How-to | HugoX | Aug 29, 2023

FAQ for ctrlX Device Portal premium

How do I start getting acquainted with and get access to the ctrlX Device Portal Premium?

Get the most important information and start your test access here: ctrlX Device Portal description 

What is "Device Management"?

To put it very simple: Device Management refers to all activities in order to commission and maintain devices so that they always fullfill the latest requirements.

What is the difference between ctrlX Device Portal and ctrlX Device Portal Premium?

ctrlX Device Portal is a web-based tool to manage and access ctrlX AUTOMATION Devices, Licenses and Apps. Find all your ctrlX COREs, add new Devices, download apps and licenses, and get an overview of your digital stock.

With ctrlX Device Portal premium you can bring your device management to the next level! Increase the efficiency of your ctrlX CORE device handling significantly, by upgrading to Premium! With Premium, you hold the "virtual threads" of ctrlX CORE devices centrally in one hand. You can launch new software functions, updates, manage and maintain device settings or carry out remote maintenance – easily and securely thanks to encryption. As a result, users are always up to date.

Users from different countries can access remotely with no need for additional infrastructure. Security updates and new functions can thus be installed, backups can be managed and information about available updates and extensions can be retrieved – all regardless of location.

To questions related with licenses management with the new ctrlX Device Portal, please refer to the FAQ Licensing with ctrlX Device Portal.

Does the device has to be always online?

No, it is not required.
For the time the action is executed the device needs server connection for the following tasks:

  • registration in the ctrlX Device Portal
  • automatic update of the device information in the ctrlX Device Portal
  • download and installation of software, configurations or also upload of Backups (can be triggered while device ist offline. It gets the order when it goes online.)
  • remote access

Who can use ctrlX Device Portal premium functions to manage devices remotely?

The ctrlX Device Portal premium services can be used by solution providers like machine builders, device owners like machine operators or also in cooperation.
In order to start managing the devices the ctrlX Device Portal premium service needs to be ordered from Bosch Rexroth. Once an account was purchased the owner of the account gets admin rights. Within these admin rights new users can also be entitled to manage devices which are connected to the account.
Devices can only be connected via a 2 factor authentication in order to guarantee that the owner of the device agrees with the requesting party that the device will be managed via the account.
For individual activities like software updates, installation, backups or remote access additional command execution policies can be set on the device so that additional features like a key switch or a simple confirmation message can be implement to gurantee that an operator confirms an action which was requested remotely by a ctrlX Device Portal premium user before it is executed.
For remote access also additional device credentials must be available to the requesting party.

Where is the sweet spot of the ctrlX Device Portal premium?

This is only an orientation based on our experience - it is neither complete nor exclusive.

  • Global or wide spread local branches and customer base - with long distances to cope with, the effort is high to manage the logistics in each life cycle phase from engineering to service. The ctrlX Device Portal premium can reduce this effort e.g. as remote managing tool or as in addition to a existing remote managing tool. (in particular see next points).
  • Multiple different software variances for same controller hardware within the portfolio - here e.g. the hardware on stock can be reduced because the variance of different functions for different machine types or different machine modules can be installed at the latest point in time while the controller hardware is always the same. (consider supported devices by ctrlX Device Portal)
  • Frequent/ strong service activities - if a strong service business is established or required there is a lot of potential to improve processes and switch to remote.
  • Frequent software or configuration updates / digital services offered -  if devices needs to be updated frequently e.g. because of frequent security adaptions or digital services are going to be part of a solution there is a lot of potential to improve processes and switch to remote
  • Challenges in ramping up/ commissioning of new machines e.g. due to high complexity. With the ctrlX Device Portal premium it is much easier to patch a bug or add a new function in the software without having someone onsite.
  • Joint engineering - via the remote access to the webinterface of the ctrlX CORE I can install apps and updates for tests even without VPN. Think about the Corona situtation were a colleague had one controller at home and all other team members had to get access to it. With VPN that would not be possilbe with many corporate Security Guidelines. Therefore controllers had to be put in the office but there was no one to e.g. restart it.

When does it pay off to use it with devices?

Often it pays of sooner than most think. It starts already with very small numbers of devices. Depending on labour and logistics costs it already pays off with one of the examples applies:

  • if one buisness trip is saved or
  • if one express shipment of hardware is saved or
  • if work hours are saved in a year e.g. due to less searching for information, troubleshooting/establishing vpn connections etc.

How do I onboard a device?

It is an easy registration process what has to be done just once. When you logged in to the ctrlX Device Portal, just click on "add Device". The process can also be triggered from the ctrlX CORE webinterface via the Remote Agent App.

