First steps

This documentation aims to provide a broad overview of the basic concept, settings and suggestions for the IACBOX in a step by step fashion.

Hardware/VM Requirements

The IACBOX can be installed on

  • any linux compatible x86 hardware
  • or virtual machine (VMware, KVM, HyperV).

Hardware and VM requirements can be found here. Virtual environments share the same requirements, but may require additional settings which will be explained in their own documentation pages later on.

Basic Network Integration

A basic IACBOX setup involves the Office-LAN(WAN) and the Surf-LAN(LAN):

  • Office-LAN: grants the connection to the front router or firewall which will be used for the basic internet access of both the system itself and guest devices.
  • Surf-LAN: is the isolated network for guest devices. This network will be managed by the IACBOX

image

With or without Management-LAN

In case a network infrastructure does not permit adding additional management-devices like Access Points, Controllers, PMS or Ticket printers, the IACBOX can make use of an optional third interface called Management LAN.
Ticket printers, PMS (Property Management System) and similar services can be moved into the IACBOX Management-LAN network.
Note that the Management-LAN network requires a third physical network card.

image

The Management-LAN can be activated during the installation of the IACBOX or at a later time. The exact process is explained in the according documentation page here Management LAN.

Preparing the Installation

First the BIOS settings of the hardware that is used for the IACBOX installation should be checked and adjusted.

  • The SATA controller must be set to AHCI
  • All kinds of network boot options should be disabled
  • Both UEFI and legacy BIOS mode are supported, however UEFI is preferred
  • On HP servers ILO should be disabled

In virtual environments this step can be skipped, instead there are other recommended settings, depending on the used virtualization platform. Further details on virtualization and supported platforms can be found on the respective documentation page Virtualization.

In order to install the IACBOX on hardware or in virtual environments an installation medium is required. We do offer ISO and USB images for every new major release, which can be downloaded from our homepage. IACBOX partners and system builders may obtain the ISO or USB images via the my.IACBOX customer portal.

The ISO image can simply be burned on an empty CD. In order for USB sticks to work, it is required to mount the USB installation medium with a tool. A detailed description of the USB stick creation can be found here USB stick creation. After the USB stick was created it is also possible to modify or create new default installation profiles, which will be further described later on.

Installation

The installation medium can be used on the new server to install the IACBOX. Note that some systems, for example with existing operating systems, might not boot from the CD/USB stick. To do so manually press the according button to open the boot menu while the hardware is booting up. Usually this works with the F9 or F10 key, then select the USB stick or the CD-drive to boot from.

The exact installation process is explained in detail on the respective documentation page Installation.

Basic configuration

The IACBOX configuration is available in the so called WebAdmin administration user interface, which can be accessed with a current browser of choice. If the IACBOX was installed with a pre-defined unattended profile, the default IP address after the installation will be 192.168.1.1 which means the WebAdmin will be reachable with https://192.168.1.1.

image

First access to WebAdmin

  • The WebAdmin can initially only be accessed from the Office-LAN side of the IACBOX. It is possible to enable WebAdmin access for Surf-LAN and Management-LAN.
  • To access WebAdmin, open https://192.168.1.1 with a browser. Note that the leading https is important! Because of technical reasons there is no redirect from http to https.
  • The default username and password for the WebAdmin login is sysop. The sysop password should be changed after the login. Right after the first login the page Users Settings will be shown for an easier change of the password.

After logging into the WebAdmin it is highly recommended to perform the basic network configuration and to apply the licensing information. Licensing information describes the registration number and registration password received from the IACBOX sales department.

Configuring the basic network settings can be done in the WebAdmin Network / Settings Menu.

image

The DNS servers should preferable be the ones given by the internet service provider.

