Network Topology

This section will describe the default Network Topology for the AMTAB System and how it’s possible to interface with external devices and applications.

Default Network Topology

Fig. 3 Default Network Topology

The Router Configuration section describes how the System Router is configured by default and how internal services are exposed.

System Cabinet + RFID Reader

The System Cabinet have the following associated network devices, IPs and services:

  • Router with optional 4G Modem

    • Static IP: 192.168.0.1/24

    • HTTPS (8001) - Router GUI

    • HTTPS (443) - SIPR GUI

    • SSH (22)

    • DHCP Server (.100-.254)

    • NTP Server

    • Dedicated WAN Port with DHCP Client or Static IP

    • WireGuard Client

    • Port Forwards (see Router Configuration)

  • Backplane with SIPR

    • Static IP: 192.168.0.20/24

    • HTTP (80) - GUI

    • Telnet (23) - Command Line Interface

  • Optional RFID Reader

    • Static IP: 192.168.0.21/24

    • HTTP (80) - GUI

    • SSH (22)

External Access

In normal cases, the system cabinet is physically inaccessible and a permanent solution for external access to the system should be fitted during installation.

If the system is used in Legal for Trade / OIML-R 106 / Certified scenarios, the following options are permitted:

  • Secure WireGuard Connection - Either to AMTAB’s network (securely separated per customer) or to a customer specific WireGuard interface. This allows secure, encrypted communication where access to the system can be selectively granted to authorized users. The actual internet connection can be provided via 4G or by direct connection to a secure network.

  • Reverse Proxy with HTTPS - This option allows external users to securely access the system via HTTPS. Supported by default with the default Router configuration.

Remote Support

To be able to remotely support the AMTAB System, AMTAB Technicians will need remote access to the system. There are multiple options available:

  1. Secure WireGuard connection between system and AMTAB Server (server-1.amtab.se:51820) - Most efficient and secure option which will allow AMTAB to support the system whenever it’s needed. WireGuard supports NAT Traversal so this option works with any standard 4G Data SIM Cards or if the system is connected to the internet behind firewalls or NAT. Enables support for the AMTAB Monitoring service which notifies technicians if any issues are detected. with any configuration. Also enables AMTAB Monitoring service.

  2. Direct access to system via VPN - A secure VPN connection the end customer’s network. This connection should also allow access to any related connected services. Does not allow AMTAB Monitoring service.

  3. Direct access to system via internet - Less secure than the WireGuard option, but it also allows any authorized user to easily access the system.

  4. Directly connected PC with Remote Desktop software (TeamViewer, AnyDesk etc) - Enables support but it’s a very inefficient option and should only be considered as a last resort. Does not allow AMTAB Monitoring service.

External Services / Applications

The AMTAB System is able to operate fully offline if needed, but functionality can be enhanced by providing external services:

  • MySQL Database - Enables storage of measurement data for further analysis or processing. Allows the customer to keep data for as long as it’s needed. Can be self-hosted on an internal network or in the cloud by AMTAB. For more information see Data Storage.

  • AMTAB Monitoring Service - An automated monitoring solution that collects information about the AMTAB System regularly and automatically notifies technicians if any issues are detected. This service is hosted by AMTAB in the cloud and requires that the system is reachable externally or via WireGuard.

  • NTP Server - The Router has an NTP Server which can be utilized, but for optimal performance an external NTP server is recommended. Used to provide accurate timestamps for train and RFID data.

  • DNS Server - To be able to access services by hostname, a DNS Server is needed. If the system has internet access a standard public one can be used such as 8.8.8.8 or 1.1.1.1.

  • FTP Server - Used to transfer new firmware versions to SIPR. Only required when a firmware update is required. Firmware update is performed by AMTAB Service.

  • Kathrein CrossTalk AppCenter - Used to install, maintain and monitor Kathrein RFID Readers if supplied together with the AMTAB System. If the system is accessible externally or via Wireguard this application can be provided by AMTAB. For more information see RFID Overview.

  • Custom/Existing Applications - Any application that can reach the AMTAB System or a connected database can integrate with the system to combine the measurement data with other business data. For more information see REST API and Data Storage.