Table of Contents
Episode Summary
In this episode our host Zach Malloch is joined by Technical Consultant, Ross Tenaglia to talk about how you can set up WAN access on your WebTrac server to allow your staff a remote connection to your departments RecTrac database. Ross walks through all the set up steps necessary to ensure your staff can continue to work from home during uncertain times.
Recording
Transcript
Zach Malloch 0:42
and we are live with a special edition of RecChat covering Remote Connectivity. Connectivia is the combination of remote tech connectivity. And my co hosts last name Ross Tenaglia. How's it going? Good, you, not too bad. So we are continuing to have special editions of rec chat, when it seems like there's a topic that might make sense for something like this. Go ahead. And we'll use the q&a area down in the bottom of your controls there for any questions that you might have for us otherwise, we'll start by talking a little bit about probably the most accessible to somebody that doesn't have anything set up right now, the the WAN connectivity, we'll discuss briefly what VPNs are and how you can maybe ask IT for that and talk about a couple other options to stay connected when we are much more frequently at home these days. Ross, would you like to start us off with some WAN so what is WAN to start with.
Ross Tenaglia 1:46
So WAN for 3.1 is your ability to access RecTrac outside of your network? Seeing that, as you all know, RecTrac 3.1 is web based. There is no client install. So all you need to do is hit a website effectively. And for anyone that has WebTrac, the patron side of things where they buy online, you can use your same WebTrac server to effectively publish RecTrac for your staff to access from home. So that's effectively what the WAN connection is. And that's certainly something that just a few moments can quickly go over how to set that up. It's actually pretty easy process and certainly something that anyone during this time we'd certainly like to have.
Zach Malloch 2:44
Yeah, definitely. Well, let's go ahead and take a look and see what we need to do to. So to start out with who would you need to be to be able to do this Wan configuration?
Ross Tenaglia 2:55
Well, you it would have to be done by you know, someone that has access to both RecTrac and WebTrac servers. Generally speaking, this would be someone from the IT department for smaller shops. Sometimes people wear multiple hats. So that's all you need to get going with it.
Zach Malloch 3:15
All right, cool. Let's take a look. All right.
Ross Tenaglia 3:21
So my setups gonna be a little bit different because my computer is the RecTrac server, the web server, everything so but the way to set it all is all going to be the same. So the first step would be on your web server. So once you're on your web server, you would open up IIS, you can either go to Control Panel, Administrative Tools, IIS, Internet Information Services Manager, however you want to get there is your preference. And then once you're here, you'll expand out so my setup I have multiple websites, but most of the time, you will just have this VI VSI three underscore WebTrac or default website which expand out you will see these four folders This is most likely how all customers with WebTrac would look like. So to create the WAN connection for RecTrac is rather easy. There's more. There's two ways to do it. But I'm just going to show the easiest quick and quick way to get it all up and running. So it uses the same URL embed with a extra subdirectory to get to the RecTrac site. So you're gonna want to add right Click on the website and add a new virtual directory in here. And you can call it really whatever you want RecTrac GUI. It's your preference. But this is what's going to dictate the WebTrac URL, or sorry, the RecTrac URL at the end. And then the physical path should always be the same, you'll browse out to whatever Dr. WebTrac is installed under, go to VSI, three RecTrac web server, and you're gonna pick GUI right here as the virtual directory, because this controls everything for RecTrac. And just hit OK. And it's right there. So easy enough to add it in handler mappings, you don't have to worry about because we're using the handler mappings on the host site. I hear. So for WebTrac. This is pretty much it for now.
Zach Malloch 6:03
So effectively, just to kind of like bring this back, basically, what we did is you would take your normal WebTrac path, whatever URL people use to hit their WebTrac homepage, and now we're just adding slash RecTrac into that to get to the RecTrac URL.
