Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PC102 and version 1.2.3

Background

The Kodak Remote Support System (RSS) is an infrastructure for connecting to and supporting Kodak customers’ equipment. RSS provides connectivity management, diagnostic tools, per-site equipment information, automated support tasks, and basic support management features. Kodak has used RSS to provide remote support since 2000. As technologies and Kodak products evolve, the RSS adapts to meet these changing needs.

For further information about Kodak RSS, contact a service representative at your regional Response/Support Center at the number listed at the end of this bulletin.

Kodak RSS VPN Connectivity

RSS VPN is the latest secure broadband connectivity method to be added to Kodak RSS. It is the primary technology used for making remote connections. RSS VPN connectivity is a centrally-managed VPN solution dedicated for Kodak RSS use. RSS VPN is capable of establishing direct peer-to-peer authenticated and encrypted tunnels by automatically bypassing network address translations (NAT) and stateful firewall devices on the route between trusted peers. The result is a low-latency virtual network requiring few or no configuration changes to an existing network infrastructure. Additionally, RSS VPN is capable of establishing TCP relayed tunnels when the low-latency network requirements cannot be met. Kodak RSS VPN utilizes a third-party mediation service that is powered by LogMeIn® Hamachi. The service is managed by Kodak RSS; only RSS Client peers that Kodak has registered are deemed to be trusted and may communicate via the RSS Connector.

The RSS VPN connectivity solution includes three main components: Kodak RSS Client Software, Kodak RSS Connector, and Kodak RSS Server.

RSS Client Software is installed on customer servers and workstations. Its purpose is to communicate online status and availability to the RSS Connector, and to establish a secure tunnel with the RSS Server.

RSS Connector tracks the RSS Client peers' locations (server and workstations running RSS Client Software) and provides the mediation services required for establishing direct peer-to-peer VPN tunnels between the RSS Client Software and the RSS Server. In rare cases where a direct peer-to-peer tunnel cannot be established, the RSS Connector is used to relay tunnels between the RSS Server and RSS Client Software.

RSS Server is the software that service representatives around the world use to establish remote connections to supportable equipment. The RSS Server controls the management of VPN tunnels through a secure connection to the RSS Connector.

How these components work together to provide a secure broadband connection?

When the Kodak RSS Client Software is enabled on a peer, it establishes a connection to the RSS Connector, using the proprietary LogMeIn Hamachi Client Control protocol to authenticate and communicate its online status. Using RSS Server, a service representative must initiate a remote support connection to the RSS Client peer. At this point, the RSS Server communicates to the RSS Connector that the RSS Server and the RSS Client peer are to be joined in a secure trust relationship. Only then does the RSS Server and RSS Client build a secure encrypted (AES 256 bit) and authenticated VPN tunnel.

RSS VPN Requirements

System requirements: Kodak RSS Client Software is supported on the following operating systems: Microsoft Windows 2000 Professional, Windows 2000 Server, Windows XP Professional, Windows 7 Professional, Windows Server 2003, Windows Server 2008 R2, Windows 7 (32 & 64 bit), Windows Server 2012 R2, Windows 10. The system must have a default gateway configured under the TCP/IP networking properties.

Network requirements: The RSS Client peer must be on a network segment that has access to the public Internet. If the network uses a proxy server to access the Internet, RSS VPN traffic must be configured to bypass the proxy. This may require additional firewall rules and/or proxy configuration settings.

Firewall requirements: The majority of firewalls do not require configuration changes for RSS VPN to operate. However, firewall configurations that explicitly block certain outbound ports require the services (protocols) that are described next to be permitted through the firewall.

For customers with more stringent security environments, explicit firewall rules may be configured to only allow RSS Client peer VPN traffic to and from the worldwide RSS Servers and the RSS Connector (see the following table).

  • Client Control Protocol is responsible for three things: client/server communication, login, and NAT discovery. The protocol consists of four static ports (1 TCP, 3 UDP) and a range of UDP ports (see the following table). The RSS Client peers must have access to the RSS Connector’s ports using this protocol. An exception to the above port requirement is the ‘non low-latency’ TCP relayed configuration which uses a single TCP port (see the following table).

