We were flabbergasted when in August 2016 (that was two months before the official release of Revolution Pi) TeamViewer did ask us for a RevPi test system. Some weeks later in October we had our first meeting forging a plan for technical collaboration. The bottom line was to enable remote monitoring and control of machines crossing any firewalls and yet following highest security standards.
It took them only until embedded world fair in February 2017 to send us a piece of software running in the background as an “agent” on our RevPi Core. This agent is forwarding the outputs of the integrated web server from the RevPi Core into the internet, crossing firewalls to finally reach a client browser. The agent is using the same reliable and secure techniques for establishing the connection and transferring the data which are used by the famous TeamViewer remote desktop software. When you open your TeamViewer client on a PC you will find any RevPi Core you have registered for the list of remote devices. You click on the device to which you would like to connect and voilá: A new window with a browser opens showing the login page of your RevPi Core’s web server. And if you want to know what to do with this browser access – just go on reading…
How do I get TeamViewer for my RevPi?
Initially we will provide the TeamViewer-RevPi as a Linux package with the beta version of this agent. You can install it on any RevPi Core. In the near future we will pre-install it on every RevPi Core we deliver. When you have finished the installation (as with the pre-installed version) the agent is not activated. The service is only started at boot time when you have explicitly unblocked it on the RevPi Core’s configuration page. In this case the agent is started at boot time and will try to connect to the TeamViewer Server for authorization. During the very first contact your device will get a unique ID from the server. After about 30 seconds this ID is ready for you to be detected on the list of remote devices. This is very easy to do if your Core and the TeamViewer Client PC are in the same local network. After you have “paired” your client account with the device ID they are permanently linked. Only this account can be used to allow access from other users. Establishing the connection of a session is very securely controlled by certificates. Up to now there has been no hacker successfully corrupting a TeamViewer session tapping it or doing “man in the middle” data manipulation. But this security is highly dependent on your responsibility to choose a secure password for the client account and to store this password securely (although TeamViewer is checking and informing you if there is an attempt to connect from a different client PC and asking for your permission to authorize the access for this specific new client PC).
So how can I use this remote access?
to now everything you can do using the web server of your RevPi you would have to do using a browser on a local connected PC (via LAN). But from now on you can do the same things from all over the world (WAN) even firewalls would normally block anyone from outside the LAN to get in touch with devices inside the LAN. Actually only Windows PCs with the newest TeamViewer Client software installed (v12.0.78313) will offer you the RevPi Core connectivity. The browser window also needs the Internet Explorer to be installed on the PC.
As you may know, since Jessie release your RevPi Core’s web server is offering new pages for the configuration of several system services and adjustments. You also have access to web based applications like our graphical configuration tool PiCtory and the HMI software SpiderControl (which needs to be licensed directly at the manufacturer IniNet). This list of applications will be continuously expanded (e.g. in July we will launch a professional HMI solution by GTI-control called PROCON-WEB). Theoretically you could write your own web based application and launch it from this web server page but right now we have not provided any easy way to expand the list for user applications. Depending on the community’s feedback we may add this possibility very soon.
What data rates can I expect with this remote connection?
At Hannover Industry Fair 2017 we had already installed the TeamViewer-RevPi on one of our exhibits: A RevPi Core was controlling mixing water and oil and separating it again. This process was visualized using PROCON-WEB HMI. We did have a PC with Firefox browser installed in the LAN as well as another PC with TeamViewer client running and being connected to the Core through WAN by the TeamViewer server. The monitors of both system were standing side by side to compare the connection performance and to detect the amount of delay induced by the WAN connection. What should I say? Your eyes could not detect any delay! When we used the mouse of one PC to decrement a process value by clicking on a spin button the other PC’s monitor showed the value being decremented the moment you could hear the mouse being clicked. Even blinking elements on the HMI were flashing nearly synchronously. This is simply the professional TeamViewer performance which is unique under all remote control software.
And what’s about security?
First of all TeamViewer-RevPi does not allow a full system access (e.g. SSH). The only access to the system is to the UI of applications running on the web server. TeamViewer is using servers for establishing the connection between RevPi Core and client PC which are located on highly secured server farms nearby Frankfurt in Germany. This is also where the user accounts are administered. But there are no password lists residing on the servers which could be stolen and abused by hackers. 70% of the connections established by the TeamViewer servers are then running as point to point connections without the server in between. For technical reasons caused e.g. by the type of firewall adjustments the rest of the connections have to use the TeamViewer server as an agent in between. Even in such cases TeamViewer can’t decrypt the data stream because the key exchange for highly secured data encryption has taken place between the two communication partners (RevPi Core and client PC). The overall security process does guarantee authenticity of the partners, unsophisticatedness of data as well as its secrecy. TeamViewer has mandated FIDUCIA (whose task is to accredit desktop software for usage in over 800 banks) to proof this fact. Over 200 million TeamViewer IDs are assigned worldwide and every day PCs are using this technology in highly sensitive areas like finance, banking, health care and government. This extremely high number of users does guarantee any security lack to be immediately public once it is detected. KUNBUS is convinced that industrial controllers may well rely on this technology to be absolutely secure for remote monitoring and control applications.
How much is it?
Good news: Actually you do not have to pay a single cent for it! You can freely use the TeamViewer-RevPi beta-version and even use the TeamViewer client software with its non-commercial status (as long as you do not use the PC remote control function for other commercial purposes which do require a commercial license). The final version will be soon available. With the final version you can only use limited data volumes or limited number of devices on your free account. Any usage exceeding these limits will require a monthly payable fee which will depend on the number of devices used by the account. Small private usage and trial will always be free of charge.
Are you interested? Then do register for our forum and subscribe for the “News & Announcements” topic. In July you may already be one of the first Users of TeamViewer-RevPi. As soon as you can download the installation package we will publish it in the forum.