The Hidden Price

3 05 2014

All the cool convenience of our smartphones, tablets, computers, and Internet-based services come with a hidden price – POWER.

And there is more …
critical materials, missing application of recycling technologies in many countries, and missing law enforcement or code of conducts regarding fair labor.

Beside Apple’s ecosystem there is a much greater and more important one, our planet. In April 2014 scientists stated that parts of China are no longer suitable as a habitat for human beings, animals, and plants because of a tremendous pollution load in the air, the water, and the soil.


As seen from the perspective of physics excessive power used by machines always goes along with excessive generation of heat. So it’s obvious that we pay the price for cooling down the powerful equipment needed for communication and unlimited access to sources of information.

On January 27, 2014, the Department of Ecology’s Air Quality Program received a Notice of Construction application (air permit application) from the Microsoft Corporation proposing to construct and operate the Oxford Data Center in Quincy, Washington. Microsoft has applied for an air permit because the proposed data center would install 36 2.5 MW emergency back-up diesel engine generators, one 0.75-MW emergency back-up diesel engine generator, and 32 cooling towers.

The projected build up of new data center electric loads led directly to forecast increases in energy-related air pollution, both globally and locally.
Greenhouse gas (GHG) emissions such as carbon dioxide from fossil fuel-fired electric generators are a major cause of global climate change. The forecast increases in data center electric demand implied a growing source of GHG emissions. This is cause for concern. The international community is attempting to reduce GHG emissions amid broad scientific and international consensus that climate change is a major threat and must be taken seriously.
Air pollution from diesel generators causes environmental health problems. Each planned data center includes as many as two or more times redundant backup diesel generator capacity, to use when the electric grid is unstable or unavailable. Diesel generators used for emergency backup power supply are essentially unregulated. They are a notorious source of very high levels of damaging air pollutants, including soot, nitrogen oxides (NOx), which form ground level ozone (smog) during hot sunny weather, and others. Coincidentally, the electric grid is most unstable and at risk of failing during hot periods of peak air conditioning demand.

What are data centers?

A data center is a facility used to house computer systems and associated components, such as telecommunications and storage systems. It generally includes redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and various security devices. Large data centers are industrial scale operations using as much electricity as a small town and sometimes are a significant source of air pollution in the form of diesel exhaust.

Tens of thousands of data centers that now exist support the overall explosion of digital information. Stupendous amounts of data are set in motion each day with an innocuous click or tap.

According to Emerson Network Power 509,147 data centers worldwide were operated in 2011. I didn’t find updated information but it’s obvious that we have a lot more today because of the gaining popularity of mobile devices.

Most data centers, by design, consume vast amounts of energy in an incongruously wasteful manner, interviews and documents show. Online companies typically run their facilities at maximum capacity around the clock ensuring 99.99% availability, whatever the demand is. As a result, data centers can waste 90 percent or more of the electricity they pull off the grid. In Silicon Valley, many data centers appear on the state government’s Toxic Air Contaminant Inventory, a roster of the area’s top stationary diesel polluters.

Worldwide, the digital warehouses use about 30 billion watts of electricity, roughly equivalent to the output of 30 nuclear power plants, according to estimates industry experts compiled for The New York Times. Data centers in the United States account for one-quarter to one-third of that load, the estimates show.

“It’s staggering for most people, even people in the industry, to understand the numbers, the sheer size of these systems,” said Peter Gross, who helped design hundreds of data centers. “A single data center can take more power than a medium-size town.”

Energy efficiency varies widely from company to company. But at the request of The Times, the consulting firm McKinsey & Company analyzed energy use by data centers and found that, on average, they were using only 6 percent to 12 percent of the electricity powering their servers to perform computations. The rest was essentially used to keep servers idling and ready in case of a surge in activity that could slow or crash their operations.

Energy efficiency …

The most commonly used metric to determine the energy efficiency of a data center is power usage effectiveness, or PUE. This simple ratio is the total power entering the data center divided by the power used by the IT equipment.

PUE = Total Facility Power / IT Equipment Power

Power used by support equipment, often referred to as overhead load, mainly consists of cooling systems, power delivery, and other facility infrastructure like lighting. The average data center in the US has a PUE of 2.0, meaning that the facility uses one watt of overhead power for every watt delivered to IT equipment. State-of-the-art data center energy efficiency is estimated to be roughly 1.2. Some large data center operators like Microsoft and Yahoo! have published projections of PUE for facilities in development; Google publishes quarterly actual efficiency performance from data centers in operation.

