Client and server connectivity
FactoryTalk Remote Access
securely connects local with remote devices through the Internet.Remote devices operate as clients towards the Server Infrastructure. In fact, they communicate through outbound connections, as allowed by firewall settings. In return, the Server Infrastructure receives inbound connections from remote devices.
NOTE:
See System architecture for further information on this subject.
Access Server
The access server supports the
FactoryTalk Remote Access Manager
connection and authentication.When the Runtime connects to the Access Server for the first time, it obtains a signed identity file that contains the device UID as assigned in the
FactoryTalk Remote Access Manager
domain.
NOTE:
Once a router is registered to an organization, it cannot be registered to another organization until it gets deregistered first by an admin user. This is made possible by linking the actual device identity to the hardware UID.
Relay Server
A Relay Server provides data transaction during a remote access session among the
FactoryTalk Remote Access Manager
, Tools and Runtime. Relay Servers allow both the FactoryTalk Remote Access Manager
and Runtime to stay safe behind their firewalls.FactoryTalk Remote Access Manager
and Runtime automatically choose the Relay Server to use from a pool of available servers list provided by the Access Server.To select the best Relay Server for a remote access session, both
FactoryTalk Remote Access Manager
and Runtime perform a connection test to all Relay Servers and assess the network performances of each of them. The test results provided by both FactoryTalk Remote Access Manager
and Runtime are then combined and compared to select the best performing Relay Server.The sections below describe some necessary protocol settings.
TCP protocol
To enable the communication service between the Internet protocol and the
FactoryTalk Remote Access Manager
, at least one of the following TCP ports of the remote services shall be set to open on the main servers of the Server Infrastructure. The ports listed below are set as default and can be accessed and viewed through the computer settings.- 80
- 443
- 5935
Furthermore, both the Runtime and router need to resolve the Infrastructure servers IP address through a dedicated domain name resolution server (DNS). To enable this process, the following ports shall be set to open:
- TCP 53
- UDP 53
The connection from clients to the Access Server uses TLS 1.2 with certificate authentication. Clients can use the default TCP 443 outgoing port or can be configured to use port 80 or 5935 (TLS is still in use), depending on which solution is best to comply with local IT policies. Clients automatically test available outgoing ports, but they can be configured to operate with a fixed port.
NOTE:
Access Servers are redundant and fault tolerant.
NOTE:
FactoryTalk Remote Access Tools and Runtime need to be able to connect to the following addresses:
- accessserver.cloud.rockwellautomation.com
- ubiquityrs1.asem.it
- ubiquityrs2.asem.it
- ubiquityrs3.asem.it
- ubiquityrs4.asem.it
- ubiquityrs5.asem.it
- ubiquityrs6.asem.it
- ubiquityrs7.asem.it
- ubiquity.asem.it
Remote devices and the router then search for any open port to establish a server connection and consequently an end-to-end connection.
These settings allow you to locate each device by its own IP address within the network through the
FactoryTalk Remote Access
Tools.
NOTE:
See FactoryTalk Remote Access Manager Tools for further information on this subject.
SSL/TLS protocol
All of the connections available in the
FactoryTalk Remote Access Manager
are made through an SSL/TLS protocol, regardless of the port used for each connection. This protocol allows for a safe and private data transaction between the server and Runtime.
NOTE:
Access Servers use an SSL server certificate signed by a Certification Authority (CA) to authenticate content transferred through web servers.
SNTP protocol
The UDP 123 port shall be set to
open
, to allow the clock synchronization through the SNTP protocol.Provide Feedback