How to remotely connect your device from anywhere?

To access an IoT Device from outside your home network, you'd usually need to jump through a lot of hoops, get an IP address, and tweak a few settings on your home router. If the device is behind a company firewall that does not allow ssh/VNC connections, it will be quite trouble to change the VPN/firewall configuration. Remote-IoT provides one method that skips all of that. Just follow these 3 simple steps below.

Step1: Create a remoteiot account

Before you connect your device, open up remoteiot web site in your browser and create a new account which should just take a minute and is completely free.

Setp2: Install the remoteiot service

Open the terminal of your device or access your device with ssh in your local network and run the following commands to install the remoteiot service.

curl -s -L https://remoteiot.com/install/remote-iot-install.sh | sudo -s bash

sudo /etc/remote-iot/services/setup.sh 'your_login_email' 'your_password' 'device_name'

* Replace the 'your_login_email' and 'your_password' with your account and password of Remote IoT which you just register.

Setp3: Connect your device

Now, open up the portal in your browser and login to the dashboard of remoteiot. You should now see your device in your account device list.

You may select the SSH or VNC to connect and you will be given a hostname (like proxy8.remoteiot.com) and a port (like 10008). Now you can connect to your device as below (assuming a username of pi):

ssh proxy8.remoteiot.com -p 10008 -l 'pi'

The enterprise plan supports the permanent tunnel. You only need to request once and then you can always connect to your device with the same hostname and port.

Architecture

Secure Remote connection

Remote-IoT uses a secure AWS IoT cloud platform to connect to networked devices from anywhere. Remote-IoT provides a secure mechanism for encrypting and encapsulating private network traffic and moving it through an intermediate network. Data is encrypted for confidentiality and wrapped with an IP header containing routing information.

Users can work at home, on the road, or at a branch office to connect in a secure fashion to a remote iot device via the Internet. From the user perspective, the Remote-IoT is a point-to-point connection between the user's computer and an IoT Device. The nature of the intermediate network, the Internet, is irrelevant to the user because it appears as if the data is being sent over a dedicated private link.

Secure Remote Communication

Secure Tunneling

Tunneling is a network technology that enables the encapsulation of one type of protocol packet within the datagram of a different protocol. For example, Windows VPN connections can use Point-to-Point Tunneling Protocol (PPTP) packets to encapsulate and send private network traffic, such as TCP/IP traffic over a public network such as the Internet.

The Remote-IoT tunnel is similar to PPTP. Both of the tunnel endpoints must agree to the tunnel and must negotiate configuration variables, such as address assignment, encryption, or compression parameters. In most cases, data transferred across the tunnel is sent using a datagram-based protocol. The Remote-IoT tunnel management protocol is used as the mechanism to create, maintain, and terminate the tunnel.

After the tunnel is established, data can be sent. The tunnel client or server uses a tunnel data transfer protocol to prepare the data for transfer. For example, when the tunnel client sends a payload to the tunnel server, the tunnel client first appends a tunnel data transfer protocol header to the payload. The client then sends the resulting encapsulated payload across the network, which routes it to the tunnel server. The tunnel server accepts the packets, removes the tunnel data transfer protocol header, and forwards the payload to the target network. Information sent between the tunnel server and the tunnel client behaves similarly.

Advanced Features

Multiport at the same time

For other edition, only one port is supported at the same time. For example, when you connect ssh 22 port, you can't connect the vnc 5900 port. For enterprise edition, you can connect multi-port at the same time.

Permanent Tunnel

For other edition, the port is dynamic and one tunnel are kept for 2-8 hours. After 8 hours, the tunnel is disconnected and the port is changed if you connect it again. For enterprise edition, the connection keeps active and you can always connect your device with the same host and port. You may redirect your (sub)domain name to the certain Permanent Tunnel URL and access your device with your (sub)domain name.

CloudWatch Alarm

You can create a CloudWatch alarm that monitor the sustained state changes such as the connection status, CPU utilization, memory utilization and CPU temperature. For example, when the device is offline, an alert email is sent to your Email account.

Limiting Access by IP Address

Limit the access of your device to specific IP Addresses or a group of IP Addresses.