The U.S. Environmental Protection Agency has an Energy Star rating for standalone or large data centers. To qualify for the ecolabel, a data center must be within the top quartile of energy efficiency of all reported facilities.

European Union also has a similar initiative: EU Code of Conduct for Data Centres.

Apple …

Downloading apps and media files, syncing via iCloud, using SIRI, backing up iOS devices needs an incredible amount of energy. Some of the features are quite wasteful if we think about a new contact entered in Contacts, then sent thousands of miles via the internet to see it some seconds later on a second iOS device which is just two feet apart.

Apple runs its biggest data center in Maiden, North Carolina. It houses servers and telecommunications equipment responsible for iCloud, Siri, iTunes and other online services.

But using Apple’s services in the cloud no longer means polluting the air.


Apple’s green initiatives, including the company’s huge solar panel installation at one of its data centers in Maiden, show us, that there are ways to support a growing number of connected devices while at the same time shrinking the company’s carbon footprint.

Lisa P. Jackson is Apple’s Vice President of Environmental Initiatives and explains it with using clean energy like solar power, biogas generators, and geothermal energy.

“We feel the responsibility to consider everything we do in order to reduce our impact on the environment. This means using greener materials and constantly inventing new ways to conserve precious resources. […]
We think this is an opportunity for us and for our sector to leave it (the world) better than we find it, to actually help people convert to cleaner energy without even knowing they’re doing it,”

Jackson said, echoing statements made earlier by Apple CEO Tim Cook.

Greenpeace, which has previously been critical of Apple for sourcing energy from fossil fuels, recently praised the company for improving the energy mix powering its data centers, ranking it above other technology giants such as Amazon.

  • The new HQ (“Spaceship”) being built in Cupertino, will use 30% less energy than an equivalent building, and will be home to around 7,000 trees.
  • Apple decreased the material required to make its products – the new iPad Air uses nearly one-third less material, by weight, than the original iPad.
  • All the company’s retail stores will now take back Apple products for recycling, for free; previously customers had to buy a new product to recycle an old one. In the UK and US, an ongoing scheme offering payments for old iPhones, iPads and Macs also continues.

Are these statements for publicity only?

Well, Tim Cook recently told climate change sceptics that they should ditch Apple shares if they did not like the company’s backing for renewable energy and sustainability.

We do things because they are right and just and that is who we are. That’s who we are as a company. When I think about human rights, I don’t think about an ROI. When I think about making our products accessible for the people that can’t see or to help a kid with autism, I don’t think about a bloody ROI, and by the same token, I don’t think about helping our environment from an ROI point of view.

If you only want me to make things, make decisions that have a clear ROI, then you should get out of the stock.
(Tim Cook, annual shareholder meeting in Cupertino, 2014)

Cook’s call for climate change deniers to “get out of the stock” is an impressive statement I never heard from any other CEO.


I already reported about Apple’s supplier responsibility (see ‘Related links’) and now it’s worth looking on the environmental initiatives of the company.

Apple’s data centers …

Here are some facts about Apple’s data centers published by the company in context with its environmental initiative in April 2014.

  • Maiden, North Carolina
    We designed our Maiden, North Carolina, data center from the ground up for energy efficiency, and it has earned the LEED Platinum certification from the U.S. Green Building Council – the first data center of its size to be honored.
    On any given day, between 60 and 100 percent of the renewable energy it uses is generated onsite through biogas fuel cells and two 20-megawatt solar arrays- the nation’s largest privately owned renewable energy installation – and we purchase any remaining power we need from entirely clean sources. The Maiden center generates 167 million kilowatt-hours of renewable energy onsite per year – enough to power the equivalent of 13,837 homes.
  • Prineville, Oregon
    Our data center in Prineville, Oregon, is every bit as environmentally responsible as the one in Maiden. We’re building a micro-hydro system that will harness the power of water that flows through local irrigation canals.
    When completed in 2014, it will serve most of the center’s energy needs, In the meantime, since Oregon allows the direct wholesale purchase of renewable energy, we’re able to directly access enough local wind energy to power the entire data center.
  • Reno, Nevada
    Our newest data center, in Reno, Nevada, follows in the footsteps of our 100 percent renewable energy centers in Maiden and Prineville. We’re working with the local utility to codevelop an 18- to 20-megawatt solar array using a new kind of photovoltaic panel with curved mirrors to concentrate sunlight.
    Expected to be operational in early 2015, the solar array will have an annual production capacity of over 43 million kilowatt-hours of clean, renewable energy. Until then, the center will be powered by renewable geothermal energy purchased from the local utility.
  • Newark, California
    Like our facilities in Maiden, Prineville, and Reno, our data center in Newark, California, is powered by 100 percent renewable energy. We hit this milestone in January 2013, when we began serving the data center with energy sourced primarily from California wind power. We’re acquiring this energy directly from the wholesale market through California’s Direct Access program.


