Using ACM/1600, ACM/400, ACM/100 with Remote Access Service

ID: Q121539

The information in this article applies to:

Microsoft Windows NT 3.1
Microsoft Windows NT Advanced Server, version 3.1
Microsoft Windows NT Workstation version 3.5
Microsoft Windows NT Server version 3.5
Microsoft Windows for Workgroups version 3.11

SUMMARY

This article was created in close collaboration between Microsoft and Security Dynamics, Inc. It explains how to install the various ACM models made by Security Dynamics with Microsoft Windows NT versions 3.1 and 3.5 and how to configure the Remote Access Service (RAS) clients that are going to call the RAS server with the ACM device. This article does not explain how to program the ACM devices themselves; please refer to the ACM documentation for that information.

The primary purpose of the ACM products is to give additional security to the already very secure Windows NT operating system. Windows NT provides two levels of security for RAS users. First, users need to be in the domain's user accounts database as valid users. Secondly, users need to be granted Remote Access permissions by their administrator in order to be successfully authenticated by a RAS server.

For Microsoft Windows NT customers with higher security needs, Security Dynamics adds a third level of security by requiring users to identify themselves to the server's ACM device with a password that dynamically changes every 30 seconds in a credit card-sized device that the users carry with them. The ACM device on the Windows NT RAS server is plugged in-line between the modems and the server's serial ports. If the user's password doesn't match, the user will be disconnected from the modem without ever interacting with Windows NT RAS.

The ACM devices work with both Windows NT workstations and Windows NT servers, but because Windows NT workstations allow only one incoming call at a time, the ACM devices are used more frequently with Windows NT Advanced Server version 3.1, which allows up to 64 simultaneous connections, and Windows NT Server version 3.5, which allows up to 256 simultaneous connections.

MORE INFORMATION

Hardware Requirements

ACM/1600 hardware running software version 4.08-5 or later -or-

ACM/400 hardware running software version 1.08-5 or later -or-

ACM/100 hardware running software version 1.12A or later

Microsoft Windows NT Advanced Server software version 3.1 or later -or-

Microsoft Windows NT (to host single session)

Microsoft Windows NT Advanced Server Remote Access Service software (RAS) for Windows NT version 3.1 or Windows for Workgroups version 3.11.

ACM Host and Modem adapters may be needed, depending on the model and hardware version of your ACM. Refer to Table 1 later in this document to determine your requirements.

Microsoft Windows NT Server Configuration

The MODEM.INF file supplied with the NT server software contains an entry for SDI's ACM/400 hardware product. The section is labeled [SD ACM400 w/ AT&T 3820]. This entry is designed for use with an AT&T Comsphere 3820 modem.

If you want to use a different modem with your ACM device, the macro definitions, such as <speaker_on>=M1, and the COMMAND_INIT= lines must be changed to comply with the modems to be used with the ACM hardware. (Although the section heading refers to the ACM/400 product, it can be used for ACM/100 and ACM/1600 devices as well.)

The easiest way to customize the ACM entry for your particular modem is to locate, within the MODEM.INF file, the section that refers to your modem type, and copy and paste that section to the end of the MODEM.INF file. Rename the section heading to reflect the ACM and modem type you're using. The length of the section heading must be limited to 31 or fewer characters, excluding the brackets.

If there is no entry for your specific modem, try to select from the list of supported modems a model that matches yours as closely as possible. Make your choice by comparing entries in the MODEM.INF file with commands for your modem. Refer to your modem's documentation for a description of your modem's commands. The documentation may also list compatible modems or models that it can emulate. After you have selected the appropriate modem and copied its settings to the end of the MODEM.INF file, rename the section heading to reflect the ACM and modem type you're using. Again, do not exceed 31 characters, excluding the brackets. (For more information on making an unsupported modem work with RAS, refer to the RAS client software Help file section titled "Modifying MODEM.INF.") Once that has been done, adjust the following settings :

Set the MAXCONNECTBPS parameter in the new [SD ACM] section of the MODEM.INF file to equal the highest speed that is compatible with the ACM hardware and modem being used. This will usually be 38400 or 19200 baud. For higher baud rates, consult Security Dynamics product support first.

Set Hardware Flow Control to ON (this is the default value). For assistance, refer to "Setting Modem Features" in the RAS Help file.

For more information regarding the MODEM.INF file, refer to your Microsoft Windows NT Advanced Server Remote Access Service manual.

