Secure Lobby User Guide

Secure Lobby™ is the Secure Remote Access capability included in the Byos Edge Microsegmentation solution. This guide will show you how to use all of the features included within.

Running a Secure Lobby Discovery Scan

Each Byos µGateway can run a Discovery of all endpoint devices connected to it. In the Management Console, navigate to Quick Access, select a µGateway device, and then click Secure Lobby.

When the Administrator clicks Run Discovery, the µGateway will do a network discovery scan of all endpoints inside the microsegment.

Once the discovery scan is complete, you will see a table with a list of endpoints included inside of the microsegment:

What information is displayed by a Discovery Scan?

Endpoint - the name of the Endpoint

IP Address - the local IP address of the Endpoint inside of the Secure Lobby

MAC Address - the MAC address of the endpoint

Port In - the Port which traffic enters the Endpoint. This Port can be customized by clicking Save or Edit

Port Out the Port which traffic exits the Endpoint.

Service the communication protocol running through that Port

Vendor the OEM that manufactured the endpoint

Description a brief description of what the Endpoint + Port combo is used for. This port can be customized by clicking Save or Edit

Last Seen - the date and time which the Endpoint was last active in the Lobby

Now indicates an active Endpoint’s Port visible in the lobby

Status - there are two status icons

The green shield icon means the Endpoint is visible in Secure Lobby

The blue list icon means the µGateway has discovered the Endpoint

Adding Devices into the Lobby

Once the Discovery Scan is complete, the endpoints discovered that you wish to connect to will need to be added into the Secure Lobby before they become visible. To do that, click Add.

ℹ️

You will need to give the endpoint a Description and confirm which Port In you wish to communicate over.

This will make them visible by any administrator connecting to the Lobby, indicated by the green shield icon.

Turning Secure Lobby On/Off

To turn Secure Lobby On or Off, click the toggle switch on in the left Navigation Bar.

Once the Secure Lobby connection has been established, the private IP address of that µGateway’s microsegment is displayed at the top of the window and shows “Now” in the “Last Seen” Column

Now you will use that IP address of the microsegment to access any of the endpoints that are visible in the Lobby.

Examples - Using RDP, SSH, and Web connections inside the Secure Lobby

In the example architecture below, the Byos µGateway is connected to a switch, which has 3 devices behind it:

RDP-enabled Windows Laptop (Port 3389)

SSH-enabled Linux on a Raspberry Pi (Port 22)

Web-enabled IP Camera (Port 80)

After running a Discovery scan, adding these devices to the Secure Lobby, and clicking the toggle to turn on Secure Lobby, we can see from the dashboard:

Now to access each one of these endpoints in the microsgment, connect to the Secure Lobby with your computer using OpenVPN. Your computer will now be in the same Private IP range as indicated in the Screenshot above (172.20.0.X)

RDP-enabled Windows Laptop (Port 3389)

Now open up your Remote Desktop app, and select the proper 172.20.122 microsegment and click connect

Enter the login credentials for the remote PC, and you’re in.

SSH-enabled Linux on a Raspberry Pi (Port 22)

Open up a terminal, and log into the device via SSH

Now that you are inside of the endpoint in the Lobby, you are free to run commands. A simple Ping command shows the device can access the internet.

Web-enabled IP Camera (Port 80)

To access the Web-enabled IP camera, I open up the camera’s app and type in the Secure Lobby microsegment IP address (172.20.0.122).

Once logged in, I can see the camera’s live feed remotely.