I talked about Microsoft’s construction application for installing diesel engine generators as backup-up sources for energy supply.

Apple goes an alternative way. With several energy-efficiency tricks, biogas-powered fuel cells and a giant 20-megawatt solar array Maiden will be one of the most environmentally benign data centers ever built.

Beyond Apple’s eco-bragging rights, this data center should provide valuable insights to the rest of the cloud computing industry.

Stationary fuel cells are certainly well proven, but multi-megawatt installations are pretty rare. Data center customers for Bloom Energy, which is supplying Apple in North Carolina, typically have far less than a megawatt installed. Each Bloom Energy Server, which takes up about a full parking space, produces 200 kilowatts. By going to 10 megawatts of capacity, Apple can claim the largest fuel cell powered data center, passing eBay which earlier this year announced plans for six megawatts worth of fuel cells at a data center in Utah.

Using fuel cells at this scale potentially changes how data center operators use grid power and traditional back up diesel generators. With Apple’s combination of its solar power and fuel cells, it appears the facility will be able to produce more than the 20 megawatts it needs at full steam. That means Apple could sell power back to the utility or even operate independently and use the grid as back-up power – a completely new configuration.


Finally I would say that there are not only innovative ideas implemented in Apple’s product line-up but also in it’s ecosystem. A fact which is left behind when talking about Apple’s power as one of the most innovative companies in the world.

Better …

An official spot about “leaving the world better than we found it”.

(1:49 min, published April 21, 2014)

Summary …

“We can’t solve problems by using the same kind of thinking we used when we created them.” (Albert Einstein)

It all started with implementing unlimited capabilities into electronic devices and it ends in unlimited pollution of our environment. “Think different” now means to replace limited classical energy sources by natural unlimited sources. The reason why it doesn’t take place today is just money. Selling cheap electronic devices goes along with ignoring the fact that there is a climate change, and pollution of air and water.

Related links …

Apple: Product Environmental Reports

Power, Pollution, and the Internet

Emerson Network Power Infographic

Apple’s Supplier Responsibility

Thanks for going green or blue or whatever you call it.

Apple Wireless Network

11 08 2013

Apple AirPort Extreme is Apple’s router for Internet access. It’s directly connected to a modem and provides wired as well as wireless access for computers, mobile devices like an iPhone or an iPad, printers, and media devices.
Apple offers three different routers (Airport Express, AirPort Extreme, Time Capsule) which can be connected to either a DSL or a Cable modem.

A complete wireless network build with solely Apple products follows the the company’s strategy to provide users with a perfect experience regarding design, setup, and reducing features to those which are necessary. KISS is the motto.

KISS = Keep it simple, stupid
A design principle noted by the U.S. Navy in 1960 that states that most systems work best if they are kept simple. Unnecessary complexity should be avoided.
Variations of this phrase are:
Keep it simple sir, Keep it simple and straightforward, Keep it short and simple, Keep it simple or be stupid

The hardware …

See this mind map which summarizes all properties of Apple’s hardware for wireless networking with mobile devices. As you can see Apple built it’s own ecosystem where components perfectly work together.

The router hardware was replaced by new versions on June 10, 2013 on occasion of Apple’s WWDC.

Here are the main features of Apple’s routers summarized in a mind map.


Feel free to download this map from my Box account.

The alternative file formats have been created with iThoughts HD for iPad (.ITMZ file format). Compatibility to other tools is limited.

Application File format
Adobe Reader PDF
iThoughts ITMZ
MindManager MMAP

Please visit

The Apple group on Biggerplate

to see and download all mind maps related to Apple.

This more realistic view shows the kernel with a modem and the router as well as some examples of wirelessly connected hardware components for interactive usage.


The integration of all you need for a perfect user experience goes along with limitations when using non-Apple hardware. It’s Apple’s strategy to say NO to some features other vendors offer and to say YES to a seamless integration of its hardware with its custom-built software.

Professionals may argue that performance, configuration options, and price is not what should be expected. On the other hand the running system convinces users who see the technology as as a serving and not an experimental environment. So do I after many years with other configurations not following the motto ‘It just works’ or ‘Buy, connect, and use it’ for the tasks you want to use it for.

A complete configuration …

Follow these steps in the order specified.