Microsoft RAS Terminal Configuration

To prepare the client for Terminal mode:

Access the Remote Access Phone Book, and select the entry you want to connect to.

Choose Edit.

If the word "Advanced" appears in the button below the Cancel button, choose the Advanced button; otherwise, proceed with step 4.

If you are using a Windows for Workgroups version 3.11 or Windows NT version 3.1 client, choose the Switch button. If you are using a Windows NT version 3.5 client, choose the Security button.

If you are using a Windows for Workgroups version 3.11 or Windows NT version 3.1 client, select Terminal in the Post-connect Script field. If you are using a Windows NT version 3.5 client, select Terminal in the After Dialing field.

Choose OK.

Connecting to the Remote Access server:

In the Remote Access Phone Book, select the entry you want to connect to.

Choose Dial. When prompted, type your user name, password, and domain name, and then choose OK.

Type your PIN and CARDCODE in the Enter PASSCODE field of the Terminal screen, and then press ENTER.

The ACM will indicate that your PASSCODE has been accepted when the cursor drops down to the next line on the Terminal screen. If a connection message has been defined within the ACM, then it will be displayed.

Choose Done.

Authentication on the Remote Access server will begin.

ACM Hardware Configuration


Channel Settings:

   Baud Rate:     38.4k, 19.2k, 9600, 4800, 2400, 1200, or 300.
      Configure the ACM channel baud rate to match the MAXCONNECTBPS
      parameter in the Windows NT server MODEM.INF file's [SD ACM400]
      section. This would normally be 19200 or 38400 baud.

   Data Bits:     7 or 8 to match NT Server   (default=8)

   Stop Bits:     No setting required

   Parity:        None, Even, Odd, Mark, or Space to match Windows NT
                  Server. (default=none)

   Protocol:     DCD at modem and DCD at Host. (d-d)  (default)

   Host Command Mode:  N  (default)

   Dialout:     Y (enabled)
      NOTE: For the dialout option to function properly, your ACM hardware
      may require Host and Modem adapters to be attached to each port of
      your ACM. Various revisions of the ACM hardware exist, requiring
      different models of these adapters. Refer to table 1 to determine
      your needs.

Cabling Issues

In order for the ACM to function properly, it is very important that the cables used to connect devices to the ACM hardware are properly configured. The cables should include at least the following pins: 1, 2, 3, 4, 5, 6, 7, 8, 20, and 22. The Dialout option, in particular, is reliant on pin 22 (Ring Indicator) to function properly. The cable connecting the modem to the ACM's DTE port MUST support pin 22 or the Dialout function will not operate properly. When the Ring Indicator connection protocol is selected, the cable connecting the ACM on either the modem or host side of the ACM will require pin 22, depending on the particular setting selected.

If you have any questions regarding the contents or use of this document, please call Security Dynamics Customer Support Department at (617) 876- 9640.

Table 1 - Dialout Adapter Requirements by Hardware Type / Serial Number



ACM          Rev.     Serial No. Range       Adapter(s)
-------------------------------------------------------------------------
100                   ALL                    No adapters required

400           A       4000 - 4499            AG15 (DCE) / Host Adapter 1
                                             JB15 (DTE) / Modem Adapter

400           B       4500 - 4629            AG11 / Host Adapter -3
                                             Modem adapter not required

400           C       4630 +                 No adapters required

1600        0 - 6     1000 - 1799            AG15 / Host Adapter -1
                      +2000-2003             JB15 / Modem Adapter

1600          7       1800 - 1899            AG24 / Host Adapter -2

1600          8       1900 - 1949            AG11 / Host Adapter -3

1600          9       2050 +                 No adapters required

These adapters are available free of charge on request from Security Dynamics. Determine the adapter(s) you require according to the model and serial number of your ACM. Call Security Dynamics Customer Support Department at (617) 876-9640.

The third-party products discussed here are manufactured by vendors independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability.

All product and brand names herein are trademarks and service marks of their companies.

For additional information please contact Security Dynamics at:

Security Dynamics
One Alewife Center
Cambridge, MA 02140-2312
USA

(617) 547-7820
Fax: (617) 354-8836
Customer Support: (617) 876-9640

Additional query words: wfw wfwg 3.10 3.11 prodnt

Keywords : ntprotocol
Version : WINDOWS:3.11; winnt:3.1,3.5; :3.1
Platform : WINDOWS winnt
Issue type :