What's New in the ThingWorx Remote Access Client
This topic provides release notes for the versions of the ThingWorx Remote Access Client (RAC) in the following sections. Click each section title to display the content. Click the title again to hide the content.
Security Improvements in All Releases
Each release of the Remote Access Client (RAC) includes security-related updates, as follows:
• Fixed potential security issues, including items proactively identified by vulnerability scanning software or PTC Quality Assurance testing. Please upgrade as soon as possible to take advantage of these important improvements.
• See this technical support article for important recommendations regarding the use and update of third-party software for ThingWorx.
 | Although PTC has taken care to harden ThingWorx against a variety of attack vectors, individual users still have a responsibility to operate the application in a safe manner. This includes avoiding navigating to malicious web sites, importing unsafe content into the ThingWorx Platform, and similar cybersecurity best practices. |
ThingWorx Remote Access Client (RAC) 2.6.0
The ThingWorx Remote Access Client (RAC), 2.6.0, includes the following enhancements:
• Added a Logging Settings option in the RAC user interface settings that enables you to specify the logging settings of the RAC instance. For more information, see Configuring Data Logging for RAC.
• The IP addresses and port numbers of RAC connections are now displayed when RAC is configured to display DEBUG level logs.
• Warning, Info, and Error level messages for each session are now displayed under the session section in RAC. For more information. see ThingWorx Remote Access Client (RAC).
ID (SFID) | Description |
|---|---|
RAC-1108 | Fixed an issue where running RAC on Mac OS for the first time shows the following warning message: Apple can’t check app for malicious software |
RAC-1145 | Fixed an issue that was causing RAC to fail when the log4js.json file was configured incorrectly. RAC now launches using default logging settings when the configuration file contains errors. |
RAC-1154 | Fixed an issue that was causing RAC to fail randomly when establishing remote SSH sessions. |
TW-93437 | Fixed an issue that prevented remote tunnel connections in a cancelled state from getting cleared correctly. |
ThingWorx Remote Access Client (RAC) 2.5.0
The ThingWorx Remote Access Client (RAC), 2.5.0, includes the following enhancements:
• Added support for using custom certificates for connections between RAC and GAS or directly to ThingWorx. For more information, see Configuring RAC to Use Custom Certificates.
• Added a property that enables you to set a custom folder location for custom certificates in the config.json file. For more information, see Configuring RAC Using a JSON File.
ID (SFID) | Description |
|---|---|
RAC-1082 | Fixed an issue that caused auto-launch commands to execute multiple times when starting a new session. |
RAC-85 | Fixed an issue that caused the bytes transferred value displayed in RAC to not match the BytesTransfered value of the RemoteAccessSubsystem.GetSessions service. |
ID (SFID) | Description |
|---|---|
RAC-1108 | Running RAC on Mac OS for the first time shows the following warning message: Apple can’t check app for malicious software To work around this issue, follow the steps that are described in the following article. |
ThingWorx Remote Access Client (RAC) 2.4.0
The ThingWorx Remote Access Client (RAC), 2.4.0, includes the following enhancements:
• Added support for parameter substitution within Auto Launch commands that are executed on the Remote Access Client. To support this feature, a bindable JSON property named AutoLaunchParams was added to the RemoteAccesClientLinker widget. See Configuring Auto Launch Commands using JSON Data from the RemoteAccessClientLinker Widget.
• Added a property that enables you to set the maximum WebSocket frame size in the config.json file. For more information, see Configuring Data Logging for RAC.
ID (SFID) | Description |
|---|---|
RAC-920 | Fixed an issue that caused masked parameters within auto launch commands to display when special characters are used. |
RAC-898 | Fixed an issue where RAC did not include the TLS Server Name Indication (SNI) extension when connecting to GAS. |
ThingWorx Remote Access Client (RAC) 2.3.1
The ThingWorx Remote Access Client (RAC), 2.3.1, provides support for automatically launching commands and applications when starting remote sessions. Setup and configuration is supported using services within the Remote Access Extension (RAE). For more information about these enhancements, see Configuring Auto Launch on the ThingWorx Platform.