Step 1 Connect the modem to the multimedia connector with a coaxial cable.

A modem (modulator-demodulator) is a device used to connect a computer or router to a telephone/cable line to allow the computer to connect to the Internet. It modulates a carrier signal to encode digital information, and also demodulates such a signal to decode the transmitted information. The goal is to produce a signal that can be transmitted easily and decoded to reproduce the original digital data.

Step 2 Connect the modem to the power supply.

Wait until the LEDs indicate a functioning connection to your ISP. It may take up to 30 min.

Step 3 Connect the APE to the modem with an Ethernet cable.

Ethernet cable
Ethernet cabling is standardized. If you go to a store you may find a variety of “categories” of cabling. These categories tell you the quality of the cabling. The quality determines, essentially, how much the cable can handle. Recommendation: Cat 6 – works for 10/100/1000Mb.

Step 4 Connect the APE to the power supply.

Here we go.
The configuration with any iOS device and the helper apps Settings and AirPort Utility starts.

Open Settings on your iPhone or iPad and tap on WiFi.
The APE already is sending signals so that your device suggests the set up of a WiFi network.


Tap on the right-pointing arrow to set up an AirPort basestation.
Enter a name for your network and set a password. Other users like your neighbors, if not too far away, will see this name as an additional WiFi network. Use a strong password for joining this network.


Tap on Next and that’s all.
Your new WiFi network will connect all your devices with the internet after entering the password you set for your network.


The utility app …

For controlling the network Apple offers an app called ‘Airport Utility’ which is available for iOS devices, Macs, and Windows PCs.
The slideshow shows the usage of this app when configuring a wireless network with an Airport Extreme router connected to a cable modem.

The most important configuration options can be controlled with the app for iOS devices. For some less important options like adjusting the signal strength Airport Utility for computers must be used.

The benefits …

Apple’s ZEROCONF technique minimizes your efforts to install a usable internet access.

Zero configuration networking (zeroconf)
is a set of techniques that automatically creates a usable Internet Protocol (IP) network without manual operator intervention or special configuration servers.
Zero configuration networking allows devices such as computers and printers to connect to a network automatically. Without zeroconf, a network administrator must set up services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer’s network settings manually, which may be difficult and time-consuming.

Apple does not permit the AirPort Extreme to engage in channel bonding on the 2.4GHz frequency band. This is a very neighbor-friendly policy, because only three channels in this band—channels 1, 6, and 11—don’t overlap. A router engaging in 2.4GHz channel bonding can hog more than its share of bandwidth and will likely interfere with other 2.4GHz routers operating nearby.

The AirPort Utility also makes it very easy to update the router’s firmware. The AirPort Extreme is so much easier to set up than any other router of the many competitors.
The reason is that if you stay in Apple’s ecosystem you will benefit from all the efforts Apple did for an easy-to-use experience.

The performance on 802.11n standard transmission technique is high.
The APE is powerful even if thick walls hamper propagation of electromagnetic waves.

Interference …

In physics, interference is a phenomenon in which two waves superimpose to form a resultant wave of greater or lower amplitude. Interference usually refers to the interaction of waves that are correlated or coherent with each other, either because they come from the same source or because they have the same or nearly the same frequency like electromagnetic waves sent from WiFi networks.


If you get problems with interference or the performance of your network is slow which may be caused by interference follow these guidelines:

Apple about potential sources of interference

Macworld, Troubleshooting Airport Interference

The Airport Utility …

Apple’s ZEROCONF technique minimizes your efforts to install a usable internet access.

Zero configuration networking (zeroconf)
is a set of techniques that automatically creates a usable Internet Protocol (IP) network without manual operator intervention or special configuration servers.
Zero configuration networking allows devices such as computers and printers to connect to a network automatically. Without zeroconf, a network administrator must set up services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer’s network settings manually, which may be difficult and time-consuming.

Look at the details to get a deeper understanding of what happened when configuring the network.
To see the details of your own WiFi network go to Settings – WiFi and tap on the right-pointing blue arrow of you network. Go to the bottom and tap on ‘Manage network’. This will open the Airport Utility. Airport Utility can be used to individualize the configuration.

Regarding to my blog Network (1) from April 20 you will now understand the configuration details set by the APE:

    the APE acts as a DHCP server and assigns private IP addresses (10.0.1.x) to all devices joining the WiFi network after entering the password.
  • NAT ON
    the APE does the network address translation that means, NAT converts your private LAN IPs into a external WAN IP
  • Security
    the APE encrypts all WiFi network traffic with WPA2
    (Wi-Fi Protected Access II (WPA2) is a security communication protocol developed by the Wi-Fi Alliance to secure wireless computer networks)

This slideshow shows all settings displayed in Apple’s app AirPort Utility:

This slideshow requires JavaScript.

