Connect to a remote IO Module with Windows

The network connectivity of LucidControl USB IO Modules opens them to a much wider field of remote io applications. Together with the Raspberry Pi, the USB IO Modules are e.g. able to measure or control temperatures over the Internet.

In earlier articles I described how the LucidControl USB IO Modules can be accessed over a network by employing a Raspberry Pi. There are solutions available that make the USB IO Modules ready for remote io network communication.

Remote Io Network Device Server and Client Computer

Network Device Server and Client Computer

First of all, and that’s true for all described solutions, a TCP communication is established by running ser2net on the network device server. The ser2net application is routing a data stream from a TCP socket to a local device like a serial port. And since our LucidControl USB IO modules use the standard USB CDM profile, they behave like a standard serial port. The LucidIoCtrl command line tool as well as the API support direct socket communication what is recommended for remote io solutions.

Remote Io Network Device Server with socat and ser2net

USB IO Module Network Device Server with socat and ser2net

I also described how to create a virtual serial device with socat on a Linux client computer. Virtual devices are routed to a TCP socket of a network device server ser2net is listening to. The virtual devices are transparent and accessible on the client computer the same way as a local device is.

In this article I show now a method how to create virtual remote io devices on Windows operating systems that are routed to a USB IO Module connected to a network device server.

But why should you use this method, when the LucidControl tools support direct TCP connections?

Beside of the tools that are provided by us it is also possible to access the USB IO modules directly. Since the protocol of the USB IO modules is fully documented and easy to understand, a developer can implement the USB IO module from scratch sending data frames to them.

ProfiLab-Expert Application

ProfiLab-Expert Application

For the USB IO Modules is an implementation for ProfiLab-Expert 4.0 available. ProfiLab-Expert is a program for visualization and control of analog and digital signals. It allows you to use the USB IO Modules in order to control e.g. a temperature by changing the state of a digital output module which controls a heater by switching it on and off.

ProfiLab-Expert accesses the USB IO Modules natively without using an API by sending data frames directly via the serial port to the IO Module.


Creation of a virtual Remote Io Device on a Windows Client

LucidControl USB IO Modules can be used with Windows without the need of a driver. The IO modules implement the standard CDM profile that is natively supported by most Windows versions.

Linux has with ser2net and socat all tools available which are helpful in order to create a network device server as well as a virtual device on the client computer connected to the network device server.

For Windows the situation is different as third party tools are necessary for this task. A comport interface can only be installed as a new device what needs a kernel mode driver. Such software is different compared to application software and needs special knowledge of the Windows Driver Development Kit (WDK).

If an application which is running in user mode has a bug it should not crash the whole system. In worst case the application terminates, but the system should remain responsive and other applications are not supposed to be affected by this and should continue running.

In kernel mode things are different and everyone who is involved into driver programming knows that the famous “blue screen” still exists and is not a thing of the past.

We did some driver project in the past for our RFID Universal Reader Module what is a reader for contactless cards that can e.g. access contactless passports and can also be used in banking applications. In this field PC/SC is a standardized interface and a reader should support the Windows Smart Card API. Having this experience, I think I can estimate how complicated it is to make a new device operating.

Fortunately, there are serial port redirectors available that install a new serial port which is forwarded to a TCP socket. We successfully tested our USB IO Modules e.g. with COM2TCP and the VSP driver of HW Group.

Finally, we put special attention on the open source project com0com. It is not a port redirector as e.g. the VSP driver is, but a null-modem emulator that installs a pair of virtual serial ports connected to each other.

Connecting to a Network Device Server with com0com Null-Modem Driver

Connecting to a Network Device Server with com0com Null-Modem Driver

The picture explains the concept of connecting to a network device server via a null-modem emulator driver. At a first glance it seems to be difficult using two virtual serial ports instead of one. The gray highlighted part shows the function of the kernel mode driver, the yellow highlighted part shows applications running in user mode.

com0com creates a pair of serial port devices (here COMa and COMb) that are connected to each other. Data sent to COMa is received by COMb and vice versa.

