Managing the Network
The VPN is set up manually by our IT, and therefore not managed in terraform projects. If you want to make changes for it, open a ticket and mention the “iot network”. All traffic is being firewalled, and therefore some ports are forwarded.
Architecture
The basic architecture looks as follows:
Each location is connected to a zentral Azure VPN with a site-to-site connection. On the locations side, Ubiquity is used to manage the local network and configure the VPN.
Remote users can connect to the Azure VPN via a direct connection, have a look here: Accessing the VPN The VPN is configured as split tunnel, and all the traffic is being firewalled. Allowed ports are listed here.
DNS
Devices can be reached easily via DNS entries under *.lab.enpal.io.
They get managed in our Azure DNS zone.
Example: An IoT in a testbench always gets the same IP if configured correctly. By providing a custom DNS entry in our Azure DNS zone, we can resolve the IP.
Make sure that the local LAN is set up correctly and that the resolving devices uses the Azure DNS for resolving.
Resources
IoT VPN IP overview: Excel list
Creating testbench network
Create a New Virtual Network in Unifi for Customer LAN
Select a Free IP Range according to your location
Add the choosen IPs to the IoT VPN overview Excel list
Access Unifi Site Portal
Go to the Unifi Site Portal: Unify portal and log in. If you do not have access, reach out to our :ref:`l-team.
Switch to the Testbench Location
Create a New Virtual Network
Go to Settings (gear icon), then Networks, and create a new virtual network (New Virtual Network).
Naming the Network
Name the network according to the convention “(TBx) Kunden LAN” where x is the testbench number.
Disable Autoscale Network
Disable the Autoscale Network option.
Enter the IP Range
Input the IP range from the table, incremented by one, with the netmask /28. Ensure it shows “16 usable Hosts.”
Advanced Settings
Select “Manual” in the Advanced settings
Disable Auto DNS Server
Disable the Auto DNS Server option.
Enter DNS Servers
Enter the DNS servers:
10.253.0.132and1.1.1.1.
Create a New Virtual Network in Unifi for Enpal LAN
Naming the Network
Name the network according to the convention “(TBx) Enpal LAN” where x is the testbench number.
Select Third-party Gateway
Choose “Third-party Gateway” as the router.
Select a Free VLAN
Choose a free VLAN for the network:
Connect the New Switch of the Bench to the Distribution Switch
Preliminary Step
Ensure the network components of the bench are not yet connected to the switch.
Adopt the Switch
Adopt the switch in the Unifi Portal.
Naming the Switch
Name the switch according to the convention “Testbench x Switch.”
Configure the Ports of the Switch in the Port Manager
Port layout
Port number
Port name
Device
VLAN
Tagged VLAN
1
Testbench x (Up Link)
Main Distribution Switch
Default
Allow All
2
(TBx) IOT Kunden LAN
IOT (Customer LAN Port)
(TBx) Kunden LAN
Block All
3
(TBx) Testbrain
Testbrain
(TBx) Kunden LAN
Block All
4
(TBx) IOT Enpal LAN
IOT (Enpal LAN Port)
(TBx) Enpal LAN
Block All
5
(TBx) Inverter
Inverter
(TBx) Enpal LAN
Block All
Uplink Port (Port 1)
Name the port “Testbench x (Up Link).”
Configure the network settings:
Native VLAN: Default
Tagged VLAN Management: Allow All
Customer LAN Ports
Configure the network settings:
Native VLAN: (TBx) Customer LAN
Tagged VLAN Management: Block all
Enpal LAN Ports
Configure the network settings:
Native VLAN: (TBx) Enpal LAN
Tagged VLAN Management: Block all
Connect all devices to the switch
Connect all the devices to the configured switch according to the port layout defined above.
Make a DNS entry in our Azure DNS zone for the IoT/Testbrain