In addition to the automatic configuration I entered the following settings:

  • Reservations for IP addresses
    the APE reserves an IP address for all devices. Reservations are useful if you want that the DHCP feature of your APE assigns a fixed IP to your devices. Otherwise DHCP is free to assign any free IP address in the range – every time you join your network.
  • 5 GHz network
    The APE works in the 2.4 and 5 GHz frequency band. The iPad is able to connect on the 5 GHz band and I named this (second) network as ‘Apple Airport 5 GHz’.
    If you have interference problems with other WiFi networks you may vary the channel or move over to the 5 GHz network.
  • With the help of Airport Utility for PCs I additionally limited the signal power to 50% which is enough to get connected in all rooms and hampers other WiFi capable devices outside my home to detect my network.

The result is a working internet connection checked by the app Fing which is available at Apple’s App Store.


The disadvantages …

The AirPort Extreme has only one USB 2.0 port, so it can share either a printer or a storage device over your network. This is in the line with Apple’s strategy that printers should be connected via AirPrint. I miss the support of USB 3.0.

Apple’s design decisions help its product blend into a home’s décor and so the old version of AirPort Extreme was designed to rest flat while the new version was redesigned in June 2013 due to an improved output power. It’s still an eyecatcher.


Related links …

Airport Extreme Tec Specs

Airport Extreme User Guide

Airport Extreme Easy Setup

Setting up your wireless network

Cisco, 20 Myths of Wi-Fi Interference

Thanks for visiting my blog.
Wireless as well as wired connections are welcome.

VPN with iOS Devices (2)

13 06 2013

My first article about this topic explained the basics of a VPN connection between a device outside your local area network and a computer inside of it. All necessary settings for firewall and iOS device are explained in this article.

Step 1 Configuring the firewall

Many of the VPN tunnel configuration settings in the VPN client on iOS devices or Mac OS X are not configurable by the user.
So it is very important to exactly configure the settings on the firewall to match the settings required by the VPN client on the iOS device or MAC OS X.

In web-interface of the Watchguard XTM firewall go to VPN – Mobile VPN with ipSec and click Add.

After finishing the configuration of the Mobile User VPN Group users have to be configured in a next step. If you define a user don’t forget to assign him to the group (here ‘Apple’) at the bottom of the dialog.


If you want to use a configuration file (.wgm) for mobile devices which can be generated via Watchguard UI, send this file via E-Mail to your mobile device. On the mobile device tap on the attachment and select ‘Watchguard’ from the apps menu of the ‘Open in’ command. This will open the Watchguard configuration app. This app is solely for creating a profile containing the right settings.

I recommend to configure the device manually because it’s easy and a download of Watchguard’s app from Apple’s App Store is not needed.

Step 2 Configuring an iPad or iPhone

Configure the profile directly on the device …


App controlled installation …

Tapping on the WGM file attachment opens Watchguard’s iOS app and you can install the configuration as an unsigned profile.


Step 3 Testing the connection via WiFi or 3G

To access a resource from outside the LAN via VPN go to Settings on your mobile device and activate VPN. After a successful connection a VPN icon is displayed in the status bar.

When connected your device will behave as if it is part of the LAN. So any app on your mobile device you use inside the LAN can also be used when connected via VPN.

But keep in mind: That’s only valid for accessing files.
What you cannot use are apps which require the device located in the same network.

Consider the app Printer Pro. You can print documents saved on the mobile device using a printer connected to a computer in your LAN. This won’t work when connected via VPN because apps on your computer do not send information about available printers to your mobile device. This happens only if you are a real, not a virtual member of the LAN.
The option ‘Open on my PC’ provided by the app ‘Fingerprint’ is available if the device is a real member and disabled if there is a virtual connection to the LAN.


I myself use the app FileBrowser to access files on remote computers.


Summary …

Using a VPN connection provides security.
The participating devices have to authenticate before a secure connection can be established.
All data will be strongly encrypted before transfer over the unsafe internet starts.
To connect you just have to set the VPN slider to ON.

Thanks for flying with

VPN with iOS Devices (1)

11 06 2013

Think about masked figures walking on the Broadway.
They are using public roads but you cannot identify them and you don’t know what’s going on inside their brain.

