beautypg.com

Realms – Echelon SmartServer 2.2 User Manual

Page 525

background image

526

Appendix C

– Securing the SmartServer

Note: If you declare a location “A” that happens to be a subset of another location “B,” it is assumed
that “A” is not included in the access rights of users in location “B.” For example:

topgun: 10.1.0.10
tenants: 10.1.*.*
all: *.*.*.*

This declaration means that tenants is the whole range 10.1.*.* with the exception of 10.1.0.10.
Similarly, all excludes 10.1.*.*.

Realms

Realms define the folders the various groups and locations are allowed to access. Each realm is
defined using the format URL:GROUP:LOCATION, where users from the specified GROUP and
LOCATION are given access to the specified URL. To create a realm follow these steps:

1. In the URL box, Enter the path of the folder on the SmartServer flash disk containing the Web

pages to be protected. This path is relative to the root/Web folder on the SmartServer flash disk.

2. Select the group to have access to the URL specified in step 1 from the Group list and then click

Add Group.

3. Select the location that must be used to access the URL specified in step 1 from the Location list

and then click Add Location.

For example, consider a SmartServer Web site that allows users to monitor occupancy information,
temperature, and light level on the floor on which they live within a three-story building. Floors 1, 2,
and 3 have corresponding Web pages stored in folders under /forms: /forms/floor1, /forms/floor2,
and /forms/floor3. There are five users that can access this site: superuser, Ann, Bob, Jill, and John.
They belong to the following groups: tenants_floor12, tenants_floor2, tenants_floor3, and admin as
described above.

Tenants are allowed to access Web pages of their floor only, but can login from any local host. Local
hosts may have any IP address in the network 10.1.0.0 / 254 (for example, 10.1.0.1–10.1.0.254). There
is one “superuser” that designs Web pages, and has unlimited access to the Web site. For security
purposes, “superuser” accesses the site from one host only using IP address 10.1.0.10. The Web site
should be restricted to all other users.

See also other documents in the category Echelon Sensors: