Using ACM/1600, ACM/400, ACM/100 with Remote Access Service

• Microsoft Windows NT operating system version 3.1
• Microsoft Windows NT Advanced Server version 3.1
• Microsoft Windows NT Workstation version 3.5
• Microsoft Windows NT Server version 3.5
• Microsoft Windows for Workgroups version 3.11

SUMMARY

This article was created in close collaboration between Microsoft and Security Dynamics, Inc. It explains how to install the various ACM models made by Security Dynamics with Microsoft Windows NT versions 3.1 and 3.5 and how to configure the Remote Access Service (RAS) clients that are going to call the RAS server with the ACM device. This article does not explain how to program the ACM devices themselves; please refer to the ACM documentation for that information.

The primary purpose of the ACM products is to give additional security to the already very secure Windows NT operating system. Windows NT provides two levels of security for RAS users. First, users need to be in the domain's user accounts database as valid users. Secondly, users need to be granted Remote Access permissions by their administrator in order to be successfully authenticated by a RAS server.

For Microsoft Windows NT customers with higher security needs, Security Dynamics adds a third level of security by requiring users to identify themselves to the server's ACM device with a password that dynamically changes every 30 seconds in a credit card-sized device that the users carry with them. The ACM device on the Windows NT RAS server is plugged in-line between the modems and the server's serial ports. If the user's password doesn't match, the user will be disconnected from the modem without ever interacting with Windows NT RAS.

The ACM devices work with both Windows NT workstations and Windows NT servers, but because Windows NT workstations allow only one incoming call at a time, the ACM devices are used more frequently with Windows NT Advanced Server version 3.1, which allows up to 64 simultaneous connections, and Windows NT Server version 3.5, which allows up to 256 simultaneous connections.

MORE INFORMATION

Hardware Requirements

• ACM/1600 hardware running software version 4.08-5 or later -or- ACM/400 hardware running software version 1.08-5 or later -or- ACM/100 hardware running software version 1.12A or later
• Microsoft Windows NT Advanced Server software version 3.1 or later -or- Microsoft Windows NT (to host single session)
• Microsoft Windows NT Advanced Server Remote Access Service software (RAS) for Windows NT version 3.1 or Windows for Workgroups version 3.11.

Microsoft Windows NT Server Configuration

The MODEM.INF file supplied with the NT server software contains an entry for SDI's ACM/400 hardware product. The section is labeled [SD ACM400 w/ AT&T 3820]. This entry is designed for use with an AT&T Comsphere 3820 modem.

If you want to use a different modem with your ACM device, the macro definitions, such as <speaker_on>=M1, and the COMMAND_INIT= lines must be changed to comply with the modems to be used with the ACM hardware. (Although the section heading refers to the ACM/400 product, it can be used for ACM/100 and ACM/1600 devices as well.)

The easiest way to customize the ACM entry for your particular modem is to locate, within the MODEM.INF file, the section that refers to your modem type, and copy and paste that section to the end of the MODEM.INF file. Rename the section heading to reflect the ACM and modem type you're using. The length of the section heading must be limited to 31 or fewer characters, excluding the brackets.

If there is no entry for your specific modem, try to select from the list of supported modems a model that matches yours as closely as possible. Make your choice by comparing entries in the MODEM.INF file with commands for your modem. Refer to your modem's documentation for a description of your modem's commands. The documentation may also list compatible modems or models that it can emulate. After you have selected the appropriate modem and copied its settings to the end of the MODEM.INF file, rename the section heading to reflect the ACM and modem type you're using. Again, do not exceed 31 characters, excluding the brackets. (For more information on making an unsupported modem work with RAS, refer to the RAS client software Help file section titled "Modifying MODEM.INF.") Once that has been done, adjust the following settings :

1. Set the MAXCONNECTBPS parameter in the new [SD ACM] section of the MODEM.INF file to equal the highest speed that is compatible with the ACM hardware and modem being used. This will usually be 38400 or 19200 baud. For higher baud rates, consult Security Dynamics product support first.