ID (SFID) | Description |
|---|---|
RAC-747 | Fixed an issue that was preventing the RAC from connecting to any ThingWorx Platform instance that uses a Let’s Encrypt certificate. |
RAC-814 (15949422 & 16065336) | Fixed an issue that was causing the RAC to crash when transferring large files. |
ThingWorx Remote Access Client (RAC) 2.2.2
The ThingWorx Remote Access Client (RAC), 2.2.2 provides software fixes for issues identified in previous releases of RAC. The following table describes the fixed issues:
ID (SFID) | Description |
|---|---|
RAC-103 (15895496) | Updated RAC to use a maximum channel ID of 2048 to match a restriction of the Axeda Agents. |
RAC-711 (15954705) | Fixed an issue that was causing browser sessions to terminate early. |
RAC-721 (16046429) | Updated the Windows installer signing certificate to have an expiration date that is not expired. |
As with all versions of RAC, this version is backward compatible with all versions of the ThingWorx Remote Access Extension (RAE). However, to use the following features, you must be using RAE 3.0.0 or later:
• Global Access Server (GAS) support
• Policy Server support
• IP Cycling
ThingWorx Remote Access Client (RAC), 2.2.1
The following features were added to RAC 2.2.1, but are supported only if you have installed the ThingWorx Remote Access Extension (RAE), 3.0.0 or later on your ThingWorx Platform.
ID | Description |
|---|---|
RAC-463 | The RAC supports IP cycling. Instead of using port cycling, you can now use IP address cycling when starting remote sessions. |
RAC-406 | Integrated RAC with Policy Server. The RAC 2.2.1 and later, when used with 3.0.0 of the ThingWorx Remote Access Extension (RAE), can process the status, AWAITING_AUTHORIZATION for remote sessions. |
For details about RAC, refer to the topic, ThingWorx Remote Access Client (RAC).
For more information about the features of RAC that are enabled by RAE 3.0.0, refer to the following topics:
• Global Access Server (GAS) support — Support for Axeda and ThingWorx Global Access Servers
• Policy Server support — Remote Access: When Using Policy Server
• IP Cycling — IP Cycling for the Remote Access Client (RAC)
ThingWorx Remote Access Client (RAC), 2.1.0
ThingWorx Platform 9.1.0 supports Java 11, more specifically Oracle JDK 11 and Amazon Corretto 11 (OpenJDK). The ThingWorx Remote Access Extension (RAE), 2.2.1, and Remote Access Client (RAC), 2.1.0 have been certified to run with 9.1.0 of the platform.
| | Java 11 has deprecated JNLP. With an upgrade to Java 11, JNLP does not work. ThingWorx uses the RAC for tunneling (remote sessions) with Edge devices. Use RAC to initiate a tunnel. If any of your users are on JNLP, tell them to install the RAC instead. The RAC can be downloaded from the ThingWorx Remote Access Client Downloads page. Always download the latest version of RAC; it is backwards compatible with RAE and ThingWorx Platform. Click the link for your operating system to download the installer to run on your system. |
ThingWorx Remote Access Client (RAC), 2.0.0
The major change in the ThingWorx Remote Access Client, 2.0.0, is that it has been updated to work in a ThingWorx High Availability (HA) Clustering environment. Here is a summary of changes:
• For remote access in a ThingWorx High Availability (HA) Clustering deployment, you must install a ThingWorx Connection Server to enable RAC to communicate with the ThingWorx Platform instances in the cluster. The Connection Server essentially serves as a proxy for remote access sessions. RAC needs a Connection Server to start, stop, and otherwise manage sessions.
• For remote sessions in an HA environment, the command channel of the RAC uses the Connection Server to communicate with the ThingWorx Platform instances. Two RACs can establish an AlwaysOn tunnel through the same Connection Server. No special configuration of the Connection Server is required for this support. This routing is the way that the RAC 2.0 prefers to connect to a ThingWorx Platform that supports the TWS endpoint. However, if you are using a load balancer configuration that is path-based, you need to make sure to allow the /TWS path.
 | To accommodate remote access in an HA environment, the default idle timeout for tunneling in the Connection Server has been increased from 30 seconds to 300 seconds. This value matches the default value used in the RAC workflow in an HA environment. |
• The RAC nonces are in shared state across instances of ThingWorx Platform in an HA cluster environment. Once nonces are used, they are removed from shared state, regardless of which instance used them. When a RAC connects with a nonce, the mashup waiting on the connection is notified.