This concept has a big advantage because it allows having an application running in user mode between the serial ports that accesses the serial port COMa and connects it with a remote io TCP socket. The program com2tcp (not to mix up with COM2TCP) connects a serial port with a remote TCP socket. It belongs to the com0com project but it is not automatically installed by the setup and must be downloaded separately.

Setup com0com for TCP redirection

The com0com project can be downloaded as a Windows installable file. When the driver is supposed to be installed on a recent Windows operating system a problem will arise because of the driver not being signed with a valid signature but with a test signature only.

Nowadays, Windows needs drivers being signed with a valid signature. While this was earlier only true for the 64 bit versions of Windows 7 it became more difficult in newer Windows versions to run unsigned kernel mode software. The validation of driver signatures can be disabled in general (e.g. when the system is started) but the complete deactivation should only be a temporary solution for a development computer. We cannot recommend this for a productive system.

On our download page we provide a signed driver of com0com that can be used in conjunction with our USB IO Modules. The installation is straight forward and it is explained in this document.

Note:We are not the developer of com0com, we only signed the existing kernel modules and we appreciate the developers work very much. The com0com project can be found on Sourceforge.

Validation of the com0com Driver Signature

Validation of the com0com Driver Signature

Continue the installation as explained and at some point Windows will ask you to confirm the installation of the signed software.

Click Install in order to agree that you want to install the kernel mode driver signed with our signature. You might be asked several times to confirm the driver installation.


Windows Driver Update Installation of com0com Null-Modem Driver

Windows Driver Update Installation of com0com Null-Modem Driver

For some reason Windows might be searching Windows Update for a more recent driver what does not make sense for me and can be skipped by clicking Skip obtaining driver software from Windows Update. But even then it might take a few minutes (at least on my system) to complete the installation.


Device Manager with com0com Devices

Device Manager with com0com Devices

After the installation has completed, com0com devices appear on the Ports section. In this example COM6 and COM7 serial ports have been installed.


The settings of the com0com ports can be changed and also new ports can be created by using Setup for com0com. This application is copied onto the system during the com0com setup.

Setup for com0com Application

Setup for com0com Application

This screen shot shows the current configuration on our machine. A new pair of linked serial ports can be created by clicking Add Pair. The installation of a new pair of serial ports took some time on our machine because Windows Update was looking for some more recent driver versions.


Pending Installation of com0com

Pending Installation of com0com

The setup program recognizes the slow installation and shows a dialog that can be confirmed in order to complete.


Setup for com0com - new serial Port

Setup for com0com – new serial Port

The fresh created ports have the names CNCA2 and CNCB2.

For compatibility reasons we recommend using standard names for serial ports. Some applications may not be able to work with a serial port name like CNCA0 but needs standard names like COM6. We also recommend activating use Ports class what installs a serial port in the Ports section of the device manager. Otherwise the port pair appears in the com0com section only.


Setup for com0com "use Ports class"

Setup for com0com “use Ports class”

When use Ports class is enabled for CNCA2 and CNCB2 ports Windows assigns new serial port names to the ports. Here the first available free ports were COM11 and COM12.


Connecting Serial Ports to a Remote Io TCP Socket

One virtual comport of the pair can now be connected with the TCP socket of a network device server running ser2net.

Connecting to a Network Device Server with com2tcp

Connecting to a Network Device Server with com2tcp

com2tcp –ignore-dsr \\.\COM6 RPI-AZ-2 4001

This command connects the virtual serial port COM6 (that is connected to COM7) with the TCP port 4001 of the computer named RPI-AZ-2.

Accessing USB IO Modules with com0com

Accessing USB IO Modules with com0com

This command connects to COM7 that is connected to COM6. COM6 is opened by com2tcp and redirected. LucidIoCtrl asks the USB IO Module for device information. The Analog Input Module answers and returns that it is able to measure 4 voltages in the range of 0 to 10V.

