News | Nov 16, 2022 8:37:37 AM
TOSIBOX® Virtual Central Lock is our smart network management that creates a direct point-to-point VPN tunnel between you and your devices. It enables a controlled OT network of always-on VPN connections for remote maintenance, continuous monitoring, real-time data collection and data logging.
We are constantly improving our solutions to deliver the best possible outcomes for our customers. We proudly present the biggest updates in the TOSIBOX® Virtual Central Lock's history.
What do you need to know, and how to prepare?
Virtual Central Lock 2.6 is a significant system upgrade. In fact, it is one of the largest upgrades ever. The entire underlying platform is migrated to the new Ubuntu version to provide greatly enhanced cybersecurity. The upgrade can be started directly from the UI with a button push. VCL runs software version checks and starts the automatic upgrade by downloading required updates.
Upgrade can reboot the system twice, do not interfere with the system while the upgrade process is running, and let it finish by itself. Make sure you have enough system resources available for the upgrade. Please, check the User manual for technical details. The upgrade can take up to 20-40 minutes, depending on system resources. You do not need to disconnect Tosibox Key users before starting the upgrade, but VPNs will go down, and users will be cut-off during the software installation.
We highly recommend that the Virtual Central Lock upgrade would be done during planned maintenance breaks. Reserve a couple of hours for yourself while no significant tasks are pending. It is highly recommended to take virtual machine backup before starting the upgrade, so you always have a plan B, just in case. Take also another backup after the upgrade and systematically after every one to two weeks based on the backup policy defined for your company. It is also worth of practice the restoring of the backup.
THE KEY POINTS OF THE UPDATE
Supported platforms
-VMWare vSphere/ESXi v7.0 GA & v6.7 update 3
-Microsoft Hyper-V on Windows Server 2016 and 2019
-Linux KVM
-Azure
-AWS
Redesigned access rights management
Access Groups has been redesigned from the group up. Access rights management is based on sets of devices and users that are grouped to create access rules called Access Groups. Access Group can consists of one or several device and user sets. Access Groups UI is modernised, it is graphical, mouse operated and based on drag and drop gestures. All the familiar features from previous releases are supported.
Greatly enhanced cybersecurity for Virtual Central Lock
Virtual Central Lock underlying operating system and libraries are upgraded. OS is upgraded to Ubuntu 18.04, web server is using Nginx 1.10.3, database is bumped up to PostgreSQL 10.19 and connectivity is utilising OpenVPN 2.5 and OpenSSL 1.1.1q all contributing to greatly enhanced system security.
New audit trail events
Audit trail stores various actions such as system state and configuration changes. Actions can be traced, filtered and exported on the Logs view. Virtual Central Lock has received many new audit events to complement increased functionality such as "System started" and "System shutdown".
Improved software update process
There are three types of updates
System upgrade – Major release containing foundational changes to the platform and applications
Software update – Minor release containing updates to selected parts of the system
Security patches – Security patches are constantly monitored in the background and automatically installed
Https login for web UI
Web UI access can be made via secure https protocol. Https encrypts traffic between the end user device and the web server and provides increased security. If https is enabled, it is used when accessing from the Virtual Central Lock LAN or over VPN connection.
Revised documentation
Virtual Central Lock user manual is revised thoroughly. For example it has a section for installation and system requirements, Access Rights Management is explained in detail, all audit trail events and email alerts are listed.
In addition fixed bug fixes
-VPNs are not cut-off when modifying VLANs
-Status page shows selected Lock and Sub Lock
-Protocol ICMP ping allowed in access group
-Renaming device in "Network devices" list results in unnecessary "Link protocol invalid" error
Tosibox is a perfect solution for OT connectivity as companies build and develop their operational networks. As always, you can view previous release notes here to learn more.
If you would like to have more information about TOSIBOX® Virtual Central Lock , contact us for demonstration.