From a security perspective it is a 2 factor authentification which requires to confirm the registration in the webinterface of the ctrlX CORE so that no one can register a ctrlX CORE without having actual access to it. (only first time needed)

Is it necessary to install the VPN app?

No, it is not! The VPN app is not required for Device Portal. The secure remote access tunnel will be established via Remote Agent App which is preinstalled on every ctrlX CORE.

Is the ctrlX Device Portal premium also for existing products like MTX, MLC?

No, it is not planned to support legacy products. We start in the first step with ctrlX CORE and add the support for more ctrlX AUTOMATION devices like the ctrlX DRIVE in the future.

Is there a way to control the update times remotely without having to rely on only establishing online connection when something needs to be done?

You can set the acceptance of updates to "ask user" within the "command execution policies" on a device. This will request the users permission on the device to start an update.

Is it possible to update while the machine is running?

The technology supports independent updates of apps. Of course an app is stopped while updated. So if you update the firewall, the machine could continue to run where as it would stop if you update the motion app.

If you have a ctrlX CORE with 10 drives, do you have 11 devices or 1 in the device portal premium?

Currently only the ctrlX CORE is supported. Technically you see 11 devices. How a device is counted on the payment plan is decided once the device type is supported. Until then you pay only 1 device in the example.

Is the customer the only one, who has access to his control or can Bosch Rexroth remote access it for service? Can the customer choose to make his list completely private?

Today the list is completely private. Bosch Rexroth or anyone else can only access the customers account if the customer grants access rights for the respective user.

Can I replace a VPN remote access solution with the ctrlX Device Portal premium?

It depends.
Yes, if you only need access to the ctrlX CORE Webinterface.
No, if you need access to all network devices in the (machine's) network or ctrlX WORKS connection.

Explanation: with a vpn connection you can do more in terms of direct network access, but it is also more complicated and less secure because you have to establish the connection which requires a dedicated IT infrastructure and you have access to the entire connected network.

If a VPN connection is required for certain purposes, we recommend to use the VPN app on the ctrlX CORE in combination with a supported VPN server and the ctrlX Device Portal premium. In this case the remote access via the ctrlX Device Portal premium can be established with all advantages and as second step the VPN connection can also be triggered this way if required.

How many remote accesses can be active simultaneously?

No limit known.

What data volume can be transfered via the remote access?

From the browser what is used by the user to the device an upload of 100 MB and vice versa from the device to the browser of the user a download of 6 MB is possible. Please, note that the remote access is designed for configuration, web-based engineering and trouble shooting. Any data transfer e.g. for software updates is handled seperately and does not have the same limitations. The remote access shall only be used as a workaround for data transfer.

What can I do if a Remote Access cannot be opened?

You can do the following for troubleshooting:

  • check in the "Device Overview" menue within "Show Device Information" (information icon on the right hand site in the respective line of the device) if the remote access for the device is already enabled (in "device information" scroll down to "Remote Access" and see status "enabled"/"disabled"

    if it is disabled then go to the three dot menue icon on the right hand site of the information icon of the respective device and choose "Configure Remote Access". A wizard opens to enable the remote access. Click on "enable" and submit. After the command was processed by the device you can start the remote access.

    if it is enabled and it has been for a long period of time, please restart it by disabling and enabling.
  • Please make sure that the command execution policies on the device are either set to accept update tunnel or ask user for update tunnel. If ask user is chosen please make sure that the request is accepted on the device and the remote access is enabled (see first point) before opening it.
  • Please make sure that the ctrlX CORE has access to the required IP addresses. see documentation here

Can a single device be registered twice or even more times?

No, in one account a device can only be registered one time. A device can be registered in different accounts but currently it will only connect to the account where it was last registered. In order to register a device and prevent misuse a direct approval has to be given on the device.

Is it possible to store app updates in the cloud to deploy from anywhere?

App updates from Bosch Rexroth: Yes, they are made available via the ctrlX Device Portal premium after each release milestone automatically.
App updates of self programmed apps from the customer or third party: Yes, we support a "private repository" where the customer can store own apps.

What encryption method is used and what port has to be opened so that a ctrlX CORE can communicate with the ctrlX Device Portal premium service?

The ctrlX CORE is using REST to send status information and commands. For the tunnel, it is using a secure websocket tunnel tunneling the "http requests" on Port 443. No VPN or other tcp connection needed. Please, consult the online documentation in order to get a list of server addresses what can be used for proxy and firewall configurations.

Related links


Latest published/updated articles