BIM Server Remote Connection

by GRAPHISOFT, Greg Kmethy and KarlOttenstein · updated: 01.03.2012

This article describes how to connect to a BIM Server remotely via the Internet. Several terms used in this document are explained in the “Network Basics” document available here: Teamwork?action=AttachFile&do=get&target=NetworkBasics.PDF

While setting up a BIM Server and starting to work over a LAN environment is easy – even without entering server addresses and ports – the situation is a little more complex if you want to work over the internet.

Traffic between office computers goes through the LAN, so information from one computer to the other can go almost without any restrictions. (Local firewalls can still cause problems in this case.)

InTheOffice.png

When an ArchiCAD tries to look into our office from the outside, all it can access is the Router (the router has a public IP address). The individual computers are not visible because they have private IP addresses. Since this connection was not initiated from the inside, by default the traffic will not come through to our inside computers for two reasons. One reason is that the Router does not know that it has to redirect the communication to any of the computers in the LAN. The second reason is that the Firewall meant for filtering the incoming and outgoing messages usually blocks (based on several parameters) any communication if explicit rules allowing messages with particular parameters have not been set up.

OutsideOfTheOffice.png

Solutions

Solution with VPN

Virtual Private Networking is a solution by which computers in different internet connected LAN’s can act as they would be on the same LAN. This solution provides a virtual LAN and the computers thus connected can communicate as if they would communicate on a LAN. It also has advantages regarding the security of confidential data transmitted from one computer to the other because VPN’s are provided with cryptographic solutions included. You can read more related to network security in the Solution without VPN (regular remote access of LAN from the internet)

Before applying any settings, one should be aware of the ports that ArchiCAD and the BIM Server will use for communication. Here you can see a screen capture of the port settings of the BIM Server and of ArchiCAD:

SetUpPortsForBimServer.png

SetUpPortsInArchiCAD.png

Set up a PAT (Port Address Translation)

  • The first requirement when connecting to our BIM Server from the outside is to use the Router’s DNS name or Public internet address in ArchiCAD when adding a new BIM Server. If you use a DNS name, then this gets resolved (or “translated”) to a Public IP Address. With this IP address, the outside ArchiCAD can get as far as the router, but that is not enough. We want the router to send all this Teamwork traffic to our BIM Server. During the install process the BIM Server reserves a couple of ports of the Operating System of the computer for itself and waits for incoming traffic (connections from ArchiCADs). We have to train the Router in what to do with this particular traffic. The solution for the problem is Port Address Translation (PAT). We have to set PAT so that if there is an incoming connection to a specific port, then the Router forwards it to the server computer on which the BIM Server is running.

Set up Firewall rules for allowing communication on Ports used by ArchiCAD and BIM Server

  • We also have to set up the Firewall(s) so that communication related to ArchiCAD and BIM Server is not blocked. This means that ports used by ArchiCAD and BIM server should not be blocked by the Firewall, at least for communication that comes from the IP address of the home Computer.

OutsideOfTheOfficeSolution.png

There might be active firewalls at several places throughout the route of the traffic. All these firewalls should let the communication between ArchiCAD and BIM Server go through:

FirewallsEverywhere.png

The Firewall on the client home computer

Usually these types of Firewall software by default allow all traffic initiated from the client computer to the outside world (which here means everything outside the client computer), but it blocks all traffic initiated from outside to the client computer. This means that if the default Firewall settings were not changed, then an ArchiCAD running on this client computer will be able to succesfully communicate to a BIM server outside of the client computer.

The Firewall on the Router of the home network (if a Router is used in the home network)

Usually Routers targeted for home networks have a built-in Firewall. As in the previous case, these by default allow all traffic initiated from any computer of the home LAN to the outside world (which here means everything outside the home LAN), but it blocks all traffic initiated from outside to the LAN. This means that if the default Firewall settings were not changed, then an ArchiCAD running on a computer in the home LAN will be able to succesfully communicate to a BIM server outside of the LAN.

The Firewall on the Router of the office network

In case of Routers targeted for small offices, the behavior of the Router might be the same as in the previous case, BUT be aware that this time the direction is the opposite. Due to this, the default settings of the firewall will block traffic initiated from the home LAN to a computer in the office LAN. So you will have to change the default settings of the firewall for the Remote Connection to work.

In case of Firewall software targeted for large offices, the default behavior is to block all traffic, whether incoming or outgoing. So obviously you will need to change the settings for a successful communication.

The Firewall on the server computer in the office network

Having a separate Firewall on the server computer is relatively unusual because the main Firewall can fulfill this task. Nevertheless, in some situations, a separate Firewall is running on the server computer too.

