Configuring a Remote Access Endpoint
The remote_session_allowlist.json file is used to configure the remote access endpoints.
"interfaces": [
{
"name": "ssh",
"host": "localhost",
"ports": 22
},
...
]
The allowlist consists of a series of interface objects, implemented as an array of JSON objects. Each object in the array of interfaces must have a name, host, and ports value. Both the name and host must be strings, and the name should match the interface name used in the platform definition. host must be either a host-name or an IP that exists on the local area network on which the edge device is running.
You can define ports and ranges of ports in the ports field in several different ways:
• Single Port Value— "ports" : 22
• Multiple Port Values— "ports" : [8080, 8443]
• Range of Port Values— "ports" : "2020-2030" or "ports" : "2020-2030, 8080, 8443"
|
All remote access endpoints with the same name must also have the same ports values. Remote access endpoints with the same name should only differ by the host value.
|
Below is an example of the remote_session_allowlist.json file for several example interfaces:
{
"allowlist": {
"interfaces": [
{
"name": "ssh",
"host": "127.0.0.1",
"ports": [22]
},
{
"name": "ssh",
"host": "10.10.10.1",
"ports": [22]
},
{
"name": "ssh",
"host": "10.10.10.2",
"ports": [22]
},
{
"name": "plc",
"host": "10.0.0.1",
"ports": "2020-2050,3030"
},
{
"name": "advanced",
"host": "17.0.0.7",
"ports": {
"listen_ports": "2020-2050, 3030",
"connect_ports": [8080,8443]
}
}
]
}
}
Setting up RSEE to Support Duplicate Tunnel Names
When the RSEE agent is deployed as a gateway that manages other edge devices in the same local network, the tunnel’s endpoints for the managed edge devices are included in the in the same file that contains the endpoints for the gateway, for example, remote_session_allowlist.json file. To enable the reuse of a name across edge devices, another unique identifier is required. From the example scenario depicted in the following figure, the host value can be leveraged to distinguish between the edge devices or remote access endpoints with the same name and ports value.
Below is an example of the remote_session_allowlist.json file for this scenario.
{
"allowlist": {
"interfaces": [
{
"name": "rdp",
"host": "127.0.0.1",
"ports": 3389
},
{
"name": "rdp",
"host": "192.168.1.10",
"ports": 3389
},
{
"name": "rdp",
"host": "192.168.1.11",
"ports": 3389
}
]
}
}
The property endpoints in the Remote Thing that represents the gateway on the ThingWorx Platform contains endpoints for both the gateway and its associated edge devices. Therefore, when selecting a specific tunnel in a mashup, you need to differentiate between them by more than the tunnel name.
If the tunnel names are different, then using the RemoteEndpoint in the raClientLinker widget is enough.
When the tunnel names are the same for both the gateway and its associated edge devices, the ProviderConfig property of the raClientLinker widget must be populated using the providerConfig value associated with the appropriate tunnel name. The providerConfig value can be obtained from the service GetRemoteAccessibleEndpoints available in the RemoteAccessible ThingShape.
Below is an example of the ProviderConfig for a gateway:
{
"connectionInformation": [
{
"startPort": "3389",
"type": "C"
}
],
"name": "rdp",
"host": "127.0.0.1"
}
Below is an example of the ProviderConfig for Edge Device 1:
{
"connectionInformation": [
{
"startPort": "3389",
"type": "C"
}
],
"name": "rdp",
"host": "192.168.1.10"
}