Skip to content

Cloud Remote Access

Overview

The IoT Extension Cloud Remote Access feature allows you to remotely access operating panels and other devices via a web browser.

The remote-controlled device runs a VNC, SSH or Telnet server and is connected to a gateway compatible with Cloud Remote Access. This gateway must be registered as a device within the Device Management application in IoT Extension. More information about registering devices and instructions can be found in Device Management > Device Registration.

With Cloud Remote Access users can

  • view status visualizations and track updates of remote devices immediately as if the user were at the device location,
  • connect to remote devices easily as complex VPN setups are not required,
  • establish connection via Telnet or SSH to the gateway itself or to any device in the local area network.

The connection to remote devices is securely encrypted through TLS technology. Additionally, passwords are encrypted in your IoT Extension account, so that you do not need to manage them elsewhere.

Using Cloud Remote Access

Cloud Remote Access is available in the Device Management application.

To use Cloud Remote Access, the following prerequisites have to be met:

  • a Cloud Remote Access compatible gateway connected to your IoT Extension account;
  • a device with a VNC, SH or Telnet server that is connected to the gateway and reachable from the gateway.

Click "All devices" and select the desired gateway from the device list.

When you open the device you will find the Remote access tab in the tab list of the device.

Note

The Remote Access tab is visible only if your device/gateway supports the Remote Access functionality.

In the Remote Access tab, you can configure devices for remote control, so-called "endpoints", and connect to a device.

Connections can be established to the gateway itself (localhost) or to any device in the local area network reachable by the device.

Note

If the prerequisites are met and you do not see the Remote access tab in the tab list of your gateway, please contact sales@IoT Extension.com. If you are a gateway manufacturer and would like to support Cloud Remote Access on your gateway, please contact support@IoT Extension.com.

Configuring endpoints

The "endpoint" is the IP address and port of the VNC, SSH or Telnet server running on the device. The IP address and port need to be reachable from the gateway.

To configure new remote devices, click "Add endpoint". Follow the descriptions below for configuring the various kind of endpoints.

Note

To be able to configure an endpoint, you need "Admin" permission for "Remote access" and "Device control". To read data, a “Read” permission is sufficient. For more information on permissions, refer to Managing permissions in Administration.

Adding remote access endpoints via VNC

To configure a remote access endpoint via VNC, enter a description for the remote access endpoint, the IP address and port, and the password of the VNC server. Click "Save" to add the endpoint to the list.

Once the connection is established, a new browser tab will open displaying the front screen or operating panel of the device you are connected to. The top bar of the screen will show “starting VNC handshake” when the process is starting.

Adding remote access endpoints via Telnet

Enter the name of the endpoint. Select the Telnet protocol from the dropdown menu. Enter the IP address and the port. When ready, click "Save".

Notice

Be aware, that Telnet is considered to be an insecure protocol lacking built-in security measures. For network communication in a production environment we highly recommend to use the SSH protocol instead.

Adding remote access endpoints via SSH

To configure a remote access endpoint via SSH, enter the name of the endpoint, select the "SSH" protocol from the dropdown list, and enter the IP address and the port. There are two Sign-in methods to be selected:

  • Username and password: If this method is selected, it is mandatory to enter username and password.
  • Public/private keys: Automatically generate public and private keys or simply paste pre-generated keys. The keys can also be uploaded from a file.

Note

The public key needs to be installed on the device as authorized_key.

Optionally, you can also add a host key to ensure connection to the correct device. This key can also be uploaded from a file.

Click "Save" to save your settings.

The following formats are supported when adding new keys:

  • OpenSSHv1
  • OpenSSHv2
  • PEM
  • SSH2

The following algorithms are supported when adding new keys:

  • RSA
  • DSA
  • ECDSA
  • ED25519

Editing or removing endpoints

To edit or remove an endpoint, click the menu icon at the right of a row and select "Edit" or "Remove" from the context menu.

Connecting to endpoints

To connect to configured endpoints, choose an endpoint in the Remote access tab and click "Connect". The connection to the configured device is established and the VNC, SSH or Telnet screen is shared in the client area.

To terminate the connection, click "Disconnect".

Displaying the audit logs

Audit logs are displayed for each device.

For each connection the Cloud Remote Access microservice creates an operation in scope of the current user. The operation then will be updated by the device to reflect the current status. Finally the operation will be in state SUCCESSFUL or FAILED.

The audit logs can be found in the Control tab of the device.

Compatibility and limitations

VNC protocol

The following versions of the VNC protocol are currently supported:

  • RFB 003.003
  • RFB 003.007
  • RFB 003.008

The functionality has been tested on the following VNC servers:

  • Real VNC 5.3.2
  • Tiger VNC 1.6.0/1.7.0
  • TightVNC 1.3.9
  • EfonVNC 4.2
  • Vino

The following operating systems/browsers are currently supported:

Operating System Browser Touch Swipe Keyboard Pointer
Windows 10 Edge 38 Yes Yes Yes Minor
Windows 10 Internet Explorer 11.5.6.7 Yes Yes Yes Minor
Windows 10 Firefox 51 Yes Yes Yes Yes
Ubuntu 16.04 Chrome 56 Minor Yes Yes Yes
Ubuntu 16.04 Firefox 51 Minor Yes Yes Yes
MacOS Safari Yes Yes Yes Yes
iOS 10.2.1 Safari Yes Minor No n/a
Android 6.0.1 Chrome Yes Minor No n/a
Android 6.0.1 Stock browser 5.0 Yes Minor No n/a

Telnet protocol

The following limitations apply to Cloud Remote Access for Telnet:

Area Scrolling Reflow on width change Bitmap fonts Vector fonts Mouse tracking
Console Yes No Yes Yes Yes
xterm Yes No Yes Yes Yes
Area Application keypad Tabs Split screen
Console Yes ? Yes
xterm Yes No No

SSH protocol

For Cloud Remote Access for SSH the same limitations as mentioned for Telnet apply (see above). Also the following additional limitations are known:

  • International characters are not to be supported yet.
  • Only limited number of control characters are working. For example interrupt (ctrl+c) is not working yet.
  • Mouse movements are not supported.
  • Only SSHv2 protocol is supported.

Troubleshooting

If you cannot set up new endpoints, check if you have sufficient permissions.

To set up new endpoints, you need "Admin" permission for "Device control" to be able to register a device and “Admin” permission for "Remote access" to be able to add an endpoint.

To establish a connection to a remote operating panel, a “Read” permission for "Remote access" is sufficient.

For more information on permissions, refer to Administration > Managing permissions.

The connection via a gateway to a remote VNC, SSH or Telnet server can fail because of network problems. In this case you need to contact your network administrator.

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.


Last update: May 9, 2022