Device Configuration for Remote Tunnel Access

Device Manager Thing Definition

The device manager thing definition in Device Cloud must have the remote_access_support attribute defined.

If you have an earlier release of the Python agent installed, you may need to update the thing definition. For more information, see Device Cloud Release Notes, April 6, 2018.

Python Device Manager Dependencies

If you install the Python agent on your device from the PyPI repository, all dependencies should be installed. For information about installation issues, see Device Cloud Device Programmer's Guide: Troubleshooting Installation Issues with the Python Agent.

Device Manager Configuration for Remote Tunnel Access

In the actions_enabled object in the iot.cfg configuration file, specify true for the remote_login action. This is the default setting.

The remote_access_support array must contain the protocol name and ports for each protocol you want to support on the device. For each protocol, you can specify an optional session timeout value in minutes to override the default value of 60 minutes.

The following shows an example configuration:

        "remote_access_support":[
                { "name": "Telnet", "port":"23", "session_timeout":"60" },
                { "name": "SSH",    "port":"22", "session_timeout":"60" },
                { "name": "VNC",    "port":"5900" },
                { "name": "HTTP",   "port":"80"   },
                { "name": "HTTPS",  "port":"443"  },
                { "name": "RDP",    "port":"3389" }

The port specified must match the port configured for the associated remote access server on the device. Only ports that are listening are advertised to Device Cloud.

For more details about the configuration file, see the following:

• Device Cloud: Device Manager
• Device Cloud: iot.cfg Reference

Device Configuration

You must install, configure, and run the required remote access server application on the device. The steps are operating-system and application specific. You may be able to use a package manager to install the application, you may need a third-party package (such as freesshd for Windows), or you may need to include it in the list of packages you add to the root file system when you build an image for your device (Yocto-based Linux). Ensure that you bind the server to localhost only.

The server application must be running before the device manager starts.

The device manager detects the services listening on the ports configured in the iot.cfg file on the device and advertises the remote access capabilities to Device Cloud based on the values in the configuration file. The configuration information is shown in the remote_access_support attribute, which appears on the thing page on the Management Portal under the Attributes tab.

The port specified in the service configuration must match the value in the iot.cfg file.

The following example for SSH shows the port configuration settings that must match:

The port value in the Connection Type list shows the port on which the device manager detected the service.

Typically, you only need to specify a different port in the Connection Port box if there are multiple instances of the server running on different ports. For example, you can start multiple VNC servers, each on a different port. At least one of the ports on which the server runs must be configured in the iot.cfg file. For example, if you run a VNC server on port 5901 and 5902, you must specify one of these ports in the file.

If you change the settings in the iot.cfg file, you must restart the device manager to activate the new settings.

You should verify your device and client configuration locally before deploying the device to a production environment.