Versions Compared

Old Version 10

changes.mady.by.user Petr Pokorný

Saved on

compared with

New Version 11

changes.mady.by.user Petr Pokorný

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Scenario A

Terminals connect to Server via application’s the server via the application's built-in OpenVPN clients client's secure channel. This is a the preferred deployment by the operators that don’t for operators who don't have dedicated routers in their ATM machines that have with VPN capability features.

Scenario B

Terminals connect to Server the server via a VPN that is being provided by additional hardware, such as a router. This scenario is considered as more secure then than Scenario A as because the VPN configuration is NOT not distributed by CAS.

Notes

Gate service

Listens for terminal’s pairing requests. In case the event of successful pairing, the gate service sends the terminal the VPN configuration, including the information on where how to connect to the master service. Prior to pairing, the terminal's VPN configuration must already exist.

Gate service uses batmgate unix user, which is a member of the batm group.
Gate service is listening on port 7741. Please note that the same port uses master service but on a different interface.

Info

Gate service’s TCP port 7741 should be accessible from the Internet only temporarily when performing the pairing. Don’t leave it open. Leaving it open will encourage attackers to try playing with your server.

...

See the example below to see that every service has its own bind IP address used to run application enabling expected behavior, basic setup will be created during the first batm-manage start

Code Block
public_ip=1.2.3.4
master_bind_ip=10.1.1.1
admin_bind_ip=10.1.1.2
gate_bind_ip=10.1.1.3

...

Basic properties fully functional will be generated by the first batm-manage start gate (or all when it comes to gate service)

However, gate service can be further configured by following properties:

  • batm.processing-slots

    • optional, default value: 20

    • this property is used to throttle upgrade traffic so server won’t be overloaded by too many terminals downloading upgrade packages at a time

  • batm.download

    • optional, default value: /batm/app/shared/

    • location where the terminal upgrade package used to upgrade terminals to version 20230801 will be located, the package will be downloaded once and then reused for all terminals

    • make sure the location has the correct permission and is accessible to batmgate user

...

Listens to terminal’s requests. Answers only terminal requests that are coming from trusted ( paired ) terminals.
Master service uses batmmaster unix user, which is a member of the batm group.
Master service is listening on port 7741. Please note that the same port uses gate service but on a different interface.

Note

Master service should never be exposed to the Internet.

...

Listens to user's browser requests. Enables CAS users to configure ATMs remotely and inspect processed transactions.
Admin service uses batmadmin unix user, which is a member of the batm group.

Admin service is listening on port 7777.

Note

Admin service should never be exposed to the Internet.

Extensions

Very A very powerful way how to extend for extending the existing functionality of the server. More can be read here.