StrideLinx Secure VPN Advanced Organization & User Management at AutomationDirect

Stridelinx Secure Remote access Industrial VPN makes it easy for you to connect and manage your remote devices and how your users interact with those devices. All of this done in a secure way. For those of you just looking for simple access to a single device and a single user, making yourself a platform administrator and connecting may be enough for your application. For those of you deploying across multiple locations with multiple devices and multiple users, the Stridelinx platform allows you to refine access for a more secure organization that makes your whole life easier. For this type of implementation first lets define some terms used by StrideLinx. Groups is how you divide devices and users for a meaningful organization. Let's say you are an OEM and have sold a device in Montana and one in Florida. Well you can create a separate group for each of these locations. Groups are optional unless a user is assigned to a non-company-wide role. We'll get into the company and non-company wide in a few and this will make more sense then. Then there is Access Categories. This allows you to define pages and services that can be used. Roles is a selection of permissions that must be granted. Every user MUST be assigned a Role. From here you can set admin or device permissions and also add Access Categories. Once you have these set up, then you'll need to apply these to the router configuration. I will show this process later in the video. And then Users. This is a straight forward term. These are the individual Users, defined by email address, that are invited to share on this setup, which you can then define their Roles, Access and which groups they can use and connect with. When implementing this you will need to define the setup exactly in this order. As you will need to set up the Groups first, Access Categories next, then the Roles, then apply these settings to the router before a User can be assigned to each of them. The power and usefulness of this organization is straightforward as you wouldn’t want users in Florida to see and manage the information in the Montana plant and then vice versa. But as the OEM, you would want to be able to administer both installations. Also, when you get into Roles and Access Categories this will allow you to define what each user can affect on each system. Best way I can find to start out is to lay out what you have. So, we have these two customer sites that have your machines installed with the StrideLinx VPN. At our main plant, there is Me and Bob. I am the main Platform Administer and Bob is our Head Engineer. Each of us will need access to both sites or in the terms we used before - both Groups. At the Montana site we have the Head Technician named Mark and Henry is their Machine Operator. This setup is mirrored at the Florida site with John, the Head Technician and Steve, the Operator. The head technicians will need access to get on and make changes to the system but we will only want the operator to be able to view and monitor the data. This is how I would lay out the structure. To set this up in StrideLinx, I am going to assume that you have already set up your company and have your devices connected to the platform. After that, as I mentioned before, we will need to set up our Groups first. This is set up in the Admin app by selecting here. And then Groups here on the left hand side. And now select to add a Group. First I will add Montana, then Florida. Now, as I mentioned earlier, we will need to apply these to our routers. Once we apply these to the routers later in this setup, the groups will be more meaningful. And next we move on to Access Categories. Access Categories can be found in the Admin app by selecting the Roles on the left hand side. We have 3 Access Categories which are VPN Access, VNC Access and Machine Info Access. First, I will rename the default to Machine Info and then add the VPN Service and then the VNC Access. Now scroll up and look at Roles. When we look at Roles, we see this Type here. Notice that these two say Company-wide. This will be for Bob and me, allowing us to see both machines at the the Montana and Florida plant. Since we changed the Access Categories below, we will need to update these two Roles to include that. Select this one, hit edit, and now we can add VPN and VNC to this Role. Lets do the same for Bob, the Engineer. And here we see the difference with Bob's account that is not the platform administer. It cannot manage the Roles, Access Categories and Group Types, and custom fields. Now, lets create a new Role that will handle the Head Technician at each plant. Select to add a Role. And we are going to set this to a group specific role. And group specific means that it will only be able to access either Montana or Florida. I'll give this the name of Head Technician. And the Head Technician will be able to manage devices and use all these services. And now we'll create the Operator Role that will only be able to access the Machine Info page. Now we have the basic structure that we need for this application. Once we have that, we need to apply the Groups to the routers and set the services to the Access Category in each router. So navigate to the Fleet Manager app And first, let's configure the Montana router. Select here on the name of the device and here under Groups under Customer Type. I will set the router to the Montana group. Now to apply the services of the router to the Access Categories we created earlier. VPN connect is already shown here, so select that service and we are going to set this to the VPN Access Category and confirm the changes. Next we'll need to add the VNC server by hitting the Plus sign here and selecting the VNC server option. I will name this VNC server and assign this to VNC Access Category and confirm the changes. Last Access Category to configure is the Machine Info. This is done by selecting the View option here. What this will allow is to tie the Machine Info Access Category to an overview page that was created for each router under the Studio app. Here I make sure this page is in the Montana overview and assign Access Category to the Machine Info. These changes should be in sync with the device, but at any point this button here says to sync with device - make sure to select it after you make your changes. Now let's do the same thing for the Florida router. To add users, select Portal app from here. Let’s start with Mark, the Head Technician from Montana. Enter in his email. Select him as a Group-specific. Now we can set him to only access the Montana group as the Role of Head Technician. Then send the invite. We can do the same for Henry but set his Role as Operator. Now, just do the same thing for the Florida setup but select the group as Florida. Now that we have all this set up that will limit access properly, it allows for an easy organization. StrideLinx. Allowing you to get the most of your operation without having to travel. If you have any question on this setup or any questions on StrideLinx, please feel free to comment below. If you'd like to see more videos from the StrideLinx platform, select here and make sure to subscribe to our YouTube channel for new products and solutions.