Client and server connectivity

COMBIVIS connect securely connects local with remote devices through the Internet.

Remote devices operate as clients towards the Server Infrastructure. In fact, they communicate through outbound connections, as allowed by firewall settings. In return, the Server Infrastructure receives inbound connections from remote devices.

Note: See System architecture for further information on this subject.

Access Server

The access server supports the COMBIVIS connect Manager connection and authentication.

When the Runtime connects to the Access Server for the first time, it obtains a signed identity file that contains the device UID as assigned in the COMBIVIS connect Manager domain.

Relay Server

A Relay Server provides data transaction during a remote access session among the COMBIVIS connect Manager, Tools and Runtime. Relay Servers allow both the COMBIVIS connect Manager and Runtime to stay safe behind their firewalls.

COMBIVIS connect Manager and Runtime automatically choose the Relay Server to use from a pool of available servers list provided by the Access Server.

To select the best Relay Server for a remote access session, both COMBIVIS connect Manager and Runtime perform a connection test to all Relay Servers and assess the network performances of each of them. The test results provided by both COMBIVIS connect Manager and Runtime are then combined and compared to select the best performing Relay Server.

Note: The automatic Relay Server selection process can be disabled to define a fixed Relay Server that should be used by the clients. Get in touch with the Technical Support Team to activate this configuration.

The sections below describe some necessary protocol settings.

TCP protocol

To enable the communication service between the Internet protocol and the COMBIVIS connect Manager, at least one of the following TCP ports of the remote services shall be set to open on the main servers of the Server Infrastructure. The ports listed below are set as default and can be accessed and viewed through the computer settings.

  • 80
  • 443
  • 5935

Furthermore, both the Runtime and router need to resolve the Infrastructure servers IP address through a dedicated domain name resolution server (DNS). To enable this process, the following ports shall be set to open:

  • TCP 53
  • UDP 53
The connection from clients to the Access Server uses TLS 1.2 with certificate authentication. Clients can use the default TCP 443 outgoing port or can be configured to use port 80 or 5935 (TLS is still in use), depending on which solution is best to comply with local IT policies. Clients automatically test available outgoing ports, but they can be configured to operate with a fixed port.
Note: Access Servers are redundant and fault tolerant.
Note: COMBIVIS connect Manager Tools and Runtime need to be able to connect to the following addresses:
  • ccas1.keb.de
  • ccas2.keb.de
  • ubiquityrs1.asem.it
  • ubiquityrs2.asem.it
  • ubiquityrs3.asem.it
  • ubiquityrs4.asem.it
  • ubiquityrs5.asem.it
  • ubiquityrs6.asem.it
  • ubiquityrs7.asem.it
  • combivisconnect.com
  • webapi.combivisconnect.com
  • help.combivisconnect.com

Remote devices and the router then search for any open port to establish a server connection and consequently an end-to-end connection.

These settings allow you to locate each device by its own IP address within the network through the COMBIVIS connect Manager Tools.
Note: See COMBIVIS connect Manager Tools for further information on this subject.

SSL/TLS protocol

All of the connections available in the COMBIVIS connect Manager are made through an SSL/TLS protocol, regardless of the port used for each connection. This protocol allows for a safe and private data transaction between the server and Runtime.

Note: Access Servers use an SSL server certificate signed by a Certification Authority (CA) to authenticate content transferred through web servers.

SNTP protocol

The UDP 123 port shall be set to open, to allow the clock synchronization through the SNTP protocol.