That’s the idea of establishing a Virtual Private Network (VPN) where the data stream uses the public internet highways but cannot be read by anyone. Capsule encrypted information in an ordinary overcoat and decrypt it by using a mutually agreed foreign language.


This image shows the requirements of a typical configuration for private or small business use.

  • Firewall
  • Mobile device
  • Free Dynamic DNS account
  • Computer in a LAN you want to have connect to

Apple’s OS X for Mac and iOS for iPhone, iPad, and iPod Touch include a native Cisco IPSec VPN client. You can use this client to make a secure IPSec VPN connection to a firewall and the devices behind it. To do this, you must configure VPN on your firewall device to match those on the iOS or Mac OS X device.

Following the KISS principle I want to describe how to connect an iOS device with the LAN using the integrated Cisco client.

KISS = Keep it simple, stupid
A design principle noted by the U.S. Navy in 1960 that states that most systems work best if they are kept simple. Unnecessary complexity should be avoided.
Variations of this phrase are:
Keep it simple sir, Keep it simple and straightforward, Keep it short and simple, Keep it simple or be stupid

Why VPN …

Using a VPN connection provides security.
The participating devices have to authenticate before a secure connection can be established. All data will be strongly encrypted before transfer over the unsafe internet Autobahn starts.

You may think that there are apps connecting you with your devices at home with nearly zero configuration e.g. TeamViewer. That’s true but these apps don’t allow simultaneous connections of more than one device. Others like VNC Server/Viewer allow concurrent connections but their free versions do not support encryption. Additionally the firewall has to be configured for Port Forwarding.

So the best practice is to use VPN without additional licensing costs and nearly the same expenditure of time for setting up the virtual private network.

The basics …

Refer to the following articles about basic terms and functionalities of networking:

Network (1) Addressing

Network (2) Apple Airport router

Network (3) Port Forwarding

Your Internet Service Provider (ISP) usually assigns varying IPs. This would prevent a suitable usage of VPN. If this would happen with addresses in real life a postman could not deliver your mail. However there is a simple and free solution by using Dynamic DNS services offered by or other providers.

From a Dynamic DNS provider you will get a hostname, not an IP address. A device from outside your LAN first contacts the DDNS provider to evaluate your actual WAN IP address. Your mobile device can now locate your LAN in the internet and establish a connection.

It’s quit simple to get an account at No-Ip.
Sign in and you get an E-Mail with a confirmation link.
Fill out the form for Dynamic DNS and you get a hostname like ‘’.
This constant hostname will replace the varying WAN IP of your home/small business network.
How does No-Ip get your WAN IP? Well, you have to install the free No-Ip Dynamic Update Client on one of your computers inside the LAN. This client updates your changing IP at No-Ip’s servers. Don’t switch this computer off to ensure that No-Ip knows your WAN IP at any time.

The Watchguard Firewall XTM …

Watchguard Inc. is located in Seattle, USA.
The company I work for uses Watchguard products without any problems since many years.

The firewall serves as a gateway for the LAN managed by Windows 2008 servers. Colleagues must have a secure access to these resources.

A running VPN connection …

The following steps illustrate the principles of a VPN client-server interaction in simple terms found on Wikipedia. For IP addresses refer to the above shown graphics.

Assume a remote host with public IP address wishes to connect to a server found inside a company network. The server has internal address and is not reachable publicly. Before the client can reach this server, it needs to go through a VPN server / firewall device that has public IP address and an internal address of All data between the client and the server will need to be kept confidential, hence a secure VPN is used.

01 The VPN client connects to a VPN server via an external network interface.

02 The VPN server assigns an IP address to the VPN client from the VPN server’s subnet. The client gets internal IP address, for example, and creates a virtual network interface through which it will send encrypted packets to the other tunnel endpoint (the device at the other end of the tunnel). This interface also gets the address

03 When the VPN client wishes to communicate with the company server, it prepares a packet addressed to, encrypts it and encapsulates it in an outer VPN packet, say an IPSec packet. This packet is then sent to the VPN server at IP address over the public Internet. The inner packet is encrypted so that even if someone intercepts the packet over the Internet, they cannot get any information from it. They can see that the remote host is communicating with a server/firewall, but none of the contents of the communication. The inner encrypted packet has source address and destination address The outer packet has source address and destination address

04 When the packet reaches the VPN server from the Internet, the VPN server decapsulates the inner packet, decrypts it, finds the destination address to be, and forwards it to the intended server at

05 After some time, the VPN server receives a reply packet from, intended for The VPN server consults its routing table, and sees this packet is intended for a remote host that must go through VPN.