Please Note

We cannot give you detailed examples of how to set up a PAT or Firewall according to the above solutions due to the high variety of the possible network topology, network devices and interfaces of the software responsible for the PAT and for the Firewall. In small offices, you can do these changes if you are fully aware of the LAN topology in your office and you are also aware of the interface of the Firewall and of the software responsible for PAT. Otherwise an IT professional has to do the job. In large offices, we suggest that an IT professional does this job.

The above solution assumes that your Router retains exactly the same Public IP Address on a constant basis (static IP address). If it changes regularly, then you will have to use further technologies to be able to uniquely identify your computer from the outside over the course of time.

If you plan to use the above solution and you plan to access BIM Server both from inside and outside, then every connection to your BIM Server must be made using the very same address (which is either the Domain Name of the BIM server or the Public IP Address of the router), regardless of whether it is inside or outside the office. This is mandatory to keep all of the links in the project file alive no matter where you connect from.

Using the same static Public Address

Please note that from the point of view of connection speed using the same Domain Name string is better than using a the same Public IP Address because when one uses Public IP Address then the packets have to go through a longer route and as a result the internal connection will be similarly slow as if connecting from the internet. So we suggest using the same Domain Name string. We will discuss the solution with the same Domain Name string in another paragraph below.

Suppose your Public IP Address is 64.137.133.14 and your server’s static LAN address is 10.0.0.22 and its machine name in the LAN is CreativeServer. You must access your server using the Public IP Address 64.137.133.14 when sharing the project, uploading libraries, and joining the project for all of the links to work when an outside user also access the server from that same address. Even though you can find the same server information by accessing 10.0.0.22 or by using the server name CreativeServer, using those local-only names will cause a conflict for outside users and, for example, libraries will lose their linkage to the project for them.

Suppose you try to access your BIM Server using your Public IP Address and the access does not succeed? This can happen with certain hardware. For example, certain modems will not allow a local machine to “loop back” to the LAN via a public IP address. If you find that you cannot access your server over the LAN via its Public IP Address, then you need to have a Domain Name discussed in the next section.

Using the same Domain Name string

Using the same Domain Name string for the connection has the following advantages:

  • all of the links in the project file alive for both internal and external users
  • the connection speed for the internal connections will be faster than external connections

- Using the same Domain Name string and having a Static Public IP Address (the best method)

This method is the best method we can suggest for connecting to a BIM server both from inside and outside the LAN.

- Using the same Domain Name string without having a Static Public IP Address (recommended only for temporary testing of TW2): Domain Pointers

Internet Service Providers offer dynamic IP addresses at a lower price than static ones, so most small offices have a dynamic Public IP Address. If your office does not have a static Public IP Address, you can order one. Before an office orders a static Public IP Address from its Internet Service Provider, they can still test Remote Connection to a BIM Server by using a trick. Instead of using the IP Address of your company or the domain name assigned to your office Router, you can use the service of another company to provide you with a domain and a hostname that resolve to your IP address. Such a company is for example DynDNS (http://www.dyndns.com/). If you have an office Router with an Administrative Interface already offering DynDNS service as an option, then please read the last paragraph of the Teamwork/NetworkSpecification article.

Editing hosts Files when both Local and Internet Project Access are Required

As noted above, if a shared project is accessed both by local users (LAN) and outside users (WAN / internet), then every connection to your BIM Server must be made using the very same address: either the same numeric Public IP Address, or the same textual host/domain string. This is mandatory to keep all of the links in the project file alive for both internal and external users. E.g.: Links are used to identify libraries to be used with a particular BIM server project. (Please note that one can use libraries that are placed on a different BIM server in comparison to the BIM server where the project is placed). Such a link contains the data referring to the BIM server where the library is situated.

If you have a dynamic Public IP Address, then you need to obtain a domain name through a service such as DynDNS as described in the previous section concerning users with dynamic Public IP Addresses.

When you use a domain name such as google.com in any application, the Domain Name Server (DNS) structure is used to map (convert) that name into an IP address. Before any domain name is sent to a server for look-up, it is processed through a file called ‘hosts’ on your local machine. Any host name not found in the hosts files is passed on to the DNS process. Suppose you obtain the hostname MyServer.gotdns.biz from DynDNS (or a similar service). The goal is to be able to access your BIM Server using that name whether you access it locally or over the internet. We want MyServer.gotdns.com to map to your local IP address within your LAN and to your public IP address over the internet. The hosts file on your local machine will handle that conversion. Suppose your static local IP address for the BIM Server is 10.0.0.44. The entry

10.0.0.44    MyServer.gotdns.com

in the hosts file of your local machine will result in any communication attempts to MyServer.gotdns.com to go to the computer in your local LAN at 10.0.0.44. An employee or consultant who is off-site would access your server by the name MyServer.gotdns.com as well – however, lacking an entry in their hosts file, the normal DNS process would be used to look up the public IP address associated with the host name; properly set up port-forwarding in your router or switch, as described elsewhere, would eventually pass requests from that external user on to the proper local machine in your LAN (10.0.0.44). This is illustrated in the following diagram in which the local machine at 10.0.0.5 consults its own hosts file to determine that the server is at 10.0.0.44 and the outside computer retrieves the public IP address via DNS and connects to the server through that address (and then port-forwarding).