Ross Tenaglia 6:19
That's correct. So in addition to that, you do have to open up additional ports between the two servers in the DMZ or firewall, whatever you have, but we'll cover at cover that at the end, because you'll probably want to write it down. So once this part is done, we're going to change gears and pretend we're on the RecTrac server. So you need to make a new interface parameter for the WAN connection. Because right now, this isn't going to be the URL, you would have to pretend you're the webs on the website here. So this is your typical lands either server name with the port, only locally accessible. Although like I said, this is a typical, because this is my server name, this would be your whatever your WebTrac site is no port at the end, and then you have all this here. So I would go to DB utilities, you can Type in dB, and it'll search for it. Or if you have it pinned, you can go right here.
Zach Malloch 7:40
And once again, RecTrac server we're on for this piece.
Ross Tenaglia 7:44
Yes, the RecTrac server. So I always recommend even though you're logged in as admin to right Click and run as administrator for DB utilities, I've seen cases where if you don't do that, and you update interface parameters, it doesn't take effect, running as admin is really your guarantee. So if you're familiar with this Screen before you go to update interface parameters, Next, you'll leave it as RecTrac I always kind of you have to make it a different parameter name, then your your land connection, I kind of just do RecTrac under score Wan. Not a huge deal. Now the thing is, you will, the easiest way is to copy your website URL put it in here. And then much like remember that virtual directory I named my virtual directory RecTrac. So you will just add RecTrac there and then change this webtrac.ws C to client. So this is generally how always look it will be your domain RecTrac and middle WB W SC forward slash client dot w SC. So this is pretty typical of how most will look. And then you just select your database. Generally it always defaults to the db file itself. But this is the full path that it will always be. And that's it hit process. And that WAN connection will be now available. So I don't know if duck do we want to cover the ports right now real quick?
Zach Malloch 9:48
Yeah, why don't we go ahead and talk about that since we're right in the middle of this?
Ross Tenaglia 9:52
Yep. So And additionally, there are an extra set of ports that do need to be open if You have it, you know, very selective. So the ports for the WAN connection you will need to have is, what is it a 4032? I believe
Zach Malloch 10:14
sounds about right,
Ross Tenaglia 10:16
coming off the top of my head here, let me have it tucked away somewhere. But then there's also a dynamic range that needs to be opened up on that needs to be 2700 through 2799. So that is a required dynamic range that needs to be opened.
Zach Malloch 10:35
Right and perfect. I was just going to ask if you could show us the topic doc, just to will will include the topic Doc as part of the follow up to this. I know the Megan was asking that So
Ross Tenaglia 10:47
yep, so the port is 4033. So to recap, 4033, as well as the range 2700 to 2799.
Zach Malloch 11:01
And so basically what that is, is the port, the initial connection is made via and then it kind of hands it off to these other dynamics, that larger range you're talking about there? Yes. For
Ross Tenaglia 11:11
all the additional age connections. They use that range, though. Yeah, and that port is just the main entry.
Zach Malloch 11:18
Okay, perfect. Yeah, and so I've done a lot of this, and especially because WebTrac is already set up, because you're using that RecTrac already set up, you're using that, it's usually pretty quick and pretty easy to kind of borrow some of that configuration and get RecTrac up and running pretty quickly. So you can do it remotely if you want to. Alright, so we had a question coming up. And actually, these are both they're sort of release related. So Mary's asking if you can set up RecTrac on your own laptop without having access to the work network or computers.
Ross Tenaglia 12:00
And this is for 3.1.
Zach Malloch 12:02
I'm guessing it would be for either one. And I think she might be the same since you know, we've got it installed in our laptops kind of individually and directly. But that's kind of a special configuration that we use, most people do not have that. So effectively, Mary, you'd have to install RecTrac as though your laptop was its own server, you'd have to have access to the media. And there's a it's so the simple answer is no, there's not an easy way to do that without kind of making your laptop a full, server almost. And then Bridget was asking what we'd recommend for somebody that wanted to access 10.3 remotely.
