Using ConsoleWorks as a Field Service Gateway to a protected resource

Three of ConsoleWorks' advantages are controlling and monitoring device
access, and logging activity from those devices. However, in some
cases, it may not be possible to provide direct access to a protected
device to the ConsoleWorks server. If, however, you are able to log into
the ConsoleWorks server command prompt from within the network containing
the protected device, this article shows a method for extending access
to the protected device onto the ConsoleWorks server.

In the specific case described here, a ConsoleWorks instance was available in
a network location where Field Service personnel could access the ConsoleWorks
server. However, the protected devices were available only on a restricted
network to which that particular ConsoleWorks had no access. The required
outcome for Field Service to be successful was to provide Field Service
with monitored, shared, and logged access to 2 protected devices on the
restricted network.

click for larger image

To create a solution, a machine on the restricted network is used
to create 2 ssh port-forward's onto the ConsoleWorks server so that
corresponding consoles can be created in ConsoleWorks. Please refer
to the diagram on the left for machine names and network diagram:

On the SSHSRV machine, execute the command:

This creates 2 network ports, 2221 and 2222, on the CWSERVER
machine, where port 2221 is forwarded to the ssh server on MANAGED_DEV_1
and port 2222 is forwarded to the ssh server on MANAGED_DEV_2.

On CWSERVER, now define 2 SSH with Password (or key if that suits your
needs) consoles, but define the consoles to point to 'localhost', ports
2221 and 2222, and appropriate access credentials for the MANAGED_DEV_n
machines.

Now you will be able to provide appropriate profile-controlled access
to a FIELD_SERVICE acount on CWSERVER, and your field service personnel
can access the MANAGED_DEV_n devices while you observe all activities
from MON_PC.