2. Set Hardware Flow Control to ON (this is the default value). For assistance, refer to "Setting Modem Features" in the RAS Help file.

Microsoft RAS Terminal Configuration

To prepare the client for Terminal mode:

1. Access the Remote Access Phone Book, and select the entry you want to connect to.

2. Choose Edit.

3. If the word "Advanced" appears in the button below the Cancel button, choose the Advanced button; otherwise, proceed with step 4.

4. If you are using a Windows for Workgroups version 3.11 or Windows NT version 3.1 client, choose the Switch button. If you are using a Windows NT version 3.5 client, choose the Security button.

5. If you are using a Windows for Workgroups version 3.11 or Windows NT version 3.1 client, select Terminal in the Post-connect Script field. If you are using a Windows NT version 3.5 client, select Terminal in the After Dialing field.

6. Choose OK.

1. In the Remote Access Phone Book, select the entry you want to connect to.

2. Choose Dial. When prompted, type your user name, password, and domain name, and then choose OK.

3. Type your PIN and CARDCODE in the Enter PASSCODE field of the Terminal screen, and then press ENTER.

   The ACM will indicate that your PASSCODE has been accepted when the cursor drops down to the next line on the Terminal screen. If a connection message has been defined within the ACM, then it will be displayed.

4. Choose Done.

ACM Hardware Configuration

Channel Settings:

   Baud Rate:     38.4k, 19.2k, 9600, 4800, 2400, 1200, or 300.
      Configure the ACM channel baud rate to match the MAXCONNECTBPS
      parameter in the Windows NT server MODEM.INF file's [SD ACM400]
      section. This would normally be 19200 or 38400 baud.

   Data Bits:     7 or 8 to match NT Server   (default=8)

   Stop Bits:     No setting required

   Parity:        None, Even, Odd, Mark, or Space to match Windows NT
                  Server. (default=none)

   Protocol:     DCD at modem and DCD at Host. (d-d)  (default)

   Host Command Mode:  N  (default)

   Dialout:     Y (enabled)
      NOTE: For the dialout option to function properly, your ACM hardware
      may require Host and Modem adapters to be attached to each port of
      your ACM. Various revisions of the ACM hardware exist, requiring
      different models of these adapters. Refer to table 1 to determine
      your needs.

Cabling Issues

In order for the ACM to function properly, it is very important that the cables used to connect devices to the ACM hardware are properly configured. The cables should include at least the following pins: 1, 2, 3, 4, 5, 6, 7, 8, 20, and 22. The Dialout option, in particular, is reliant on pin 22 (Ring Indicator) to function properly. The cable connecting the modem to the ACM's DTE port MUST support pin 22 or the Dialout function will not operate properly. When the Ring Indicator connection protocol is selected, the cable connecting the ACM on either the modem or host side of the ACM will require pin 22, depending on the particular setting selected.

If you have any questions regarding the contents or use of this document, please call Security Dynamics Customer Support Department at (617) 876- 9640.

Table 1 - Dialout Adapter Requirements by Hardware Type / Serial Number

ACM          Rev.     Serial No. Range       Adapter(s)

100                   ALL                    No adapters required

400           A       4000 - 4499            AG15 (DCE) / Host Adapter 1
                                             JB15 (DTE) / Modem Adapter

400           B       4500 - 4629            AG11 / Host Adapter -3
                                             Modem adapter not required

400           C       4630 +                 No adapters required

1600        0 - 6     1000 - 1799            AG15 / Host Adapter -1
                      +2000-2003             JB15 / Modem Adapter

1600          7       1800 - 1899            AG24 / Host Adapter -2

1600          8       1900 - 1949            AG11 / Host Adapter -3

1600          9       2050 +                 No adapters required

The third-party products discussed here are manufactured by vendors independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability.

All product and brand names herein are trademarks and service marks of their companies.

For additional information please contact Security Dynamics at:

   Security Dynamics
   One Alewife Center
   Cambridge, MA  02140-2312
   USA

   (617) 547-7820
   Fax: (617) 354-8836
   Customer Support: (617) 876-9640