Ross Tenaglia 12:43
So what we recommend for that is, and we've, throughout the past couple of weeks, we have noticed a handful of customers have implemented this is having a VPN since RecTrac. 10.3 is a client based install that requires network access. VPN, I know a lot of places have them, especially in light of what's going on nowadays, it would be pretty much impossible to do much work for any organization, regardless of RecTrac without a VPN to access, you know, Home Base servers and town hall or wherever you're at. So a VPN would allow your personal computer to act like it's on the network. So you would install RecTrac 10.3, as you normally would. But it would think it's on your town's network. So it would connect as it normally would. There's a plethora of VPN options, remote desktop options, and you know, those would have to be handled and discussed with your IT department on what tools, they have to accomplish it.
Zach Malloch 13:55
Yeah, and so VPN or virtual private network that just makes your home computer think that it's a work computer on the work network as though you're plugged in physically to those connections. The other option, and although it's a longer kind of planning one, but with 10.3, when you upgrade to 3.1, you get a lot more options, you get the easier Wan access. And you know, of course, sales just sent out the the information about the hosted option if you're hosted on 3.1. Basically, we've configured this Wan option for you so everybody can access it from where you are, which is remote to where the server is just as part and parcel is what that technology gives to you. So those are the the main options that we talk about there. So Ross, David is saying that they're using RecTrac for VPN, but they've been having some trouble with VIC. Disconnecting have you run into that very much.
Ross Tenaglia 14:54
Well, does it connect initially and then fail? I guess the question was Be 100% reliable or are 0%?
Zach Malloch 15:07
Well, here's another question for Eros do we need? You don't need a separate VIC interface parameter for when to work with VIC, do you?
Ross Tenaglia 15:17
Well, if you are doing when you do need a setup when VIC on the web server itself, that's an additional setup and a slight reconfiguration on your main RecTrac. But assuming everyone is working from Home LAN, VIC is kind of not operational. So a switchover can be done. But that takes quite a bit longer to set up than just RecTrac WAN connectivity.
Zach Malloch 15:49
Yeah. And I guess the idea being that, you know, for the WAN access, if it's not for a remote site that actually has hardware, then you don't necessarily need VIC, to be configured at home. You're not really interfacing directly with hardware, the biggest thing is, you might have to preview receipts or documents before you print them rather than just printing them directly.
Ross Tenaglia 16:12
Yeah, now, for most functionality that I can think of, from a work from home environment, that would be it. So yeah, you wouldn't really need to set up VIC in that situation.
Zach Malloch 16:26
Right. And so we kind of mentioned that if people wanted help getting WAN configuration they could schedule, time with us. And we were thinking that that could be done pretty easily within two hours if they wanted to add the WAN VIC configuration for whatever reason,
Ross Tenaglia 16:43
that works. So on a good day, I've done WAN setups and five minutes on bad days, they've taken an hour. Really as long as the prep work in terms of opening things up on the firewall and DMZ. The setup for Wan like I like you saw there took under five minutes. That's pretty much it. The VIC portion could extend it to an hour, especially if in for unknowns develops.
Zach Malloch 17:18
Absolutely. All right. Let's see. Yeah, so some of those other questions are related to VIC is starting up and cutting off. Sally mentions that if you she has been remoting to her desktop, and then that makes it basically act like she's using her desktop. So theoretically, you're using a VPN and then from the VPN, you're remoting into your desktop, or using some sort of combination process like TeamViewer, or something like that. There were a couple of questions that came up about taking credit cards when you're processing remotely. Are there limitations people should be aware of or any particular things they should know about.
Ross Tenaglia 18:01
So it's definitely a mixed bag. If you are processing credit cards, and especially depending on which processor you have. If you have PlugnPay, for example, I don't think you should encounter too much of an issue with it. Because you don't necessarily need any hardware to process with PlugnPay. There's no client side install. So without any unknown outside influences, if you were to do it on your home computer, you're probably fine. ETS would probably be the most difficult option to work from home with because that does require VIC, and WAN VIC would need to be configured and the whole setup involved with that, like any other would take place. And then there's a local client side program. But additionally, I personally worked with a couple customers that tried doing it and no matter what we weren't successful, just because there's additional outside influences with security as well as ETS themselves. They may not be accepting it from that source compared to your home base basically. And yeah, with ETS, I would strongly advise VPN and remote back into your home network if all possible, because we I haven't been wildly successful with customer customers navigating that
Zach Malloch 19:41
and how about CardConnect
Ross Tenaglia 19:42
and CardConnect. You should be able to if you're bolted, you can actually because CardConnect You have to have a physical one that Ingenico COEs or IPPs or the ICBMs you need to have The physical reader the process cards, and bolted, but they're network based. So you do have to have a spare network jack available that you can plug it into your router or hub that you have. And other than that it would work like setting up any other bolted credit card interface with the pin pad Profile and credit card Profile linked.
