What's New in ThingWorx Remote Access Extension and ThingWorx Remote Access Client?
This topic explains what has changed in the releases of the ThingWorx Remote Access Extension (RAE), v.1.2.0, and the ThingWorx Remote Access Client (RAC), v.1.1.0. It also explains how to upgrade the RAE and RAC.
In general, these products have been updated for ThingWorx Platform, v.8.5.2 and to support the use of nonce keys (one-time use keys) on a ThingWorx WebSocket endpoint that supports only these keys. The next section provides more details about the new endpoint.
WebSocket Endpoint for Remote Access
To ensure only RAC connections can connect and perform RAC activities on a ThingWorx Platform endpoint, a new WebSocket endpoint has been added to the ThingWorx Platform for v.8.5.2. This new endpoint enhances security for RAC connections and, more generally, provides additional options in managing edge connectivity. The feature includes:
• A new ThingWorx Temporary WebSocket (TWS) endpoint on the ThingWorx Platform to handle short-lived, user traffic. This WebSocket is created and available when the ThingWorx Platform starts. It uses the ThingWorx AlwaysOn protocol.
• A new single-use authentication key, called a nonce key. This WebSocket accepts nonce keys only when authenticating a connection. It does not accept application keys. In all other aspects, the TWS acts like the WS endpoint.
• An updated RAC to use the new endpoint and nonce key.
The new TWS endpoint enables the separation of user-based WebSocket traffic from remote device traffic. This endpoint is specifically designed to handle temporary remote access client and other short-lived traffic.
TWS connection and endpoint requirements include:
• A connection must be established using a one-time key called a NonceKey.
◦ A NonceKey is short-lived and associated with the user that creates it.
◦ A NonceKey is created via the RAClientLinker widget. It calls the EntityServices.GetClientNonce() service on the ThingWorx Platform.
◦ A NonceKey is removed from the ThingWorx Platform once it is used to authenticate a ThingWorx connection or once the NonceKey expires (TTL is 15 seconds).
• The ThingWorx Always On protocol is the only protocol supported over this connection.
The table below lists and briefly describes additional changes for the releases of the Remote Access Extension and Remote Access Client:
Additional Enhancements
ID
|
Description
|
RAE-153
|
The ComposerUsers group is permitted to invoke the GetClientNonce service on the ThingWorx Platform. This enables users assigned to this group to run remote sessions using the ThingWorx Remote Access Client.
|
RAE-176
|
The RAClientLinker widget that is provided in the Remote Access Extension now forwards the user to a tw-ra-client URL that contains a NonceKey. The retry feature creates a new NonceKey each time it retries the connection.
|
Upgrading the Remote Access Extension and Remote Access Client
To upgrade to RAE 1.2.0, and RAC 1.1.0:
1. Follow standard ThingWorx guidance on upgrading the ThingWorx Platform to version 8.5.2.
2. Install the updated Remote Access Extension (RAE), v. 1.2.0, and restart the ThingWorx Platform for the new extension to take effect.
3. Remove all older Remote Access Clients that work with older versions of ThingWorx Platform and the RAE (v.1.1.0 and earlier). Then install the latest version of the RAC for each user, version, 1.1.0.
|
Once the RAE has been upgraded and the platform restarted, Remote Access Clients that are older than v.1.1.0 will stop working. That said, the RAC v.1.1.0 will work with older versions of the RAE as is.
|
Issues Fixed in RAE v.1.2.0 and RAC v.1.1.0
As part of PTC's ongoing efforts to improve security, the 1.2.0 release of the RAE and the 1.1.0 release of the RAC include software fixes for potential security issues, as well as additional issues proactively identified by vulnerability scanning software or PTC QA testing. PTC strongly recommends upgrading to the latest versions of the Axeda Compatibility Package and the RAC as soon as possible to take advantage of security enhancements.