06 The VPN server encrypts this reply packet, encapsulates it in a VPN packet and sends it out over the Internet. The inner encrypted packet has source address and destination address The outer VPN packet has source address and destination address

07 The remote host receives the packet. The VPN client decapsulates the inner packet, decrypts it, and passes it to the appropriate software at upper layers.

Overall, it is as if the remote computer and the server are on the same network or in other words as if you are sitting in the office. VPN extends a private network across the public internet. Data are shared as if they were an integral part of the private network.

Continue reading about VPN. My next article describes the configuration of the firewall and the iPad/iPhone.

Thanks for visiting

Network (1) Addressing

20 04 2013

The articles about networks are written for my readers who are not familiar with the terminology, the functionalities and the cooperation between devices in a network environment.

Part (1) explains the basics of networking. Experts should overlook some verbalization because I want to keep it very simple.

If you want to communicate with other people far away from you, you need an address. It can be a postal address, an E-Mail address or a phone number. In any case the address has to be unique to ensure that your message will be delivered to the person you want to communicate with.


As you can see I left out the addressing method of the corresponding transmission of a PDF file from one of your devices to a Dropbox cloud storage account.
Addressing we use for letters is not appropriate for a computer network as it can be written in different ways up to the country’s conventions. Furthermore there is no fixed location where data are stored. On a day it can be a webserver in Australia and a day later it possibly can be a webserver in India.
So the device address must be more like a GPS address which is uniquely written all over the world with the additional possibility to forward an existing address to a new address without noticing the users. To do so a complex organizational computer infrastructure has to be established which transmits requests to the right recipients wherever they are actually located.

All network devices around the world use an IP address for identification purposes. It usually consists of 4 numbers separated by a dot (

An IP address (Internet Protocol address) is an assigned numerical label that is used to identify devices on computer networks. Think of it like this: An IP address is to a computer what a telephone number is to an iPhone. Each computer can stand alone without its respective IP address. However, if you want to communicate with other computers from yours, you will need an IP address.

  • An IP address is a 32 bit binary number divided into four sections by dots.
  • Each part of an IP address is called on octet.
  • As 255 is the largest number which can be represented with 8 bits each octet can range the range from 0 to 255.
  • For LANs the following IP addresses are reserved by RFC 1918: – – 172. 31.255.255 –

An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: “A name indicates what we seek. An address indicates where it is. A route indicates how to get there.”

Here you can see an example. It’s my small home configuration, a WiFi network with some Apple devices where the boss for addressing all devices is an Apple Airport Extreme router.


As you can see this network has no connection to the outer world at this time. So this system allows basically the use of any combination of numbers for addressing the devices.

Severe problems would arise if you want to contact a network outside this local area network (LAN) e.g. a webserver in another country which provides a website you are interested in. It cannot be assured that the address of this computer is unique. So your request might wander around the world with uncountable answers.

In my articles about networks you often are confronted with the expression protocol. What is a protocol?

A communications protocol is a system of digital message formats and rules for exchanging those messages in or between computing systems and in telecommunications. A protocol may have a formal description. Protocols may include signaling, authentication and error detection and correction capabilities. Communications protocols have to be agreed upon by the parties involved. To reach agreement a protocol may be developed into a technical standard.

Look at the first image of this article.
We can talk about a Postal Protocol where the postal address has to be defined as name, street (or PO box), city, ZIP code and country. It’s just a convention about the way how an address has to be written and what kind of information should be included.

LAN and WAN …

To solve this problem, a LAN (where IP addresses are free to choose) can be connected to other LANs by using a worldwide unique wide area network IP address (WAN IP address). Your Internet Service Provider (ISP) assigns a WAN IP address to your router so that requests from a device inside your LAN is transmitted with this WAN IP and the recipient can answer using your WAN IP as the destination address.

Here is the WAN IP taken for my local area network some weeks ago.


My ISP is a German Cable Internet Provider. Like most other ISPs the company assigns varying IP addresses to my connection. My IP address is therefore called a Dynamic IP address. It may vary from hour to hour or day to day. So usually I cannot reliably reach any device inside my LAN without looking up the actual IP address. This problem will be discussed later.

Look here for a more detailed view on LAN and WAN IPs and what your devices have to do when you connect to the internet e.g. request for a website.


You can see that there are several devices with different LAN IPs but only one WAN IP.
So it has to be cleared up how the information requested by a specific device is delivered to this device. NAT (Network Address Translation) does it.

In computer networking, network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across traffic routing devices.