Zach Malloch 20:28
And the nice thing is because it's encrypted in the reader, like you can plug a bolted credit card device into your home network or home Wi Fi. And as long as it has a network connection, it's going to find it and you can use it with with a properly configured RecTrac database.
Ross Tenaglia 20:47
Yep.
Zach Malloch 20:48
All right. So hopefully that helps out. Actually, Elizabeth just chimed in and chat that they're using the ISMP4 four devices, two of our guest service reps have been using them. And it's been great. So that's good to hear. And let's see. So Mandy Eldred is saying that they aren't able to process refunds to a credit card at all using the VPN connection, Mandy, I would guess that's probably going to be based on the processor. And then Sarah is kind of confirming what you're saying Ross is that ETS and VIC don't really work outside of the office very well. And then David is giving a solution if you do rely on VIC to give you workstation names. Even if you have VIC working for the WAN your home workstation is not going to be the same name as your work workstation. So two ways around that. One is as David suggests, you can move profiles to like the drawers to the user id rather than to the workstation. But you can also add ampersand workstation equals and then whatever the name of your workstation is in then that connection will think that you're at a workstation named whatever that value passed and that URL is. So I know that that was when I used to do the VIC class during our virtual symposiums we kind of mentioned that sometimes. So that's a little bit of a tip there too. All right, so I think we're getting close to Okay, so Mandy is saying that they're using CardConnect. But they're still not able to do refunds for credit cards, using the VPN connection, set, anything that you'd know off your head roster, should Mandy give a call in,
Ross Tenaglia 22:35
that should probably be opened up as a support case. To explore that a little bit more. The tricky nature is the moment you implement VPNs there's generally very little we can do. So if it if it is ruled out that it's not a software like, you know, there could be a few software reasons why that'd be the case. But if they are ruled out, unfortunately becomes next to impossible. For us, since the issue is not necessarily the software, it's the VPN playing a role in the communication. You know, we'll we'll try our best, but um, you know, just be aware, you know, it's a unique situation that there's a lot of factors outside of our control. So that will just have to be handled accordingly.
Zach Malloch 23:29
All right. Sounds good. And yeah, Elizabeth from three rivers is saying that they can perform refunds with a credit card Profile.
Ross Tenaglia 23:37
No hardware.
Zach Malloch 23:39
Yeah. So it seems like that works. And Elizabeth, just if you can add that real quick. Are you guys using a LAN connection? Or I'm trying to remember I should have this off the top of my head
Zach Malloch 23:49
They are hosted I believe,
Zach Malloch 23:50
maybe. So they're set up to be Wan all the way through not using VPNs or anything like they're not necessarily using DNS at all. All right. So I think that we're coming down towards the end of new questions coming out. Oh, actually, this is a really great question from Frank. So with a WAN connection, how do you control the security of users logging in or blocking unwanted users?
Ross Tenaglia 24:16
So yeah, there's, there's in house tools, the RecTrac. There's out of house tools through your own department, but the in house rules will cover is there is a Profile called application security. So if you go to Profile Management, hit add, that is a Type that you can add in. And basically it's a simple IP whitelist. So you would need to gather all the public IP addresses of staff and easy way and just go to what's my ip.org You'll find out your public IP, and then you need to put a list of all those IPs in there. And this would also include your in house operations because it does affect all RecTrac Oh, doesn't matter how you connect, it's RecTrac In general, so you don't get locked out accidentally. And you put all your IP addresses in there. And that's it, you would like it, you'd go to Profile assignments and like get on the default level. And anyone who is not in that IP range, wouldn't be able to log in, they would hit the page, but they wouldn't be able to log in even with the right credentials.
