Hi all,
A residential/light-industrial power device has a simple web interface which allows monitoring and configuring it, upgrading firmware etc. The usual stuff.
Device is running eCos and web interface is powered by ATHTTPd with tcl scripting.
Users do not feel warm and fuzzy dragging their bones to site, hooking up a laptop and then clicking away whilst standing or sitting on a hay pack. Neither do the service techs.
In a flash of brilliance we recognize the need for remote access.
We assume site is connected (naturally), but the Internet connection is shared (device has private IP, router does NAT). We also assume the user installing it is not tech-savvy (i.e. blissfully oblivious of TCP/IP networking), but is able to follow clear instructions.
My first idea was having the device ask the router to forward port 80 using UPnP. That will expose the web interface directly to the Internet. Unfortunately neither the app or ATHTTPd are mature security-wise. It'll be like dropping a shrink-wrapped steak in jungle and hoping it won't get eaten.
IMHO the safest method would be a VPN between site and client. The client, however, does not wish to hire an expensive IT admin to set it up.
How would you design remote access in this condition?
Ideal solution involves plug-and-play with 3-step instruction and no software installed into client's computer (WinXP or Vista). Oh, and flying porcupines :)
-- Kind regards, Tarmo Kuuse