  • The WebAdmin as well as the Login Page can experience slow downs due to DNS Server misconfiguration.
  • Changing DNS servers will require a system restart, which can be done in the WebAdmin menu System / Services. If multiple changes require a restart then it is enough to restart only once at the end.
  • The Hostname and Domainname are associated to the installed TLS certificate on the IACBOX.
  • The range 172.17.0.0/17 - 172.17.127.255/17 is reserved for internal use and can not be used in any configuration.

Network settings

The next step is to review the Office-LAN (eth1) configuration.

image

The Office-LAN Interface acts as uplink and it is the systems connection to the internet. Therefore adapt the configuration according to the network at hand. The Default Gateway can either be a front router or a firewall and should not limit or block the connectivity for the IACBOX. If the system was installed with an unattended profile the IP address can also be changed on this page.

Click on the tab Surf-LAN (eth0) to review the Surf-LAN configuration.

image

  • The default Surf-LAN configuration is set to what works best in most environments and does usually not have to be altered.
  • By default the Surf-LANs Client/Client Protection is enabled, which puts clients into small supernets so they cannot communicate with eachother. This also avoids spoofing, so it is recommended to keep this setting enabled.
  • It is not recommended to enable WebAdmin access for the Surf-LAN, for the Management-LAN on the other hand it is common to do so.

An example of the Protected range Surf-LAN client subnet for the default setting 172.30.15.254/18, which means that 16382 IP addresses are used to create subnets for 4096 hosts:

image

After this is done and the system was restarted, the system should now be connected to the internet. To test the connectivity open the WebAdmin and navigate to Network / Tools. Select Ping and perform it on a public domain or IP address, for example 8.8.8.8, to check the internet connection. If the ping is successful proceed with the next step, otherwise review the network configuration or check the firewall gateway.

Licensing

Now navigate to the WebAdmin menu System / License and fill out the required license fields at the top of the page:

  • The registration number
  • The associated registration password
  • The Administrators email address
  • The company name and location

image

In case the online registration failed, it may be due to one or more of the below reasons:

  • Unstable or offline connection to the internet
  • The configured DNS servers are not resolving properly
  • Incorrect system time (and therefore failed certificate checks)
  • Missing ethernet interfaces (the IACBOX must consist of at least 2 active network interfaces)
  • In some cases, firewalls may block or try to intercept TLS/SSL encrypted traffic. The interception of TLS/SSL has to be disabled for the IACBOX to get a working licensing and update.

After the licensing process the system will require a system restart, which can be done in the WebAdmin menu System / Services.

Following up, it is highly recommended to start the Online Update in the WebAdmin menu System / Online Update, but before doing so please take note of the following section of this documentation.

Online Update

  • The Online Update will download, extract and install all available/selected updates. The system automatically performs a restart if neccessary. Depending on the speed of the internet connection this process can take a considerable amount of time.
  • The number of available updates depends on the Software Maintenance of this license.
  • IACBOX will automatically search and install updates before the weekly restart.

image

More detailed information regarding the online update can be found in the respective documentation page Updates / Upgrades.

Further configuration

After the update process finished, continue with the basic configuration. Configure the SMTP server in the WebAdmin menu Network / Settings. By using the Testmail function verify the settings and send an Email from within the WebAdmin. This setting is most important if it is required to send Emails, for example in the context of an Email authentication on the login page.

image

Navigate to the WebAdmin menu Settings / General. Fill out the Company Name, Website and Address.

image

Note that the Operation Mode should not be changed from Normal unless there are good reasons. The other available option Autologin will automatically generate Tickets for client devices and log them in. It is recommended to copy the configuration from within the screenshot, because later on it can be applied to pretty much all use-cases.

After the IACBOX is configured with the correct network settings, licensed and up to date, it is time to configure the Bandwidth Management. It is crucial to configure the Bandwidth Management which can be found under Network / Settings according to the available on-site bandwidth. To do so, test the bandwidth on-site on different times of the day in order to find the best values to use for Down- and Upload.

image

Guest Authentication

The IACBOX offers an incredibly wide array of modules and interfaces to cover the most common requirements out-of-the-box. In order for guests to access the internet, a Surf-Ticket is always required. Surf-Tickets can be generated manually beforehand (WebAdmin) or by guests (for example with the Facebook Login). Existing Surf-Tickets will always be listed in the WebAdmin menu Users/Tickets / Overview. In this menu it is also possible to log off or revoke existing tickets.

