Client and server connectivity

UBIQUITY securely connects local with remote devices through the Internet.

Remote devices operate as clients towards the Server Infrastructure. In fact, they communicate through outbound connections, as allowed by firewall settings. In return, the Server Infrastructure receives inbound connections from remote devices.

Note: See System architecture for further information on this subject.

Access Server

The access server supports the UBIQUITY Manager connection and authentication.

When the Runtime connects to the Access Server for the first time, it obtains a signed identity file that contains the device UID as assigned in the Ubiquity Manager domain.

Relay Server

A Relay Server provides data transaction during a remote access session among the UBIQUITY Manager, Tools and Runtime. Relay Servers allow both the UBIQUITY Manager and Runtime to stay safe behind their firewalls.

UBIQUITY Manager and Runtime automatically choose the Relay Server to use from a pool of available servers list provided by the Access Server.

To select the best Relay Server for a remote access session, both UBIQUITY Manager and Runtime perform a connection test to all Relay Servers and assess the network performances of each of them. The test results provided by both UBIQUITY Manager and Runtime are then combined and compared to select the best performing Relay Server.

Note: The automatic Relay Server selection process can be disabled to define a fixed Relay Server that should be used by the clients. Get in touch with the Technical Support Team to activate this configuration.

The sections below describe some necessary protocol settings.

TCP protocol

To enable the communication service between the Internet protocol and the UBIQUITY Manager, at least one of the following TCP ports of the remote services shall be set to open on the main servers of the Server Infrastructure. The ports listed below are set as default and can be accessed and viewed through the computer settings.

  • 80
  • 443
  • 5935

Furthermore, both the Runtime and router need to resolve the Infrastructure servers IP address through a dedicated domain name resolution server (DNS). To enable this process, the following ports shall be set to open:

  • TCP 53
  • UDP 53
The connection from clients to the Access Server uses TLS 1.2 with certificate authentication. Clients can use the default TCP 443 outgoing port or can be configured to use port 80 or 5935 (TLS is still in use), depending on which solution is best to comply with local IT policies. Clients automatically test available outgoing ports, but they can be configured to operate with a fixed port.
Note: Access Servers are redundant and fault tolerant.
Note: UBIQUITY Tools and Runtime need to be able to connect to the following addresses:
Access servers:
  • ubiquityas1.asem.it
  • ubiquityas2.asem.it
Relay servers:
  • ubiquityrs1.asem.it (Germany)
  • ubiquityrs2.asem.it (Italy)
  • ubiquityrs3.asem.it (USA - West Coast)
  • ubiquityrs4.asem.it (USA - East Coast)
  • ubiquityrs5.asem.it (Singapore)
  • ubiquityrs6.asem.it (Hong Kong)
  • ubiquityrs7.asem.it (Brazil)
Platform server:
  • ubiquity.asem.it

While a VPN connection is being established, the UBIQUITY Tools and Runtime perform a check to determine the duration it takes for data to reach each Relay Server. This information assists the Access Server in selecting the most optimal Relay Server to be utilized, regardless of the geographical location of the device.

Remote devices and the router then search for any open port to establish a server connection and consequently an end-to-end connection.

These settings allow you to locate each device by its own IP address within the network through the UBIQUITY Tools.
Note: See UBIQUITY Manager Tools for further information on this subject.

SSL/TLS protocol

All of the connections available in the UBIQUITY Manager are made through an SSL/TLS protocol, regardless of the port used for each connection. This protocol allows for a safe and private data transaction between the server and Runtime.

Note: Access Servers use an SSL server certificate signed by a Certification Authority (CA) to authenticate content transferred through web servers.

SNTP protocol

The UDP 123 port shall be set to open, to allow the clock synchronization through the SNTP protocol.

Keep-alive feature

The data exchanged for the keep-alive feature between Runtime and the server infrastructure and between UBIQUITY Manager and the server infrastructure is approximately 1 KB per minute.