HostsInterception.png

More information about the hosts file can be found here: http://en.wikipedia.org/wiki/Hosts_file

Windows Step-by-Step

By default, Windows stores its hosts file in C:\Windows\System32\Drivers\Etc. From an administrator level account, open hosts in Notepad and, being careful not to alter anything already there, append a line such as this:

10.0.0.44    MyServer.gotdns.com    # Local BIM Server

Enter the actual static local IP address of the BIM Server in place of 10.0.0.44 and enter the hostname that you obtained (and which is being dynamically updated if you have a dynamic public IP address) in place of MyServer.gotdns.com. Use the tab key (or spaces) between the entries. Save the file.

If you would like to verify that the entry you created is working properly, you can open a Command window by going to the Start Menu, choosing Run, and entering “cmd” as the command to run. A DOS-like command interface will open. Enter the command “ping Myserver.gotdns.com” substituting whatever hostname you actually entered into the hosts file. If the first line contains the local address in parentheses, then you followed all of the steps correctly. You can press ctrl-C to cancel ping, and then close the command window.

Mac OS X Step-by-Step

OS X stores the read-only hosts file in a hidden folder /private/etc. (In Leopard, this is the same as /etc, following the Unix standard.) You cannot browse directly to this folder in Finder, nor edit it in normal user mode without changing file permissions. Both of these restrictions are to protect the file from being hacked, as it can be a component of an attack on any computer.

To edit the file, open Terminal from Applications > Utilities and carefully type (or copy/paste) the following followed by the return key:

sudo /applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hosts

You will be prompted to enter your (administrative) password in the Terminal window. Then, a TextEdit window will open for you to edit the hosts file. Being careful not to alter anything already there, append a line such as this:

10.0.0.44    MyServer.gotdns.com    # Local BIM Server
::1          MyServer.gotdns.com    # If running Lion, add a fake ipv6 entry AFTER the ipv4 entry

Enter the actual static local IP address of the BIM Server in place of 10.0.0.44 and enter the hostname that you obtained (and which is being dynamically updated if you have a dynamic public IP address) in place of MyServer.gotdns.com. Use the tab key (or spaces) between the entries. If you are running OS X Lion 10.7 various reports on the internet indicate that the DNS search process will not immediately return the ipv4 address in the hosts file if there is not also an ipv6 address present – rather, the internet DNS is consulted for the unneeded ipv6 address and fails, slowly. By including a fake ipv6 address line as shown above, response is reported to be instantaneous, as it was in Snow Leopard and earlier.

Save the file and exit (quit) TextEdit. It is essential to quit TextEdit in order to get the command prompt back in the Terminal window.

In the Terminal window, enter the following command and press the return key:

ping Myserver.gotdns.com

but substituting whatever hostname you actually entered into the hosts file. If the first line contains the local address in parentheses, then the edit was successful. You can press ctrl-C to cancel ping, and then quit Terminal.

Laptop Concerns

If you have a laptop which you use attached to the LAN when in the office, and then also access the BIM Server over the internet while traveling, you will have to edit the hosts file each time you switch between LAN and WAN access. When you leave the office, you’ll want to temporarily disable the entry in the hosts file for the local server by placing a sharp/pound (#) symbol at the front of its line. When you return to the office, you’ll want to remove that symbol to make the line active again.

Related content

image-VirtualBuilding

BIM

[no_toc] "Building information modeling (BIM) is the process of generating and managing building data during its life cycle." ( Wikipedia about Building Information Modeling ) Virtual Building was the first implementation of BIM by GRAPHISOFT's ArchiCAD…

VPN

ForWikiEditors : ToDo/ - check and update article Here is a collections of "tricks" that Technical Support has heard of for getting VPN to work. We do not have the resources to test these ideas. Hopefully one will be of help to you. WIBU or CodeMeter and…
teamwork-workfromhome--changes

Working from Home in Teamwork

Teamwork for ArchiCAD 13 is based on a client-server technology, whose advantages include the ability to access project data over the internet, and support for offline work. Both of these features enable you to work in Teamwork projects from home or other…