Secure Lobby User Guide
How to use Secure Lobby
Secure Lobby™ is the Secure Remote Access capability included in the Byos Edge Microsegmentation solution. This guide will show you how to use all of the features included within.
Running a Secure Lobby Discovery Scan
Each Byos µGateway can run a Discovery of all endpoint devices connected to it. In the Management Console, navigate to Quick Access, select a µGateway device, and then click Secure Lobby.
When the Administrator clicks Run Discovery, the µGateway will do a network discovery scan of all endpoints inside the microsegment.
Once the discovery scan is complete, you will see a table with a list of endpoints included inside of the microsegment:
What information is displayed by a Discovery Scan?
- Endpoint - the name of the Endpoint
- IP Address - the local IP address of the Endpoint inside of the Secure Lobby
- MAC Address - the MAC address of the endpoint
- Port In - the Port which traffic enters the Endpoint. This Port can be customized by clicking Save or Edit
- Port Out the Port which traffic exits the Endpoint.
- Service the communication protocol running through that Port
- Vendor the OEM that manufactured the endpoint
- Description a brief description of what the Endpoint + Port combo is used for. This port can be customized by clicking Save or Edit
- Last Seen - the date and time which the Endpoint was last active in the Lobby
- Now indicates an active Endpoint’s Port visible in the lobby
- Status - there are two status icons
- The green shield icon means the Endpoint is visible in Secure Lobby
- The blue list icon means the µGateway has discovered the Endpoint
Adding Devices into the Lobby
Once the Discovery Scan is complete, the endpoints discovered that you wish to connect to will need to be added into the Secure Lobby before they become visible. To do that, click Add.
This will make them visible by any administrator connecting to the Lobby, indicated by the green shield icon.
Turning Secure Lobby On/Off
To turn Secure Lobby On or Off, click the toggle switch on in the left Navigation Bar.
Once the Secure Lobby connection has been established, the private IP address of that µGateway’s microsegment is displayed at the top of the window and shows “Now” in the “Last Seen” Column
Now you will use that IP address of the microsegment to access any of the endpoints that are visible in the Lobby.
Examples - Using RDP, SSH, and Web connections inside the Secure Lobby
In the example architecture below, the Byos µGateway is connected to a switch, which has 3 devices behind it:
- RDP-enabled Windows Laptop (Port 3389)
- SSH-enabled Linux on a Raspberry Pi (Port 22)
- Web-enabled IP Camera (Port 80)
After running a Discovery scan, adding these devices to the Secure Lobby, and clicking the toggle to turn on Secure Lobby, we can see from the dashboard:
Now to access each one of these endpoints in the microsgment, connect to the Secure Lobby with your computer using OpenVPN. Your computer will now be in the same Private IP range as indicated in the Screenshot above (172.20.0.X)
RDP-enabled Windows Laptop (Port 3389)
Now open up your Remote Desktop app, and select the proper 172.20.122 microsegment and click connect
Enter the login credentials for the remote PC, and you’re in.
SSH-enabled Linux on a Raspberry Pi (Port 22)
Open up a terminal, and log into the device via SSH
Now that you are inside of the endpoint in the Lobby, you are free to run commands. A simple Ping command shows the device can access the internet.
Web-enabled IP Camera (Port 80)
To access the Web-enabled IP camera, I open up the camera’s app and type in the Secure Lobby microsegment IP address (172.20.0.122).
Once logged in, I can see the camera’s live feed remotely.
Last updated on April 13, 2022