Zach Malloch 25:25
And so that can be a little bit tough because residential internet connections usually don't have a static IP address. So that's something
Ross Tenaglia 25:31
No, they will, public IP addresses for resident status should stay the same unless you do a modem reset, which is very rare. And that's if you're working with them troubleshooting your own internet issues, your public IP should maintain the same address.
Zach Malloch 25:49
And if I recall, that Profile gives you either whitelist or blacklist options. So if it's just a couple of IP address or ranges that you know, you don't want to connect, you could put that in there, or if it's only something that you want to be able to connect, and that's the whitelist side.
Ross Tenaglia 26:05
Yeah, I would assume most people wouldn't blacklist because obviously, that that would be a larger range than the whitelist. So whitelist is by your way to go.
Zach Malloch 26:16
Right? All right. So something that could change potentially could need some updates, based upon how frequently they change for your residential users. But as Ross says, it doesn't seem to be as big of an issue. So Amanda is asking where in Profile assignments is it? Could you bring your Screen up just real quick Ross and show that.
Zach Malloch 26:39
And once again, just while Ross is bringing that up, this is something you want to be pretty careful about because you can block access to the database, if you accidentally include the IP that you are using for yourselves, or don't add that in yet.
Ross Tenaglia 27:03
I can Type my own password in.
Ross Tenaglia 27:11
So you can make your Profile and Profile Management. So you have to add it first. It's not going to be there out of the box, it never is. And application securities, the Profile Type.
Zach Malloch 27:31
Actually, I think Gary has a question about whether or not this requires any tokens. Go ahead, Ross.
Ross Tenaglia 27:41
And then here is your IP whitelist you'd put in the IP ranges are most likely just gonna be individual IPs, and you just separate with a comma and move on to your next one. All explanation is right here, as you see.
Zach Malloch 27:59
And then actually at the bottom of that Profile, if you could. So Gary, you're asking about that tokens, we can add a two step verification option down at the bottom of this application security Profile. So right now, the the two step verification at the bottom is set to none. But if you drop that down Ross, is it just email
Ross Tenaglia 28:19
right now it is just email. So that will require that every user ID has an email address associated to it.
Zach Malloch 28:28
So anybody that doesn't, you would not be able to log in? Because you would
Ross Tenaglia 28:32
they would be out of luck.
Zach Malloch 28:34
Right? And so the application security Profile, does this have to be linked at the default level? Okay.
Ross Tenaglia 28:42
So it effectively defeats the purpose if you don't,
Zach Malloch 28:46
right. So that's, that's an important thing for everybody to understand here is that if you use this, it has to be linked at the default level. And so that two step verification is not only going to require verification for people outside of your network connecting to this, it will also require that people that are inside of your network, get that verification option if everybody's outside of the network. Anyway, they all have emails, or at least the people that are trying to do this remote connection, you can certainly turn that on, make it valid for however many days you wanted to and then kind of work with it like this, and then turn it off when this is kind of over and you can get back into things but that should be it there. Dave parks is saying CardConnect has a virtual terminal that can process credit cards without a PIN pad. But how do you get to there from the 3.1 payment Screen?
Ross Tenaglia 29:37
So Virtual Terminal. I've heard this term used before from other customers. Their Virtual Terminal is not in any integration with RecTrac. That's like if you didn't even have RecTrac And you were you know just some other kind of seller of goods and you need it interact with CardConnect. It's a un-integrated method of payment. So that's if, from what I've heard from other customers who referenced it directly, is no relation to RecTrac integration.
Zach Malloch 30:17
So RecTrac has no integrated Virtual Terminal connectivity with CardConnect. So,
Ross Tenaglia 30:23
Virtual Terminal, just think about it as it is, it's, it's a point to point to CardConnect, there's, you know, you can open it up on an app or a website. It's much like if you had like a Square Reader square doesn't interface with anything other than itself. And that's effectively what the CC, virtual terminal is, as well.
