Remote Access Using the Remote Session Edge Extension (RSEE)
The ThingWorx Remote Session Edge Extension (RSEE) for the ThingWorx Edge C SDK provides remote session capabilities to applications that are developed using the ThingWorx Edge C SDK. The following are components of remote access configuration when using RSEE:
• The ThingWorx Platform
• The ThingWorx Global Access Server 7.1.0 or later, registered with the ThingWorx Platform and connected to the platform directly.
• A remote device that is running a remote access server, such as SSH or VNC, and a ThingWorx Edge C SDK application that uses the RSEE.
• The ThingWorx Remote Access Extension (RAE) imported into the ThingWorx Platform to add the Remote Access Subsystem and entities that are required for remote access.
• The ThingWorx Remote Access Client (RAC)
• The client-side application that is used for the remote access connection, such as an SSH client or a VNC viewer.
The following diagram illustrates the interaction of these components:
In this diagram, the bold lines indicate the remote access tunnel between the user and the C Edge SDK device.
The flow of a remote access session using RSEE with the C SDK follows:
1. The user launches a remote session using an application or a mashup.
2. The mashup initiates the remote session in ThingWorx:
◦ ThingWorx invokes a service on the remote device, indicating it needs to start the remote session and connect to the GAS.
3. The mashup launches RAC.
4. RAC creates a persistent connection to the ThingWorx Platform for messaging and control.
5. RAC establishes a TCP (persistent) connection to GAS.
6. RAC waits in a status polling loop for GAS to notify the ThingWorx Platform that the remote device has connected and the session has started.
7. RAC creates a local port and notifies the user to connect their client to the local port.
8. The user launches the client and connects it to the local machine on the provided port.
9. The client sends data over the connection from RAC through GAS to the remote device and its remote access server.
10. The remote session is established.
Configuring Permissions
The RAE version 3.1.7 adds entities and services that you can run on the ThingWorx Platform to grant permissions and visibility for RSEE Thing devices. RSEE Things must implement the RemoteThing Thing Template and the RemoteAccessible and GASRemoteAccessible Thing Shapes.
Special permissions are required to set up remote access for a non-administrator user. To grant these permissions to a user or an organization, use the GrantRemoteAccessPermissionsGASForThing or GrantRemoteAccessPermissionsGASForTemplate service of the RemoteAccessPermissionServices Thing.
• GrantRemoteAccessPermissionsGASForThing–Grants remote access permission for a Thing.
• GrantRemoteAccessPermissionsGASForTemplate–Grants remote access permission for a Thing Template.
 | When you grant a user access permissions for a Thing Template can access all Things that implement the Thing Template. |
Additional permission are also required to configure application keys for non-administrators. To grant the required permissions for a non-administrator user application key configuration, use the GrantGASRemoteAccessPermissionsForThing or GrantGASRemoteAccessPermissionsForThingTemplate service of the RSEEAppKeyPermissionServices Thing.
• GrantGASRemoteAccessPermissionsForThing–Grants remote access permission for a Thing.
• GrantGASRemoteAccessPermissionsForThingTemplate–Grants remote access permission for a Thing Template.
| | You can use the same application key for all Things that implement a Thing Template. |
For more information, see Managing Security for Remote Access (ptc.com) in the Remote Access help center.