Introduction

How to connect your device from anywhere?

Ever wished you could access your IoT Device when you're on the road? Perhaps you've set up a home security camera, you're running a private Minecraft server, or you're using your Pi for some crazy hacked together internet appliance of your own making. Whatever your reason, it's easy than you think to access that IoT Device remotely. Here's how.

To access an IoT Device (or any home computer for that matter) from outside your home network, you'd usually need to jump through a lot of hoops, get an IP address, and tweak a few settings on your home router. If you just need to control a few simple things on your IoT Device, that's overkill. Remote-IoT provides one method that skips all of that.

Remote-IoT makes it easy to access your IoT Device from anywhere using a cloud connection. There are no dedicated VPN/firewall hardware required. As long as your device connects internet, you can fully control of your device including monitoring CPU, Memory and Network usage, performing any actions and running batch jobs on devices.

Architecture

Secure Remote connection

Remote-IoT uses a secure AWS IoT cloud platform to connect to networked devices from anywhere. Remote-IoT provides a secure mechanism for encrypting and encapsulating private network traffic and moving it through an intermediate network. Data is encrypted for confidentiality and wrapped with an IP header containing routing information.

Remote-IoT helps enable users working at home, on the road, or at a branch office to connect in a secure fashion to a remote iot device via the Internet. From the user perspective, the Remote-IoT is a point-to-point connection between the user's computer and an IoT Device. The nature of the intermediate network, the Internet, is irrelevant to the user because it appears as if the data is being sent over a dedicated private link.

Secure Remote Communication

Secure Tunneling

Tunneling is a network technology that enables the encapsulation of one type of protocol packet within the datagram of a different protocol. For example, Windows VPN connections can use Point-to-Point Tunneling Protocol (PPTP) packets to encapsulate and send private network traffic, such as TCP/IP traffic over a public network such as the Internet.

The Remote-IoT tunnel is similar to PPTP. Both of the tunnel endpoints must agree to the tunnel and must negotiate configuration variables, such as address assignment, encryption, or compression parameters. In most cases, data transferred across the tunnel is sent using a datagram-based protocol. The Remote-IoT tunnel management protocol is used as the mechanism to create, maintain, and terminate the tunnel.

After the tunnel is established, data can be sent. The tunnel client or server uses a tunnel data transfer protocol to prepare the data for transfer. For example, when the tunnel client sends a payload to the tunnel server, the tunnel client first appends a tunnel data transfer protocol header to the payload. The client then sends the resulting encapsulated payload across the network, which routes it to the tunnel server. The tunnel server accepts the packets, removes the tunnel data transfer protocol header, and forwards the payload to the target network. Information sent between the tunnel server and the tunnel client behaves similarly.

Advanced Features

Multiport at the same time

For other edition, only one port is supported at the same time. For example, when you connect ssh 22 port, you can't connect the vnc 5900 port. For enterprise edition, you can connect multi-port at the same time.

Permanent Tunnel

For other edition, the port is dynamic and one tunnel are kept for 2-8 hours. After 8 hours, the tunnel is disconnected and the port is changed if you connect it again. For enterprise edition, the connection keeps active and you can always connect your device with the same host and port. You may redirect your (sub)domain name to the certain Permanent Tunnel URL and access your device with your (sub)domain name.

CloudWatch Alarm

You can create a CloudWatch alarm that monitor the sustained state changes such as the connection status, CPU utilization, memory utilization and CPU temperature. For example, when the device is offline, an alert email is sent to your Email account.

Limiting Access by IP Address

Limit the access of your device to specific IP Addresses or a group of IP Addresses.

Global Proxy Server

Our global infrastructure provides low latency and high availability network. You can specify a proxy server near your location in a wide selection of geographic regions of data centers. Also, we can provide the dedicated server and higher bandwidth. Please contact us if necessary.