Zach Malloch 30:46
So I guess technically, if somebody really wanted to get into the virtual terminal, and they could, and they could just switch their credit card pay code to a miscellaneous pay code. So you process the transaction in the terminal, you come over RecTrac, you say, yep, this went through. But once again, there's no validation. There's no tie back or integration with RecTrac. At that point?
Ross Tenaglia 31:08
That's correct.
Zach Malloch 31:10
Mickey is asking if we're going to have this record chat again, then I would ask Nikki, if there any questions that she has that maybe we didn't go over, we are going to post the recording of this wreck chat, so you'll have access to the entire thing. But if we do not already, I will just post this right now, we're not planning on doing this one anytime in the near future. But like I said, we will be posting the recording. So Mickey, you will get an email from me either by the end of today or early tomorrow with the link to access the RecChat portal, and then anybody that you want to can get into that if they have credentials to do so. And then Mandy is asking about CardConnect Wireless terminal. And she's curious about getting those I believe we have a member of sales in the panel. So maybe Dave could help Mandy out with that. And I think we are going to let's see, if you have CardConnect, you could refund and cardpointe then process the refund and RecTrac on a no valid pay code. Yeah. So that's kind of what I was talking about. Laurie had that question. Since CardConnect is a virtual terminal, just like Ross was saying, if you had a Square Reader, and you're taking payments, in that, you'd have to take the payment there and then tell the RecTrac Yeah, I took this payment would be the same thing, you'd go to a different website, you'd go to the card terminal, you would take the payment there. And then you would tell RecTrac, that it's a no valid pay code, that the transaction was done somewhere else. So that would be possible. So Frank is asking if instead of a WAN connection, can you port forward on our public IP or router to the RecTrac? Server?
Ross Tenaglia 32:58
Theoretically, is anything's possible? Not going to personally answer yes or no. You know, as I alluded earlier, there are more creative ways of, you know, getting computers back, you know, to the home network, we just discussed pretty much the most common methods. But beyond that, you know, your own skills limit you and what you can and cannot do.
Zach Malloch 33:26
Right. So, we have a by as we've mentioned, we have a document for the WAN configuration. So we'll be posting that we'll be taking all the questions here and kind of consolidating them into a follow up document. And, yeah, I think that we're at a good point, the questions are kind of drying up slightly, and we're just at our half an hour mark. So we'll start by thanking everybody for joining us here remotely, as everybody's hairstyle starts to gradually get just a little bit longer. We'll keep having these as necessary. And if there any other topics that would be particularly useful at this point, go ahead and mention those in the follow up survey that we'll be sending with the link to the recording to this session.
Ross Tenaglia 34:14
And Zack, one last note, you know, if you do want to set up the WAN and it is not comfortable after all this or you're someone who has access to servers, but you have no in house it. You know, we can certainly schedules small half hour blocks, you know, for further assistance. We do have topic docs, as well. So, other than this video and the overview that we did, we do have a lot of literature and, you know, openings in the next couple of weeks that we can squeeze in there as well. So it's not just this isn't just the end of it, we can certainly help be absolutely,
Zach Malloch 35:03
absolutely. And if anybody is interested in starting the process of moving up to 3.1, or if you are interested in what the hosting discounts are at this time with these new weights on us, you can check with Dave or anybody at sales@vermontsystems.com. And they'll be able to get all that information to you. Alright, appreciate everybody for joining us. Ross, thank you for being on the other side of this with me, Kevin, and thanks to all the panelists, and we will be talking to you on Thursday. It was originally going to be pool season prep, we figure that might be good to wait and make sure we're gonna have a full season and then we can discuss that a little bit more directly close to that. So we're probably going to be talking about golf. So do a little bit of GolfTrac on Thursday, so look for that in tomorrow's VSI Connect and we will talk to you all then. All right. Bye, everybody.
Delete