Concepts for accessing devices that are separated from the Internet by a firewall have already been developed. Firstly, the firewall can be configured to pass requests from the Internet to a subordinate device. However, this requires access to the configuration of the firewall, which poses a security risk for the firewall and the subordinate device to be accessed. On the other hand, VPNs can be established that combine remote devices or entire networks. This requires the provision, administration and configuration of a VPN server, which is extensive and may involve additional costs as additional software must be installed and maintained.
The Innovation from M&M: Remote Device Access
With the Remote Device Access solution from M&M Software, server-services of IoT devices can be accessed from the Cloud through any firewall. No special configuration of the firewall is required. It is also not necessary to install additional client software on devices of the actual user - it can be any computer with a web browser.
Remote Device Access only requires the administrator to run a Device Local Proxy on the IoT device and link it to the corresponding cloud service. M&M Software offers a comfortable, web-based user interface for this Cloud service. The Device Local Proxy is available as a Docker Container and can be executed on any Docker capable Linux system.
Remote Device in practice - application examples
Currently, access to Secure Shell (SSH) and Web (HTTPS) server services is supported. Others, such as remote file transfer, can be implemented quickly and easily.
In the case of establishing an SSH connection, it is not necessary to install an SSH client on the user's computer. A corresponding terminal is already integrated into the web-based application.
Access to server-services of an IoT device
For remote access to an IIoT device, the Device Local Proxy, which is executed on the IoT device in a Docker Container, establishes a connection to the Azure Cloud.
The TCP packets of the corresponding protocols can then be passed through via this connection. The user interacts with a client (terminal), which is executed in the web browser.
Access to server-services of subordinate devices
To access multiple IoT devices located within a network, a corresponding Edge Device can be provided that is used within the same network.
This Edge Device can then be used to establish connections to subordinate devices.
Remote access to devices, especially in an industrial context, is extremely risky. The option of allowing remote access to a device is a requirement, but it is also a potential threat.
To be safe, M&M has decided to use Device Streams, a feature of the Azure IoT Hub Service, in the background. Here, all connections are secured with TLS and from the device point of view are implemented as outgoing connections.
Accordingly, the solution may only be used by authorized persons. A connection to an Azure-based Active Directory was implemented for this purpose.