to an administrator of the system in order to indicate a failure of at least one of the web enabled devices; providing at least one monitor and control device outside the secure LAN, wherein the secure central server is coupled to the at least one monitor and control device; having the web enabled devices within the LAN connecting to and registering with the secure server; and enabling establishment of a secure virtual pipe connection via the secure central server, for use by the at least one monitor and control device, outside the secure LAN, that is securely connected and pre-registered with the secure central server, wherein the at least one monitor and control device monitors and controls the web enabled devices inside the secure LAN.