If you enter the address of a website e.g. you might argue that this format is not the format of an IP address as mentioned above. You are right and some further functionality is needed to convert this human-friendly address into an IP address.
This service is called DNS (Domain Naming System).

The Domain Name System (DNS)
is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates domain names meaningful for users to the numerical IP addresses needed for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet.
An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name translates to the addresses Unlike a phone book, the DNS can be quickly updated, allowing a service’s location on the network to change without affecting the end users, who continue to use the same host name. Users take advantage of this when they recite meaningful Uniform Resource Locators (URLs) and E-Mail addresses without having to know how the computer actually locates the services.

Ports …

You already know that data on the Internet is sent to and from IP addresses. Sending or receiving data is done on ports. Ports are virtual pathways on which Internet data flows.

If we think of an IP address as a telephone number (an identifying number that allows communication between two locations), then we can think of ports as telephone number extensions. Suppose you wanted to make a telephone call to a major corporation like Apple. If Apple only had one simple telephone line it would take a very long time for your call to finally get through. However, by using telephone number extensions, Apple can channel incoming calls to the proper locations and as a result handle many calls on one line as opposed to just one call.
Ports are like telephone number extensions as they allow multiple pieces of data to flow back and forth on a single IP address. In fact, port numbers are appended to the end of IP addresses just as extensions are appended to telephone numbers.

In other words, ports are numerical identifiers that make it possible for you to check your E-Mail and browse the web at the same time. Technically speaking, this is possible because browsing the web traffic generally uses port 80, secure website connections use port 443, and getting your E-Mail generally uses port 110.

Technical Facts
Ports are a 16-bit number can range from 1-65535.
TCP and UDP packets specify the port on which they are to be sent in their packet header.
The ports that a given application uses are generally set by the programmers of that application.the purpose of ports is to uniquely identify different applications or processes running on a single computer and thereby enable them to share a single physical connection to a packet-switched network like the Internet.

The protocols that primarily use ports are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite. A port is identified for each address and protocol by a 16-bit number, commonly known as the port number. The port number, added to a computer’s IP address, completes the destination address for a communications session. That is, data packets are routed across the network to a specific destination IP address, and then, upon reaching the destination computer, are further routed to the specific process bound to the destination port number.
Note that it is the combination of IP address and port number together that must be globally unique. Thus, different IP addresses or protocols may use the same port number for communication; e.g., on a given host or interface UDP and TCP may use the same port number.

Ports in Relation to IP Addresses …

Remember at the top of this page when it was mentioned that ports are appended to the end of IP addresses just as extensions are appended to telephone numbers? There is a specific syntax for appending port numbers to IP addresses and it is as follows:
(IP Address):(Port Number) or..

Notice the colon acting as a separator between the IP address and the Port Number. Port Numbers are appended to the end of all IP addresses whenever data is sent.
Why don’t we see a port number appended to the end of web addresses?

There are a few commonly used port numbers. Web traffic uses port 80 and is in fact so common that port 80 is assumed to be appended to the end of a web address by your internet browser and thus can be left off. You can test this by typing into your browser’s address bar. When you press enter, you should go straight to Google. Now, try typing into your browser’s address bar. When you press enter, you will not be connected to Google.


There is still some information missing. Who assigns IP addresses?

The Dynamic Host Configuration Protocol (DHCP) is a network protocol that is used to configure devices which are connected to a network so that they can communicate on an IP network. The main task of a DHCP server is the assignment of unique IP addresses to all devices within the network. In a typical private LAN, a router is the DHCP server while clients are tablets, computers or printers. The router receives information through a modem from an internet service provider which also operates DHCP servers where the modems are clients. The clients request configuration settings using the DHCP protocol such as an IP address, a default route and one or more DNS server addresses. Once the client implements these settings, the host is able to communicate on that internet.
The DHCP server maintains a database of available IP addresses and configuration information. When the server receives a request from a client, the DHCP server determines the network to which the DHCP client is connected, and then allocates an IP address or prefix that is appropriate for the client, and sends configuration information appropriate for that client.

Summary …

  • IP address
    a number like as an identification of a device within a network
  • LAN
    the local area network
  • WAN
    the wide area network connecting LANs
  • NAT
    the replacing of LAN addresses by WAN addresses
  • DNS
    the renaming of human-friendly addresses into IP addresses and vv.
  • DHCP
    the system which configures devices especially assigns IP addresses
  • Protocol
    a convention how to communicate within a LAN or WAN

Thanks for reading my blog.
If you have any questions don’t hesitate to contact me via my About page or a comment on this article.

%d bloggers like this: