ThingWorx WebSocket-based Edge MicroServer (WS EMS) and Lua Script Resource (LSR) > Additional Configuration of WS EMS > Configuring Edge Settings for Tunneling
Configuring Edge Settings for Tunneling
Application tunnels allow for secure, firewall-transparent tunneling of TCP client/server applications, such as VNC and SSH. As long as the WebSocket connection between the edge device and a ThingWorx platform is secure (for example, uses an SSL/TLS certificate), the client/server applications can run securely. How is this possible? The application opens a second WebSocket to the same host and port that is used for other communications between the edge device and the platform. You do not need to open other ports in the firewall to run these applications. However, it is important to note that it connects to a different URL that is specifically for the tunnel.
Only TCP client/instance applications are supported at this time. UDP is not supported.
Configure tunneling for your WS EMS when you want to be able to access remotely the edge device that is running WS EMS. You can remotely access such a device through a remote desktop session (for example, UltraVNC) or remote terminal session (for example, SSH). By default, tunneling is enabled for the WS EMS. For the most part, if you are using UltraVNC or SSH, the default settings in the configuration file will suffice. Here are the default tunnel settings that you will find in config.json.complete:
// Default tunnel settings. All of these may be overridden
// by the server when a tunnel is initialized.
"tunnel": {
"tick_resolution": 5,
"buffer_size": 8192,
"read_timeout": 10,
"idle_timeout": 300000,
"max_concurrent": 4
You can modify the default tunnel settings by adding them to the config.json configuration file for your WS EMS. They may also be overridden by the ThingWorx platform.
The following table lists and briefly describes the tunneling configuration properties:
Tunnel performance can be greatly affected by tick resolution. The tick resolution determines how fast a tunnel manager checks the status of its managed tunnels. The smaller this value, the faster the tunnel responds. Tick resolution is especially important when running multiple tunnels concurrently, but be aware that a smaller tick resolution consumes more CPU resources. The default value is 5 ms. See also Running on a Windows-based Operating System.
The size of the buffer to use for tunneling. This setting can be overridden by the ThingWorx instance. The default value is 8KB (based type is NUMBER).
The number of milliseconds that the WS EMS waits before timing out a socket read. This value can be overridden by the ThignWorx instance. The default value is 10 ms. (type: NUMBER)
The number of milliseconds that the connection is idle before WS EMS times it out. This value can be overridden by the ThingWorx instance. The default values is 30000 ms (5 minutes). (type: NUMBER)
The maximum number of tunnels that the WS EMS allows to exist at the same time. The default value is 4 concurrent tunnels. (type: NUMBER)