System items interaction

Within the COMBIVIS connect system architecture, both hardware and software system components interact with each other, by means of a server infrastructure connection between COMBIVIS connect Manager and the remote devices.

The system components are split in three main groups:

  1. COMBIVIS connect Manager: Web interface through which a support technician can connect to a remote device to provide assistance from their local computer.
  2. COMBIVIS connect Network infrastructure: Connection hosting the user domains.
    • Access Servers: They consist of a distributed redundant set of servers that manage the authentication of remote devices and COMBIVIS connect Manager.
    • Relay Server: They consist of a distributed redundant set of servers that act as a relay for an end-to-end connection between COMBIVIS connect Manager and remote devices.
  3. Remote devices: They consist of industrial automation devices installed at a remote location, such as HMIs, IPCs and routers embedding the COMBIVIS connect Runtime.
Note: See Client and server connectivity to learn more about this topic.

Remote access process overview

COMBIVIS connect Manager, Runtime and routers authenticate to an Access Server by means of SSL/TSL outgoing connections, which are usually allowed by firewalls.

When COMBIVIS connect Manager is going to establish a connection to Runtime or a router, the following process occurs:
  1. The affected endpoints select the Relay Server that provides the best round-trip-time.
  2. A secure end-to-end connection establishes between the endpoints and the Relay Server.
  3. The Relay Server forwards any encrypted messages, without decrypting them.

Server infrastructure options

Two Server Infrastructures are optionally available and can be set through the Connection settings Tool.
Note: See COMBIVIS connect Manager Tools for further information on this subject.
  • Public: The connection is established through the Server Infrastructure managed by KEB.
  • Private: The connection is established through a private Server Infrastructure, available on request through implementation of the Private Server settings.