Introduction

The Cumulocity Cloud Remote Access feature offers a seamless and secure way to connect to your devices using either a browser-based remote desktop or an SSH connection. Devices can be directly accessed through the Cumulocity platform’s web-based user interface without exposing any ports to a public network, thereby eliminating the need for additional software or complex VPN infrastructure. Alternatively, you can also establish a secure TCP tunnel directly to a local machine.

Leveraging these remote access and management capabilities allows for effective configuration and troubleshooting of devices, such as industrial machines, IoT gateways, or network infrastructure. This includes, for example, the following scenarios:

  1. Remote assistance and troubleshooting of machines by accessing the Human Machine Interface (HMI) via VNC.
  2. Access local UIs like the configuration UI of a NodeRed server to manage your flows or access the stream of your CCTV camera.
  3. Directly access an SSH server in a private network from the browser via WebSSH without requiring any additional software. The connection is easy to set up which makes it very convenient particularly when working with multiple devices.
  4. Natively connect to an SSH server in a private network with any local client like PuTTY or OpenSSH. This provides more advanced functionalities compared to WebSSH, like file copy via SCP, while providing better performance and latency.
  5. Remotely develop and debug logic and scripts deployed on top of your devices by using the Codesys IDE or Visual Studio Code using CRA with the Cumulocity CLI acting as a local proxy.

How Cloud Remote Access works

This versatile feature offers two primary connection methods:

  1. Direct device access: Establish a seamless connection to devices directly linked to Cumulocity.
  2. Gateway-enabled remote access: Leverage a connected device as a gateway to access any device that is reachable within its local area network, expanding your reach to manage multiple devices through a single entry point.

The connection is always initiated by the device. The feature operates through a microservice running within Cumulocity, which tunnels all protocols through a secure WebSocket connection and manages authentication without the need to open any port. This approach provides a level of security comparable to traditional VPN tunnels while offering greater simplicity and ease of use.

Key security features include:

  1. TLS encryption for all connections to remote devices.
  2. RBAC to prevent unauthorized personnel from accessing devices and making changes to critical parameters.
  3. Auditability provided through audit logs which get automatically created for each remote session.

To leverage Cloud Remote Access, your device needs to be enabled by installing thin-edge.io. Thin-edge.io is designed to fully integrate with this feature and all other Device Management functionalities provided by Cumulocity. By combining Cumulocity’s Cloud Remote Access with thin-edge.io, you can achieve a secure, efficient, and user-friendly remote device management solution that scales with your IoT deployment.

Cloud Remote Access - VNC, SSH & Telnet

While it is suitable for many scenarios to access the server through a web terminal with connections terminating at the Cloud Remote Access microservice, it may not meet the requirements of more complex use cases. For these scenarios, Cumulocity offers a passthrough option that enables the use of native clients by forwarding packets to a proxy running locally on your machine. This allows you to natively connect to the SSH server from your local machine, access the local Web UI, or tunnel an HTTP server that is running on your device. Basically any TCP port can be bridged that way, not only SSH, VNC, or HTTP traffic.

The easiest way to setup a local proxy is via the Cumulocity CLI, which includes a built-in local proxy supporting the following transport mediums:

  • Unix socket
  • TCP port
  • Standard input/output (stdio)

Cloud Remote Access - Passthrough