Skip to content

Overview

What is remote access?

Remote access is the option to get access to distributed devices behind firewalls, NATs or other network infrastructure such as cellular or satellite. Typically, these devices use a firewall and close all inbound ports. Thus it is not possible to use simple tools like ssh directly to achieve access. With a remote access solution (sometimes also referred to as a VPN) it is possible to securely access these devices. This solution allows access on any port and even port forwarding to other devices in the target network. Please note that the remote access functionality can be dynamically disabled within settings or fully disabled from the agent side.

How does remote access work?

The agent has a remote access feature. That allows a secure tunneled connection between a local machine and the remote device. Here is a description of the architecture. There are specific features and facts that are interesting to know:

  • remote access works solely over TCP on port 443 (https)

  • security is achieved with TLS and unique keys on all devices

  • all ports on the agent device can be closed

  • no need to know location or IP address

  • remote access can be disabled in settings

  • remote access can be fully disabled on the agent side

  • there are geographically distributed servers for low latency

  • it uses a very low bandwidth when the tunnel is not in use

  • immediate response when accessed

Please note that remote console sessions in the UI are timed out after 5 minutes of inactivity for security purposes.

Different options for achieving remote access

The platform offers different ways of accessing a remote device. The fastest way is through the web based access, but then access is limited to command line. With the qbee-connect tool and qbee-cli access to all ports is possible which allows for very advanced use cases.

Web based remote access

This is the fastest way to access any device. Just go to the device tab in the web application, find and select your device and press the "Open console" button.

Open console

This will open a new terminal window. If it does not appear it might be blocked by your browser.

Using the qbee-connect tool

Using the qbee-cli tool

Advanced remote access - ssh port forwarding

The remote access solution is designed to allow ssh port forwarding. This enables devices in a local network to forward services from other devices. So a device in an industrial network would be capable of forwarding the UI of an HVAC unit or the UI of a Modbus device. This mandates that those devices offer their service on an accessible port, that the agent in the remote network has a public ssh key of the local machine and that either qbee-connect or qbee-cli is used.