The following list contains some basic authentication possibilities:

Ticket Login

The most commonly used authentication method in smaller environments is the Ticket Login. This means that guests have to enter a combination of Username and Password - or only a Password (also referred to as PIN Login) on the Customer Login Page. Tickets can be manually created by administrators in the WebAdmin of the IACBOX using the WebAdmin menu Users/Tickets/Create ticket. By using Ticket Templates it is possible to create tickets based on pre-defined default values.

image

After creating the ticket, it can be printed and given to guests as a hand-out.

image

In the Surf-LAN network of the IACBOX guests can now log in by using the Username and Password or by scanning the QR-Code as shown above. Note that the customization possibilities of the Customer Login Page will be explained later on.

image

In order to review, add and edit Ticket Templates, navigate to the WebAdmin menu Users/Tickets/Templates. There is a list with pre-defined default ticket templates.

image

Ticket Templates can be assigned to login methods.
For example a Template that can only be used for PMS logins or a Template that can be used for both the email and sms login methods.

Social Login

The Social Login is probably the most popular authentication. It does allow guests to authenticate and create a Surf-Tickets by logging in with a social media account. The available options are:

In order to provide authentication for private Microsoft Accounts, a custom Surf-LAN certificate must be obtained for the IACBOX.
The Microsoft authentication can only register a hostname to one single interface. This does not apply to Microsoft Business Accounts.

image

PMS Authentication

In a hotel environment often a PMS System is used to keep track of guest check-in's, check-out's and bookings. Property Management Systems or short PMS Systems save data like the arrival or departure date, the full name, room numbers or even the birthday of a guest. For guests this information can be used to authenticate.

image

While the Room Number is always required, it is possible to combine following data fields for the authentication:

  • Name
  • Name & Departure Date
  • Name & Departure Date & PIN Code
  • Name & Birthdate
  • Name & Birthdate & PIN Code
  • Name & Arrival Date
  • Name & Arrival Date & PIN Code
  • Birthdate
  • PIN Code

Guests then can choose between the available Ticket Templates which are configured for usage with the PMS login method. If ticket templates define a price, an according booking will be sent to the PMS system. This way guests can postpone paying tickets until checking out. The PMS manual can be found here.

SMS Login

The SMS Login enables guests to create a Surf-Ticket by using their mobile phone. In order to receive a SMS with the login credentials (Username and Password or just Password), the mobile phone number has to be entered on the Login Page*.

An external SMS service is required to send the actual SMS. The IACBOX offers a list of supported vendors and also provides generic interfacing via HTTP or email.

Further information can be found in the SMS configuration manual.

Email Login

The Email Login enables guests to authenticate by using an email address. To receive the login credentials (Username and Password or just Password), an email address has to be entered on the Login Page, so an email can be sent to this address.

Further information can be found in the according Email configuration manual.

Online Payment

Guests can also buy tickets by using an external payment service provider. Supported payment providers are:

External Authentication

This login method allows for authentication of guests on the Surf-LAN side by using existing backends:

  • Active Directory and LDAP
  • SQL Databases: MS SQL, MySQL, PostgreSQL
  • Radius
  • iPass

For further explaination refer to the External Authentication manual page.

Business Accounts

This login method allows for authentication of users on the Surf-LAN by using:

The Login Page

The login page is often referred to as “IACBOX Login Page” and lists all enabled and configured authentication methods for the Surf-LAN.
The Login Page manual can be found here.

image

Secure Operation

In order to operate the IACBOX in a secure way it is necessary to keep a few things in mind.
Therefore we have created a small overview which can be found here: Secure Operation

Hardware requirements →