Skip to content

MindSphere Remote Service: Engineering-Option

The Engineering Option allows apps residing inside a Service Network or its secondary network to connect to apps and data residing on devices in a remote Device Network, whilst using customizable IP-based protocols. This enables remote use of engineering or maintenance tools such as Siemens TIA Portal or for routing Audio/Video streams such as access to remote cameras.

Engineering Option

The following Service-to-Device protocol setups are being supported: - Dynamic Transparent Tunnel (DTT) for routing of TCP/UDP using custom port settings - Proxy Unaware (PU) routes connetions not designed for routing and is only available on certain Windows® versions - Web Application enables for connecting to HTTP or HTTPS servers

Note: The setup and configuration of this documentation's reference tenant, its users, Sites and Devices can be found in chapter Sample setup used in documentation.

Note: The product structure and the protocol routing capabilities of the individual optional capability packages are described in chapter Product structure and procurement.

Example - Administrator creates Protocol Application for a video stream

If we want to use a video stream such as RTP in order to access a camera, then a tenant administrator has to create the associated Protocol Application upfront, so that it becomes available within the Protocol Application catalogue of MRS. In MRS V.2 this is done by first selecting the "blue box icon" on the top left, which will open the Protocol Application menu. Click "Create New Protocol Application".

Admin creates Protocol Application for Video

Now you see the Protocol Hub listing all available protocol templates. The ones associated with the Engineering Option are tagged accordingly. Select "Dynamic Transparent Tunnel".

Admin creates Protocol Application for Video

In this step we assign the DTT application with the name DTT for Video Stream and set the port settings for video streaming. Press "Save" when done.

Admin creates Protocol Application for Video

The newly created Protocol Application DTT for Video Stream now shows in the catalogue. It may be assigned to Devices in subsequent steps.

Admin creates Protocol Application for Video

Example - Site Owner assigns video stream protocol to Device

The owner of a site wants to access a camera device and thus leverages the previously predefined Protocol Application for doing video streaming. The intended setup is as follows:

Access to video stream

Press the blue device icon in the top left corner of MRS V.2, which opens the Device menu. We select Device PC p01 from the device tree on the left and then press the blue button "Assign Protocol Application".

Owner assigns video to Device

The catalogue lists all available Protocol Applications. Select the needed DTT for Video Stream and press the blue arrow icon next to it.

Owner assigns video to Device

Now the needed DTT for Video Stream is listed as an assigned Protocol Application on the right-hand side. Press "Save".

Owner assigns video to Device

The assigned DTT for Video Stream is now ready for use - a click on the blue chain icon next to it would initiate a connection.

Owner assigns video to Device

Example - Site Owner assigns web application protocol to PLC Device

The owner of a site wants to access a web server located on a PLC Device. Some PLCs offer such web servers for configuration or status supervision purposes. So a predefined Protocol Application enabling encrypted routing of HTTPS will be assigned to an already onboarded PLC device named PLC p01. We use MRS V2 and the Device menu available via the blue icon in the top left corner. Select PLC p01 from the organizatioanl tree and click "Assign Protocol Application".

Owner assigns WebApp to PLC Device

We assume, that an administrator already used the MRS Protocol Hub to create a Protocol Application named WebApp for PLC by using the Web Appliation template. Click the blue arrow icon next to WebApp for PLC to assign it to PLC p01.

Owner assigns WebApp to PLC Device

The WebApp for PLC is now listed as a Protocol Application assigned to PLC p01. Click "Save".

Owner assigns WebApp to PLC Device

The WebApp for PLC can now be used for PLC p01 by creating a tunnel via the blue chain icon. Once the connection will have been established, you may start a browser on your PC residing in a Service Network, which will then be able to connect to the web server of the PLC residing in a remote Device Network.

Owner assigns WebApp to PLC Device

Note: please ensure that respective Service Endpoint and Device Endpoint are up and running.

Example - Site Owner assigns custom DTT for remote engineering with TIA portal

The owner of a site wants to enable remote engineering, where the Siemens TIA portal is not located within the local Device Network but within a Service Network such as the network of an OEM acting as a contracted Service Provider. That enables an OEM's technicians to perform maintenance or commissioning tasks from remote. In order to enable this use case the TIA cloud connector must be present at either end of the encrypted tunnel spawned by MRS and as outlined in below sketch.

TIA portal use case

We select the Device view in MRS V2 by pressing the hexagonal icon in the top left corner. Then we select the target Device PC i01 from the organizational tree. Press "Assign Protocol Application".

Owner assigns DTT for TIA

The catalogue of available Protocol Applications opens and display the already predefined DTT for TIA Portal. Press the blue arrow icon next to it. Note: used port settings must comply with the requirements of the used TIA Cloud Connector. Please refer to its documentation for further details.

Owner assigns DTT for TIA

DTT for TIA Portal was now assigned. Confirm this via "Save".

Owner assigns DTT for TIA

DTT for TIA Portal is now ready for use. The next example outlines how to establish this connection, so that TIA portal can be used from within a remote Service Network.

Owner assigns DTT for TIA

Example - User establishes remote connection for TIA Portal

A user wants to perform remote engineering with Siemens TIA Portal. The user's PC must host the TIA portal and the TIA cloud connector. Furthermore, the user must have downloaded a Service Endpoint as outlined in section Getting connected. Note: access will only be possible, if the respective user was granted all necessary access rights and roles.

As an initial step, the user launches the MRS Service Endpoint on the used PC.

User launches TIA

Selecting the hexagonal device icon in MRS V2 opens the Device menu. Navigate to PC i01 in the organizational tree. Click the blue chain icon next to the assigned Protocol Application DT for TIA Portal. After a short while the DTT icon will turn green indicating the encrypted tunnel is up and running. (If needed, the tunnel can be terminated by clicking the blue icon with the broken chain.)

User launches TIA

Now TIA portal may be launched.

User launches TIA



Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.


Last update: July 29, 2022