  • Transport Protocol is responsible for securely tunneling traffic between an RSS Client peer and the RSS Server. The transport protocol may be Transport—Direct (Client peer to RSS Server), or Transport— Relay (Client peer through RSS Connector to RSS Server). Direct tunnels use a static port at the RSS Server and Relay tunnels use a static port at RSS Connector. RSS Client peers must have access to the static UDP ports of the RSS Connector and all worldwide RSS Servers. An exception to the above port description is the ‘non low-latency’ TCP relayed configuration which uses a single TCP port.

    #

    Source

    Destination

    Port

    Protocol

    Protocol Name

    1

    RSS Client Host

    RSS Connector 1

    74.201.74.32

    6504

    16504

    36504

    46504-46604

    TCP

    UDP

    UDP

    UDP

    Client Control Protocol

    2

    RSS Client Host

    RSS Connector 2

    74.201.74.34

    26504

    UDP

    Client Control Protocol

    3

    RSS Client Host

    RSS Servers

    155.50.2.20

    155.50.2.21

    155.50.2.22

    6504

    UDP

    Transport-Direct

    4

    RSS Client Host

    RSS Connector 1

    74.201.74.32

    6504

    UDP

    Transport-Relay

    5

    RSS Client Host

    RSS ServiceNet

    155.50.32.199

    6504

    TCP

    ServiceNet

    For more information about the technologies and security that are used in the above protocols from LogMeIn Hamachi, go to https://secure.logmein.com/products/hamachi/security.asp.

Download, Install, and Register RSS Client Software

Your can download the RSS Client Software from https://ecentral.kodak.com/RSS and install it on Kodak supportable server and workstations systems that meet the requirements in this bulletin. After installing RSS Client Software, contact a service representative to complete the registration process and test RSS VPN.

Prinergy Cloud

The Kodak PRINERGY Cloud is a platform that hosts a suite of new SaaS offerings that augment and expand your current Prinergy Workflow investment.

Benefits Include:

  • Leverage the global Microsoft Azure platform ensuring fast performance
  • Multiple regional data centers world-wide
  • Built in multiple layers of redundancy
  • 24/7 continuous monitoring
  • High availability and Security
  • Scale intelligently as needed 
  • Subscription based pricing for expense control and up-date releases.
  • ANALYTICS ENABLED for better business decision making

Prinergy Cloud Connectivity

The following diagram describes connectivity between the Kodak Prinergy Workflow System and the Prinergy Cloud.

Exclusively on the Microsoft Azure platform. The list of regional data centers can be found at the link below: https://workflowhelp.kodak.com/display/PA10/Service+Description.

To find the destination DNS addresses that are being used by the Prinergy Cloud Services you have subscribed to; click the link below and download the publically available IP range file from Microsoft. 

https://www.microsoft.com/en-us/download/details.aspx?id=41653

Open the file in a text editor and browse the list of addresses to find the regional data center where your Prinergy Cloud Services are hosted.

To access a Prinergy Cloud User Interface or Decision Analytics Dashboards, you will need the address below for the data center where your subscribed services are hosted:

Kodak Response/Support Center phone numbers:

Australia: 1 800 222 555

Ireland: 1800.92 4501

Spain: 900 11 39 99

Belgium: 0800 95 999

Italy: 800 90 56 09

Sweden: 020 12 01 999

China: 800 820 0861

Japan: 0120 327 326

Switzerland: 0800 19 99 99

Denmark: 80 40 49 99

Luxemburg: 32.2.352 30 90

The Netherlands: 0800 02 00 999

Finland: 0800 30 399

New Zealand: 0800 273 6111

United Kingdom: 0800 09 63 199

France: 0800 00 11 99

North America: 800 472 2727


Germany: 0800 101 99 99

Norway: 800 628 99