ThingWorx Edge .NET SDK > ThingWorx Edge .NET SDK Reference > .NET SDK: TunnelManager Class
  
.NET SDK: TunnelManager Class
The .NET SDK has full support for application tunneling. Application tunnels allow for secure, firewall-transparent tunneling of TCP client/server applications such as VNC and SSH. To use the tunneling capabilities of the .NET SDK, you must initialize the tunnel manager singleton.
See the following sections for more details:
TunnelManager Singleton
Methods of the TunnelManager Class
Additional Settings for Tunneling
TunnelManager Singleton
The TunnelManager singleton may be retrieved by using the getTunnelManager() method on the ConnectedThingClient class, and initialized by calling the Initialize() method using a ClientConfigurator object.
When new tunnels are requested by the ThingWorx platform, the tunnel manager creates a new tunnel. These tunnels establish an independent WebSocket back to the ThingWorx platform. By default, these WebSockets connect back to the same host/port that the API uses, as well as the same TLS certificate validation criteria. You can override these defaults by setting the appropriate values in the ClientConfigurator object passed to the Initialize() method.
Methods of the TunnelManager Class
The following methods are available on the TunnelManager class:
Initialize—Initializes the TunnelManager.
Shutdown—Shuts down the TunnelManager.
StopTunnel—Shuts down a specified tunnel. This method takes the following parameters:
id—The identifier of the tunnel to shutdown.
msg—Message to be logged.
StopAllTunnels—Shuts down all tunnels.
TunnelStateChanged—Event triggered when the state of a tunnel changes
UpdateTunnelServerInfo—Updates the host, port and Application Key that the tunnels use to connect to the ThingWorx platform that is requesting a tunnel. This method takes the following parameters:
host—The new host name to use.
port—The new port to use.
appkey—The new Application Key to authenticate against the ThingWorx platform requesting the tunnel.
* 
The only authentication you can use for tunneling is an Application Key.
Additional Settings for Tunneling
The following parameters can be used in the ClientConfigurator to override the default settings of the TunnelManager:
TunnelManagerInfo.Host—The IP address or domain name of the ThingWorx platform that requests the tunnel.
TunnelManagerInfo.Port—The number of the port to use for the tunnel on the server.
TunnelManagerInfo.Claims—The Application Key to use to authenticate against the ThingWorx platform that requests the tunnel.
TunnelManagerInfo.EnableFipsMode—Set to true to enable FIPS mode for TLS providers that support it.
TunnelManagerInfo.AllowSelfSignedCertificates—Set this property to true to accept self-signed certificates.
TunnelManagerInfo.DisableCertValidation—Set this parameter to true to tell the TLS library that it should not validate certificates.
* 
In a production environment, it is strongly recommended that, for security reasons, you set both AllowSelfSignedCertificates and DisableCertValidation to false.
TunnelManagerInfo.X509Fields—Supply the fields of an X.509 certificate to be validated. Note that null values are not be checked against the received certificate, while non-null values are checked. The following fields are typically validated:
Subject.cn—The common name of the subject in the certificate.
Subject.o—The organization of the subject in the certificate.
Subject.ou—The organizational unit of the subject in the certificate.
Issuer.cn—The common name of the issuer in the certificate.
Issuer.o—The organization of the issuer in the certificate.
Issuer.ou—The organizational unit of the issuer in the certificate.