Install and set up

Signup

Please sign up with the page.

https://remoteiot.com/portal/?link=login

Install

Type the following command to download the Remote-IoT service into your device.

curl -s -L https://remoteiot.com/install/remote-iot-install.sh | sudo -s bash

Install

Java JVM

Java and the JVM (Java's virtual machine) are required for the Remote-IoT service. If your system doesn't have JVM or you find any ssl exception, please install the recommended OpenJDK 8 which is open-source and also the default Java version of the ubuntu and centos Linux system.

In ubuntu please use the command as below:

sudo apt-get -y remove java*

sudo apt-get -y install openjdk-8-jre-headless

In centos please use the command as below:

sudo yum -y remove java*

sudo yum -y install java-1.8.0-openjdk*

Setup

Type the following command to register Remote-IoT service in your device.

sudo /etc/remote-iot/services/setup.sh 'your_account' 'your_password' 'your_device_name' 'your_note' 'your_group'

setup

Access with domain name

You may wish to have easy access your device with yourself domain name. The Enterprise version support the Permanent Tunnel. You may redirect your (sub)domain to a certain Permanent Tunnel URL.

Select "URL" record type in your DNS management page, put @ (your bare domain e.g., yourdomain.tld) for Host and use http://ipaddress:port for Value (IP address and port should be replaced with the Permanent Tunnel URL):

Firewall setting

Since our service does not require any inbound ports and usually these routing or firewalls do not restrict outbound ports, you normally do not need to set up any special rule in these routes or firewalls.

But if your routes or firewalls restrict outbound message, these outbound ports 443, 22 and 8088 to our server remoteiot.com need be allowed.

Batch deployment

For batch deployment in multi devices, please download the Remote-IoT service into your device, add the auto-deploy file with the following command and copy the SD card. The Remote-IoT service is automatically registered when the device boots up.

sudo bash -c 'echo -e "login_email=your_login_email \npassword=your_password \ndevice_name=your_device_name \nnote=your_note \ngroup=your_group" > /etc/remote-iot/auto-deploy'

Disable the monitor data

If you want to save data usage in these mobile devices, you may disable the monitor data with the following command.

curl -s -L https://remoteiot.com/install/disablestat.sh | sudo -s bash

Upgrade

Type the following command to add upgrade script into the crontab job.

echo "0 2 * * * curl -s -L https://remoteiot.com/install/upgrade.sh | sudo -s bash" | crontab

upgrade

Uninstall

Type the following command to remove the Remote-IoT service from your device.

curl -s -L https://remoteiot.com/install/uninstall.sh | sudo -s bash

Manage devices

With the Remote-Iot service, you may manage thousands of devices at the same time including monitoring CPU, Memory and Network usage, performing any actions and running batch jobs on devices.

Monitor device

When click the device, the monitoring CPU, Memory and Network usage show in the below panel.

monitor

Connect device

R-click the device, select the 'Connect' command in the context menu and input the TCP port which you want to connect.

connect

You can then use the returned host name and port number to connect your device. Please copy and paste the host name and port number into your client tools.

port

Execute Script

You may run these batch jobs on thousands of devices at the same time. Please click the 'New Job' button in the 'Batch Jobs' page.

newjob

Select these devices and specify the 'Execute Time' and the command or script file.

job

Upload files

You may upload a file into thousands of devices at the same time. Please click the 'Upload' button in the 'File Upload' page.

upload

Specify the upload target folder and the 'Execute Time' and click the 'Upload File' button.

upload file

Group and User

Users and groups are used on Remote-Iot for access control. Device and users may be grouped together into a "Group". Users can only access these devices under their group.

Create group

Click the "Add" button in the Groups page.

group

Add user

Add a user and assign the user to a Group. Click the "Add" button in the "Users" page. If users don't assign to a group, they can access all devices.

user

Assign a device to a Group

The administrator can assign a device to a Group. R-click the device in the device page and select the "Change Group" command.

change group