ThingWorx WebSocket-based Edge MicroServer (WS EMS) and Lua Script Resource (LSR) > Features of the ThingWorx WS EMS
  
Features of the ThingWorx WS EMS
The ThingWorx WS EMS includes the features that are described in the sections below. Together, these features allow your edge devices to communicate with the ThingWorx platform.
AlwaysOn Protocol
The ThingWorx AlwaysOn protocol is a binary protocol that uses the WebSocket protocol as its transport. The WS EMS uses the AlwaysOn protocol for communications with WS EMS. This protocol provides a number of benefits:
The devices that are running a WS EMS initiate all connections, which eliminates the need to open ports for inbound connections if the edge devices are deployed behind a firewall.
The AlwaysOn protocol uses HTTP and the standard HTTP/HTTPS ports (80 and 443) to initiate and maintain connectivity, which eliminates the need for opening secondary ports for outbound communications.
The protocol supports the TLS standard for securing the connection to a ThingWorx platform. See the section on security below for more information.
Once a connection is established, AlwaysOn binary messages are passed between the edge device and ThingWorx platform. AlwaysOn binary messages do not require re-initiating the HTTP connection for each request and therefore do not require the additional overhead of the standard HTTP messages. A ping/pong exchange of messages between a WS EMS and a ThingWorx platform keep the connection alive during periods when the connection might be closed due to inactivity..
The connections are persistent, which allows the WS EMS to make outbound requests to an edge device. ThingWorx platform can send requests to read or write properties, and to invoke services at the device, all with very low latency.
For devices that need to be offline or that do not need to be constantly connected, the WS EMS also supports duty cycle modulation. This feature allows developers to configure the periods of time that the device running the WS EMS will be online and offline. For more information, see Configuring Duty Cycle Modulation.
Security
The following default settings for the configuration of WS EMS support secure communications:
Encryption — By default, the WS EMS always attempts to connect to a ThingWorx platform using TLS.
Certificates — By default, the WS EMS attempts to validate the certificate presented by ThingWorx during TLS negotiation.
* 
Starting with release 5.4.0 of WS EMS, distribution bundles for both Linux and Windows that have "openssl" in their file names provide OpenSSL binaries, v.1.0.2L, for secure connections. This version of OpenSSL uses TLS v.1.2. The distribution bundles with "axtls" in their file names provide the axTLS library. axTLS uses TLS v.1.2. By choosing the distribution bundle, you choose the backend security libraries for your WS EMS.
The WS EMS distribution bundles that include "openssl" in their names also include the OpenSSL FIPS Object Module 2.0.2 (FIPS 140-2 certificate #1747), which has been certified to comply with the FIPS 140-2 standard security requirements for cryptographic modules by the National Institute of Standards and Technology of the United States of America, as the United States FIPS 140-2 Cryptographic Module Validation Authority. FIPS mode is configurable (disabled by default) and works on supported Linux and Windows platforms.
Lua Script Resource
The optional Lua Script Resource is a statically linked application that is used to run Lua scripts and configure things (devices) for integration with the host system. The Lua Script Resource supports secure HTTP connections, and as of release 5.4.0, you can customize the certificate/private key that you want to use.
HTTP Interface for REST Web Services
In addition to the AlwaysOn interface, the WS EMS has an HTTP interface that supports REST Web Service calls. This HTTP interface allows other applications to interact with a ThingWorx platform through the AlwaysOn connection of the WS EMS. Since this other interface is HTTP, a custom application or the Lua Script Resource can be on a machine that is separate from the WS EMS and still communicate with it. The HTTP/REST interface of the WS EMS is a reflection of the REST interface of WS EMS.
Support for ThingWorx SCM Extension in ThingWorx Asset Advisor
The WS EMS and LSR support the use of the ThingWorx SCM Extension for the ThingWorx platform. If you have this extension and ThingWorx Asset Advisor installed (imported) on your ThingWorx platform, you can use SCM to send software and firmware updates to edge devices that are running WS EMS or the LSR. To set up SCM for your devices, see XREF