Global Proxy Server

Our global infrastructure provides low latency and high availability network. You can specify a proxy server near your location in a wide selection of geographic regions of data centers. Also, we can provide the dedicated server and higher bandwidth. Please contact us if necessary.

Install and setup

Install

Type the following command to download the Remote-IoT service into your device.

curl -s -L https://remoteiot.com/install/remote-iot-install.sh | sudo -s bash

Install

Java JVM

Java and the JVM (Java's virtual machine) are required for the Remote-IoT service. If your system doesn't have JVM or you find any ssl exception, please install the recommended OpenJDK 8 which is open-source and also the default Java version of the ubuntu and centos Linux system.

In ubuntu please use the command as below:

sudo apt-get -y remove java*

sudo apt-get -y install openjdk-8-jre-headless

In centos please use the command as below:

sudo yum -y remove java*

sudo yum -y install java-1.8.0-openjdk*

Setup

Type the following command to register Remote-IoT service in your device.

sudo /etc/remote-iot/services/setup.sh 'your_account' 'your_password' 'your_device_name' 'your_note' 'your_group'

setup

Access with domain name

You may wish to have easy access your device with yourself domain name. The Enterprise version support the Permanent Tunnel. You may redirect your (sub)domain to a certain Permanent Tunnel URL.

Select "URL" record type in your DNS management page, put @ (your bare domain e.g., yourdomain.tld) for Host and use http://ipaddress:port for Value (IP address and port should be replaced with the Permanent Tunnel URL):

Firewall setting

Since our service does not require any inbound ports and usually these routing or firewalls do not restrict outbound ports, you normally do not need to setup any special rule in these routes or firewalls.

But if your routes or firewalls restrict outbound message, these outbound ports 80 and 443 to our server remoteiot.com need be allowed.

Batch deployment

For batch deployment in multi devices, please download the Remote-IoT service into your device, add the auto-deploy file with the following command and copy the SD card. The Remote-IoT service is automatically registered when the device boots up.

sudo bash -c 'echo -e "login_email=your_login_email \npassword=your_password \ndevice_name=your_device_name \nnote=your_note \ngroup=your_group" > /etc/remote-iot/auto-deploy'

Disable the monitor data

If you want to save data usage in these mobile devices, you may disable the monitor data with the following command.

curl -s -L https://remoteiot.com/install/disablestat.sh | sudo -s bash

Upgrade

Type the following command to add upgrade script into the crontab job.

echo "0 2 * * * curl -s -L https://remoteiot.com/install/upgrade.sh | sudo -s bash" | crontab

upgrade

Uninstall

Type the following command to remove the Remote-IoT service from your device.

curl -s -L https://remoteiot.com/install/uninstall.sh | sudo -s bash

Manage devices

With the Remote-Iot service, you may manage thousands of devices at the same time including monitoring CPU, Memory and Network usage, performing any actions and running batch jobs on devices.

Monitor device

When click the device, the monitoring CPU, Memory and Network usage show in the below panel.

monitor

Connect device

R-click the device, select the 'Connect' command in the context menu and input the TCP port which you want to connect.

connect

You can then use the returned host name and port number to connect your device. Please copy and paste the host name and port number into your client tools.

port

Execute Script

You may run these batch jobs on thousands of devices at the same time. Please click the 'New Job' button in the 'Batch Jobs' page.

newjob

Select these devices and specify the 'Execute Time' and the command or script file.

job

Upload files

You may upload a file into thousands of devices at the same time. Please click the 'Upload' button in the 'File Upload' page.

upload

Specify the upload target folder and the 'Execute Time' and click the 'Upload File' button.

upload file

Group and User

Users and groups are used on Remote-Iot for access control. Device and users may be grouped together into a "Group". Users can only access these devices under their group.

Create group

Click the "Add" button in the Groups page.

group

Add user

Add a user and assign the user to a Group. Click the "Add" button in the "Users" page. If users don't assign to a group, they can access all devices.

user

Assign a device to a Group

The administrator can assign a device to a Group. R-click the device in the device page and select the "Change Group" command.

change group