Accessing with Secure Tunnel Communication Protocols

Overview

The IoT platform offers secure tunnels that enable communication between applications and devices. By using the secure tunnel communication protocol, a WebSocket channel can be established to remotely connect to IoT platform devices on the enterprise intranet from an external network.

You can remotely log in to the device using the secure tunnel on the application side (remote SSH login service), and perform operations such as device configuration update, diagnosis, and O&M change.

Secure Tunnel Service Interaction Process

Accessing through the secure tunnel communication protocol involves two main steps.

• Connection establishment (steps 1 to 6 in Figure 1): Secure tunnel connections are established between the platform (server) and the application and between the platform (server) and the device. Remote O&M is available only after both connections are established. For details about the interface for establishing a WebSocket connection for a secure tunnel, see Establishing a WebSocket Connection over a Secure Tunnel.
• Message exchange (steps 7 to 14 in Figure 1): The application and device use the WebSocket-based secure tunnel protocol for message communication to perform service operations such as device configuration update, diagnosis, and O&M change. For details about the data format of message communication, see Exchanging Messages Through Secure Tunnel Protocols.

Constraints

• By default, each device can only have one tunnel. There can only be one WebSocket connection between the device and the platform. If a new connection is established, it will automatically disconnect the previous one.
• By default, a tenant can create up to 1,000 tunnels.
• The maximum size of data that can be transmitted by WebSocket at a time is 10 KB.
• Tunnels can be created only when devices are online.
• A tunnel can be deleted only when it is disabled.