ThingWorx Remote Access Client (RAC), v.1.1.0
This section explains what changed in the releases of the ThingWorx Remote Access Client (RAC).
In general, RAC has been updated for ThingWorx Platform, 8.5.2 and later to support the use of nonce keys (one-time use keys) on a ThingWorx WebSocket endpoint that supports only these keys.
WebSocket Endpoint for Remote Access
To ensure only RAC connections can connect and perform RAC activities on a ThingWorx Platform endpoint, a WebSocket (WS) endpoint has been added to the ThingWorx Platform for 8.5.2. This endpoint enhances security for RAC connections and, more generally, provides additional options in managing edge connectivity. The feature includes:
◦ A ThingWorx Temporary WebSocket (TWS) endpoint on the ThingWorx Platform to handle short-lived, user traffic. This WebSocket is created and available when the ThingWorx Platform starts. It uses the ThingWorx AlwaysOn protocol.
◦ A single-use authentication key, called a nonce key. This WebSocket accepts nonce keys only when authenticating a connection. It does not accept application keys. In all other aspects, the TWS acts like the WS endpoint.
◦ An updated RAC that uses the endpoint and nonce key.
The TWS endpoint enables the separation of user-based WebSocket traffic from remote device traffic. This endpoint is specifically designed to handle temporary RAC and other short-lived traffic.
TWS connection and endpoint requirements include:
◦ A connection must be established using a one-time key called a NonceKey.
▪ A NonceKey is short-lived and associated with the user that creates it.
▪ A NonceKey is created via the raClientLinker widget. It calls the EntityServices.GetClientNonce() service on the ThingWorx Platform.
▪ A NonceKey is removed from the ThingWorx Platform once it is used to authenticate a ThingWorx connection or once the NonceKey expires (TTL is 15 seconds).
◦ The ThingWorx Always On protocol is the only protocol supported over this connection.
Additional Enhancements
The ComposerUsers group is permitted to invoke the GetClientNonce service on the ThingWorx Platform. This enables users assigned to this group to run remote sessions using the ThingWorx Remote Access Client.
Upgrading the Remote Access Client RAC 1.1.0
Before your end users can upgrade to RAC 1.1.0, a ThingWorx administrator needs to complete the following tasks:
1. Follow standard ThingWorx guidance on upgrading the ThingWorx Platform to version 8.5.2.
2. Install the updated Remote Access Extension (RAE), v. 1.2.0, and restart the ThingWorx Platform for the extension to take effect.
3. Remove all older Remote Access Clients that work with older versions of ThingWorx Platform and the RAE (v.1.1.0 and earlier).
Once these tasks are complete, your end users can install and use the RAC v.1.1.0.
| | Once the RAE has been upgraded and the platform restarted, Remote Access Clients that are older than v.1.1.0 stop working. That said, the RAC v.1.1.0 works with older versions of the RAE as is. |
ThingWorx Remote Access Client, v.1.0.4 and v.1.0.2
The following table lists and describes the issue resolved in Release 1.0.4:
Issue ID (SFID) | Description |
|---|---|
TW-65634 (15018378) | Added user-agent header with value "ThingWorx Remote Access Client" to the ThingWorx connection request to the Thingworx/WS endpoint. |
The following table lists and describes the issue resolved in Release 1.0.2:
Issue ID (SFID) | Description |
|---|---|
TW-53558 | The Remote Access Client (RAC) now works as expected on a Mac. Step 11 of the Administrator Setup Tasks in the document, Getting Started with the ThingWorx Remote Access Extension, has been updated to provide the path on a Mac where additional configuration files, such as config.json or log4j.json, should be placed (if used). The document is available through the PTC Support site, Reference Documents page.. |