Subscriber Discussion

To Tether Or Not To Tether...

Avatar
Mark Jones
Sep 05, 2016

The bulk of our IP based equipment is behind corporate firewalls that do not allow any kind of outside connections. Yet, we do from time to time need the benefit of Level 2 or 3 manufacturer's tech support. They always want to direct connect and we can't allow them through the firewalls. We have began to disconnect the devices from the network and tether our phones to the devices to allow remote support, but as you might imagine, it blows up a data plan. Has anyone ever looked at the cost of data plans vs the cost of air cards vs the cost of some other device (MiFi) for instance? Is there a preferred method or better way? The bulk of these sites are remote and standalone. Thank you in advance.

MM
Michael Miller
Sep 05, 2016

We have a pooled data plan from AT&T for 30GB of data. I use it for demos for customers when I go onsite to show our solutions and techs use it onsite for the same reasons your asking for. We use the phones as a hot spot and have not come close to our data limit yet. I also have a Verizon M2M account with 11GB of data which we use for USB and embedded routers for when we need a network port.

(1)
JH
John Honovich
Sep 05, 2016
IPVM

Mark,

Note: I bolded the part about you disconnecting the devices first so people are aware of that.

What carrier do you use? Have you checked for an unlimited data plan?

Avatar
Mark Jones
Sep 05, 2016

Most of the techs use AT&t, but a few use Verizon. Thank you John.

Avatar
Brian Rhodes
Sep 05, 2016
IPVMU Certified

My carrier, Verizon, has settings in place that demote connections to 2G after the first 5GB in a month are used. 2G equates to 128 Kb/s.

2G + voice and text
3G
4G (LTE)

GSM/EDGE

UMTS/HSPA/HSPA+

LTE

Up to 128Kbps

Up to 42Mbps HSPA+

Up to 150 Mbps

This capacity limit impacts the utility of tethered connections a great deal. Basic interface or command line stuff is probably okay, but beyond that, video is greatly constrained.

(1)
Avatar
Mark Jones
Sep 05, 2016

1 point against tethering.

(2)
MM
Michael Miller
Sep 05, 2016

When you get support I assume you mean teamviewer or some other remote desktop platform . This way the manufacture jumps into your laptop and then you direct connect the device to your laptop. If you want a direct connection (port forwarding) to your device you will need special plan from your wireless carrier called "Machine 2 Machine" or something similar. These plans are designed for remote access to networks and have a publicly routable static IP address. From my experience you will need a SIM card and USB modem or embedded router. These services don't get throttled like some tethering plans but you don't get unlimited data and will get charged for overages.

One of our customers got hammered for $130K for overages on there scada network (not our network). So keep that in mind for your techs.

U
Undisclosed #1
Sep 05, 2016
IPVMU Certified

The bulk of our IP based equipment is behind corporate firewalls that do not allow any kind of outside connections. Yet, we do from time to time need the benefit of Level 2 or 3 manufacturer's tech support. They always want to direct connect and we can't allow them through the firewalls.

Though I would imagine they would be less happy with a unknown cell tether on their network. Any chance they might see the rationale of allowing a temporary hole that they can manage vs one they are not aware of. (Assuming that they are not aware.)

(1)
Avatar
Mark Jones
Sep 05, 2016

Absolutely zero.

Avatar
Scott Bradford
Sep 06, 2016
IPVMU Certified

If this is happening fairly often, it would probably be worth it to you to have a dedicated aircard with an external router (like Cradle Point) that you pass around to your techs. I've had my rear saved by carrying an USB aircard more than a couple of times. I used a Virgin Mobile prepaid aircard, so I could turn it on for 24 hours and then let it lapse instead of having it run month after month.

The external router will give you hard wired Ethernet capabilities if you have to plug into a server, while still maintaining Wi-Fi. A Mi-Fi device is generally Wi-Fi only, and I've run into several situations where I needed an Ethernet port. I've see some that are battery powered if you need real 'in the field' abilities.

So, having a Pelican case with a Cradle Point, power strip with extension cord, USB aircard, and a couple of LONG Ethernet cables that you share around to your team will probably come in handy pretty often

(3)
SA
Shawn Abbott
Sep 06, 2016
IPVMU Certified

Our IP cameras are also under lockdown, but I can remote desktop into the servers from my laptop if I'm on the corporate network. I then will use teamviewer from my laptop with the manufacturer so they can access the equipment.

Avatar
Mark Jones
Sep 06, 2016

Thanks. Good idea, but we are not allowed to connect our laptops to the network in any way.

I like it though.

Avatar
Scott Bradford
Sep 06, 2016
IPVMU Certified

The other down side to tethering your phone and turning it into a Wi Fi Hotspot is that you lose the ability to make phone calls on your phone. So if you're online and then you need to call into tech support or do something else, you're kind of stuck.

(1)
Avatar
Mark Jones
Sep 06, 2016

Then there is that. A vote for Aircards or MIFI.

MM
Michael Miller
Sep 06, 2016

The other down side to tethering your phone and turning it into a Wi Fi Hotspot is that you lose the ability to make phone calls on your phone. So if you're online and then you need to call into tech support or do something else, you're kind of stuck.

That depends on the carrier you are using.

Avatar
Luis Carmona
Sep 21, 2016
Geutebruck USA • IPVMU Certified

True. Most carriers now allow both data and voice calls at the same time. Verizon was bad about this with iPhones, but for last year or two you have this ability.

Avatar
Ross Vander Klok
Sep 06, 2016
IPVMU Certified

If one of our integrators did this (circumventing the security put in place by IT) they would no longer be our integrators. We work hand in hand with IT and integrators to get them sitting down together whenever any type of remote assistance is needed.

If this is happening so often that it is an issue shouldn't you question why there are so many issues instead of how best to get around their network security policies?

Maybe I am missing something and this is all with the clients permission. In that case disregard my post!

(2)
(1)
Avatar
Jon Dillabaugh
Sep 07, 2016
Pro Focus LLC

I have an unlimited data account with Sprint that is grandfathered in. I say tether ;)

Avatar
Craig Mc Cluskey
Sep 08, 2016

You can have your IT people set up a DMZ on your firewall and then move your cameras to that for remote support.

Avatar
Luis Carmona
Sep 21, 2016
Geutebruck USA • IPVMU Certified

Most companies that are so strict will allow you to have a VPN connection to the network, you just have to jump some hoops and sign some paperwork. It's in their financial interest to permit remote support because I assume you would make that cheaper for them....? If you can inspire confidence in them that you know what you are doing and can be trusted, it's usually not a problem (from what I have seen).

(1)
Avatar
Ross Vander Klok
Sep 21, 2016
IPVMU Certified

Agree with that 100% Luis. It is circumventing the policies and procedures that causes an issue.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions