SuPR requires Microsoft NT4.0 Server or NT4.0 Workstation running on an X86 class processor (NT). It is recommended that Service Pack 3 (SP3) or later be installed for optimum performance. SuPR Remote Access Service (RAS) connections can be made with any device that can be configured to operate with NT Dial Up Networking (DUN). This includes COM port internal or external modems, ISDN adapters, X.25 adapters, Switched 56 adapters and the multiport SrDA POP modem adapter. NT likes memory. A minimum of 32MBytes of memory is recommended for optimum performance. SuPR was designed for ease of setup and ease of operation for both server and client browser users. All clients must be networked to the SuPR NT machine using TCP/IP protocols. Clients can be other NT Servers or Workstations, Windows 98, Windows 95, Windows 3.1, or generally any system that uses HTTP, HTTPS, FTP, SMTP, POP3, or NEWS (NNTP) protocols for internet browsing, mail, and news applications. NT Installation should be performed under a user logon with Administrator privileges.

Firewall requirements arise when an Internet Service Provider (ISP) allocates a pool of Internet addresses to the user's network and installs these addresses in the ISP Public Internet routers. Each of these assigned addresses can be accessed by anyone on the Public Internet. The problem is very acute when a local router connected to the internal Local Area Network (LAN) performs the interface to the ISP. The way to avoid this security problem is to use only Single User Accounts (SUAs) with the ISP and to make connections with the ISP that are physically and logically separate from the internal LAN IP address. SuPR supports the use of SUAs. The benefits of using only SUAs for Firewall Protection with SuPR against inappropriate access from users on the Public Internet can be explained with this chart.

SuPR User Environment

Pubic Telephone Network

ISP Server and Network Access Routers

The Public Internet

Connections to the ISP are physically and logically separate from the LAN IP address

Point to point dial up lines to the ISP are private and not shared.

ISP dynamically assigns an IP address for each call setup. This changes with every call.

If a hacker can obtain one of the dynamically assigned IP addresses, then the hacker can Ping the IP address to the SuPR Server; however, this is ALL the hacker can do.

SuPR uses a safe method for FTP access. The FTP server always tells SuPR what external port to connect to in order to perform a data transfer. Therefore, SuPR performs the connect outward to the supplied external port address on the FTP server. SuPR does not perform any IP filtering in order to prevent inside SuPR users from accessing network sites. This can be done in each of the internet browsers if desired.

Enter A:\SETUP and OK. The following screen will appear.

Check to make sure the 3 files copied OK and note where they went.

RFC 1918 Address Allocation for Private Internets - February 1996

3. Private Address Space

An enterprise that decides to use IP addresses out of the address space defined in this document can do so without any coordination with IANA or an Internet registry. The address space can thus be used by many enterprises. Addresses within this private address space will only be unique within the enterprise, or the set of enterprises which choose to cooperate over this space so they may communicate with each other in their own private internet.

This manual uses IP addresses such as 192.168.3.100. This provides the maximum number of IP addresses for a corporate Intranet. It is also recommended that Remote Access or DHCP assign IP addresses for dialup using the 10.x.x.x address. This allows a notebook computer to have a LAN IP address in the 192.168.x.x range that can be used while in the office and to dial into the network from a remote location.

The SuPR Installation diskette contains a directory named SuPRHTML. This directory can be copied to hard disk or viewed from the floppy drive. Start any Internet Browser and open the file SuPR.html found in the SuPRHTML directory. A copy of this manual with a hyperlinked Table of Contents will be available for viewing in full color.

It is always a good and safe idea to make a backup copy of your original software. If you have not done so, make a backup copy of your SuPR Installation diskette before continuing with the operation. Store your original diskette and copy in a safe place.

Point to Start with your mouse and click on Run…

Enter SuPR with optional command line parameters described below.

Syntax. Separate each option with a single space character:

SuPR [A] [SMTP= ] [POP3= ] [NEWS= ] [TIME= ]

TIME =

Disconnect Minutes. Default is 5 minutes if not specified.

Point your mouse to Start and Settings and Taskbar… The Taskbar Properties screen will appear. Select Start Menu Programs. Select the Add… button and Browse for SuPR.EXE as illustrated on the following screen:

This entire line can be replaced by SuPR similar to that shown using the RUN command line.

Place the cursor after SuPR and enter the appropriate command line parameters. Select Next >

Highlight Desktop and select Next >

Enter SuPR or any identifier you wish and select Finish. A SuPR icon will now appear on your desktop.

Before NOT AFTER you hit the A key, set the Console Properties. Place the mouse cursor on the upper left-hand corner and right click. Select Properties on the drop down menu and then select the Layout tab as shown on the following screen:

Select OK. The following screen will appear:

Now Press 'A' to start

This screen appears after the letter A is pressed on the keyboard. The previous setup screen is cleared and instructions are given to Point Browsers to Proxy Address xxx.xxx.xxx.xxx Port[81]. The Proxy Address is the IP address of the Local Host where SuPR is executing. The port 81 is fixed by SuPR and must be used with the IP address when configuring client browsers to use SuPR for HTTP, HTTPS, and FTP protocols. Instructions on how to do this are described later in this manual. This screen shows that SuPR is listening for HTTP protocols as well as SMTP, POP3, and NEWS (NNTP). SMTP, POP3 and NEWS were requested by the optional command line parameters. If the respective parameters are missing then there will not be a Listen socket and SuPR screens will not report any activity on the protocol. SuPR displays a single digit counter from 0 to 5 located on the first line just to the right of Port[81]. It updates every 10 seconds. The count cycles to 0 every 60 seconds. During the update, SuPR checks all RAS connections for inactivity. Any RAS connections that are inactive for the specified period will be unregistered for the respective user. If the RAS connection is fully unregistered, then SuPR will instruct RAS to hangup the call.

Click on the SuPR Console Screen. The top bar will highlight. Press the keyboard letter Q and SuPR terminates operation. SuPR can be stopped and restarted at will; however, it is a good idea to make sure that all RAS connections have been properly terminated. Stopping SuPR will not terminate any RAS connections that are in effect at the time of termination. If SuPR is terminated prematurely, it can be restarted and the users can register their connections again by attempting another dial sequence. If the RAS links identified by the Phone Book Names used are still up, then this registration is immediate.

Use Microsoft Dial Up Networking to set up SuPR RAS phonebook entries. It is recommended that you set up the user ID and password and select the option to save it after a successful connection before you use SuPR phonebook dialup operation described later on in this document.

Set up a Phone Book Entry for every ISP account. Assign easy to understand names. This is Joe's account (User ID and password) at PacBell. Note that the Phone Number is the same as that for PacBellDan.

It is a good idea to have a start screen for first time users. The SuPR start screen has a checklist for proxy setup and a hyperlink to http://status. Status will return an HTML response that provides IP identification and hyperlinks to the RAS phone book as well as an easy capability to change default mail and news server names.

A SuPR response to Status or Help will verify that SuPR is running and that the Browser has the correct proxy addresses set.

Select the Connection tab and enter the proxy IP address Check the box labeled Connect through a proxy server and the box labeled Use the same proxy server for all protocols.

Select Go Mail in your Internet Explorer and receive this Internet Mail screen. Select Mail Options.

After OK get out of the Mail application and select GO and Read News. The following panel will appear. Select News and Options.

Select GO and Read News in your Internet Explorer. This Internet News panel will appear. Select News and Options.

Now select the Connection tab. The following panel will appear.

Check off the options as shown.

The default mail and news server names are shown. If the user wants to change these at any time then simply complete this form with the changes. Changes will remain in effect as long as SuPR is executing on the server. Since this status does not show any WAN connections, the user selects the phonebook link to retrieve the phonebook entries as shown on the following screen.

Select the phone book entry desired. This phone book resides on the SuPR server. Calls are setup one at a time. Let one call complete before requesting another call from the same client. This assures that all call progress reporting is delivered back to the client. Examples of these screens are shown below.

This is the SuPR console showing HTTP activity (normal Internet Browser Protocol) for multiple sessions with the server www.cnnfn.com. Even though a single browser generates the activity, the sessions are dispatched over routes [80/6] and [80/7] as shown. Reviewing the previous screen shows that route 6 is assigned to the connection established by PacBellJoe and route 7 is assigned to the connection established by PacBellDan. SuPR dispatches each session on one or more links registered to the source browser. Inactive registered links are dispatched first, then active links are load balanced by SuPR. It is obviously important that each SuPR user register connections that are compatible. For example, if one user is connecting with a remote NT server that is not part of the Internet, the user cannot simultaneously register with Internet links. A phonebook entry can establish a link using MultiLink PPP (MLPPP). This is still considered as a single route for SuPR routing.

This form is good only for the call setup at the time and will not be saved for future reference.

Requesting status counts for activity and will keep your connection active for at least another Disconnect minutes. To change the Disconnect parameter, enter a new value as shown and submit.

Note the change from 30 minutes to 15 minutes. Refer to the above screen.

Select screen from Category map for startup screen and proxy address settings.

Enter data as shown.

Enter this file name to receive the above startup screen for Microsoft Internet Explorer Browsers.

Select the Advanced button and enter the proxy address with port number 81 for HTTP, Secure, and FTP. Do NOT check the block Bypass proxy server for local (Intranet) addresses if you are using RFC1918 intranet addresses for the machine that SuPR executes as in this example.

When this user at 192.168.3.100 first checked status, connections to PacBellDan and PacBellJoe were registered to 192.168.1.100. Clicking on PacBellJoe and PacBellDan automatically registers these connections to this user at 192.168.3.100. Both users now share the connections as shown above. This user can logically hangup any connection registered to this user. The screen above presents hangup hyperlinks for each connection.

Every user is responsible for hanging up their registered connections. Note that user IP 192.168.3.100 has performed hangup operations on its registered connections. A new status report as shown above shows that both of these connections are still active and are still registered to the user with assigned IP address 192.168.1.100. Once the user at 192.168.1.100 performs a hangup on these connections, then SuPR will instruct RAS to disconnect the connections with an actual physical hangup operation. If a user forgets to hangup their connections, then SuPR will automatically disconnect these connections once the inactivity timeout expires. These timeouts can be set when SuPR is first started and for individual IP addresses using the activity report change form.

This report is available to every user. After everyone signs on at least once after SuPR is started, then this report will list activity for everyone. It will show who has used the system and who has reset their Disconnect Timeout value from the default set when SuPR first starts. Total Session Time represents the total amount of time one spends waiting for a response to each information request (Session). Last Activity shows where the clock starts for measuring Disconnect timeout conditions in minutes.

The SrDA POP 4 port and 8 port adapter cards are a perfect complement to SuPR. The SrDA POP SrDALog monitor shown above provides extensive real time operational and performance information. The high performance K56flex/V.90 data modems allow flexible port assignment, easy setup and operation.