What problem does my-devices.net solve?
Many embedded devices are equipped with a built-in web server for configuration, control
or monitoring purposes.
This would be a great tool for remote access to the device. However, access to
the device's web server from a remote location is rarely possible.
Embedded devices in the field are often connected to private
networks behind NAT routers or firewalls. This is especially true for
consumer electronics devices like set-top-boxes, home
automation/networking devices or smart metering devices, which are
typically located behind a NAT broadband router. Even devices connected
to a mobile network such as GSM/GPRS or UMTS in most cases do not have
public IP addresses and thus are not directly reachable.
Existing solutions to this problem like Virtual Private Networks (VPNs)
or NAT port forwarding are complicated to setup and operate, and don't work
in all cases.
How does my-devices.net work?
my-devices.net uses a simple extension of the HTTP protocol known as
Reverse HTTP is based on a simple modification of the well-known and
proven HTTP protocol that drives the internet. The only difference to
HTTP is who is setting up the network connection which is used for
sending HTTP requests and receiving their responses. In HTTP, the client
(web browser) is responsible for opening a connection to the web server,
over which it then sends the requests. In Reverse HTTP, it's the server
that sets up the connection. Since the Reverse HTTP server does not know
its clients, and would not even be able to create a direct network
connection to each client (as clients are usually behind a NAT router or
firewall), the Reverse HTTP server opens a connection to a special
server called the Reverse HTTP Reflector. For this to work, the Reverse
HTTP Reflector must be accessible over the internet. Once the connection
between the device and the reflector server has been established, the
reflector uses this connection to send HTTP requests to the device.
Where do this HTTP requests come from? The Reverse HTTP Reflector also
contains a standard HTTP server, which accepts requests from clients
(web browsers). These requests are then simply forwarded to the device,
using the device’s Reverse HTTP connection. Setting up the initial
Reverse HTTP connection between the device and the reflector server is
almost always possible as long as the device can access the internet. It
even works through a HTTP proxy server because the initial Reverse HTTP
message exchange is plain HTTP(S).
In a typical usage scenario, more than one device will be connected to a
reflector server. Therefore, when the reflector receives a HTTP request
from a client, it needs to find out to which device the request must be
forwarded. The domain name system (DNS) is used for that purpose, by giving
every device a unique domain name (e.g.: device1.my-devices.net).
This requires setting up a wildcard DNS
record in the DNS server which resolves all requests for
*.my-devices.net to the reflector server reflector.my-devices.net. The
reflector server can then use the Host header in the HTTP request
together with an internal table to associate the request with a device
and forward it appropriately.
Is my-devices.net secure?
Short answer: Yes! Long answer: Three features make my-devices.net secure.
First, both connections, from the device to
the reflector server and from the client browser to the reflector server
are encrypted using SSL/TLS. Second, the device does not need to
have any ports open. The reflector server (and only the reflector server)
can send requests to the device only over the Reverse HTTP connection
initiated by the device. Third, any requests to the device over the
reflector server require authentication with username and password.
How can I connect my own devices to my-devices.net?
There are three ways to connect a device to my-devices.net.
First, if the device is using the POCO C++ Libraries
and the web server provided by the POCO libraries, then making the device connect to my-devices.net
is as simple as linking another library and adding a few lines
of setup code.
Second, devices using almost any web server can be connected
using our Reverse HTTP proxy server software (PTTHProxy). This software
will set-up a secure connection to the reflector server and forward
incoming requests to the device's web server. The Reverse HTTP proxy
server can run directly on the device, or it can be run on a separate
device or PC.
Third, for devices that are not capable of running the standard Reverse HTTP proxy
software (smaller, microcontroller-based devices with only a few KBytes of RAM), the
Reverse HTTP protocol can be implemented directly in the device's firmware.
My device has a REST or SOAP API. Can I access it with my-devices.net?
Yes, the reflector server transparently forwards HTTP requests to device, so my-devices.net
can also be used to make your device's REST or SOAP API available remotely.
In fact, this makes my-devices.net a great solution for integrating remote devices with enterprise applications.
HTTP requests sent to the device via the reflector server must include authentication information, either in the form
of a session cookie or a special authentication header, so your client software must
support that. Please see the API documentation for
more information regarding authentication.
Can I run my own reflector server?
Yes. Customers wanting to operate their own reflector server
can license the server software from Applied Informatics.
The server software is fully customizable and extensible through plug-ins and
web service APIs, enabling building customer-specific device management
solutions on top of it.
Is there an API?
Yes. Here is the REST API documentation.
Can I learn more about the technology?
Read our white paper to learn more about the technology
behind my-devices.net or contact us for more information.