Summary

This article explained how a virtual serial port that is connected to a TCP socket can be installed on a Windows operating system and how a connection to a network device server can be established by using the LucidIoCtrl tool.

Although our tools and API support direct TCP socket communication, a virtual comport that is redirected to a TCP socket is helpful for compatibility reasons e.g. using the USB remote io modules together with ProfiLab-Expert.

By using com0com there is no software change necessary when switching from a local connected IO Module to a remote io device. By changing the comport number the measurement object can be routed to an IO module connected to a remote network device server.

Accessing a USB IO Module in a Network by using Linux and socat

The LucidControl USB IO Modules can be shared over a network by using a network device server running ser2net. The network device server can be any computer running Linux like e.g. the Raspberry Pi.

Network Device Server and Client Computer

Network Device Server and Client Computer

As it can be seen in the illustration, the application on the client computer is routing the data through the TCP socket. This kind of connection makes it necessary that the application running on the client supports socket connections. In our case the LucidIoCtrl command line tool and the dotNet library offer currently support of TCP socket connection in addition to the standard virtual serial port connection.

For client applications that rely on local serial devices there exists a a flexible method which creates virtual devices on the client computer that are connected to a remote device on a network device server. This allows e.g. using existing software working with local serial ports without adaption of the source code.

USB IO Module Network Device Server with socat and ser2net

USB IO Module Network Device Server with socat and ser2net

The picture shows the principle of this method. On the network device server there is no change necessary and ser2net is running with the same options explained in the last article.

On the client computer the Linux tool socat comes into the game. It is a powerful program that can redirect data streams in general. socat establishes bidirectional data streams between files, pipes, devices (serial line or a pseudo terminal) and different kind of sockets (UNIX, IP4, IP6 – raw, UDP, TCP and SSL).

More information on socat including many examples can be found here and here.

I concentrate in the following on using socat in order to create a virtual serial device on a client computer which is routed to a TCP socket created on the network device server by ser2net.

Installing and configuring socat

socat can be installed by

apt-get install socat

After installation, socat can be started on the client side and the complete configuration is done by command line parameters.

socat pty,link=/dev/lio0,nonblock,raw,echo=0,ignoreof,waitslave tcp:RPI-AZ-2:4001

This instruction creates a device /dev/lio0 which is connected to port 4001 of the network device server RPI-AZ-2. The option nonblock opens the device in non-blocking mode, raw instructs socat to send data unprocessed and echo=0 switches local echo off. In our tests these three options could be omitted without any influences. But, the option ignoreof is important and causes that socat stays active after the port was closed by the client application. Since e.g. the LucidIoCtrl command line tool closes the serial port when it returns, socat must not close the device in order to be responsive for further calls.

As a short form the following call of socat is working well:

socat pty,link=/dev/lio0,ignoreof,waitslave tcp:RPI-AZ-2:4001

Calling socat blocks the terminal and it is also not useful to start socat in a script this way because it does not return.

(socat pty,link=/dev/lio0,ignoreof,waitslave tcp:RPI-AZ-2:4001) &

By calling socat this way a background process is started. The prompt returns immediately after the process has been installed and a script running this line does also not block anymore.

Note: It might be necessary to run socat as root. In this case socat assigns the root user as owner of the created device what prevents other users from accessing the device. This is not desired as it would require all applications accessing the created virtual port need to have root permissions.

(socat pty,link=/dev/lio0,user=klaus,group=dialout,mode=660,ignoreof,waitslave tcp:RPI-AZ-2:4001) &

The parameters user, group and mode make it possible to specify the privileges of the created device. In this example the device /dev/lio0 belongs to the user klaus, the group dialout and can be accessed by the user and the group. All users accessing any serial port must be member of the group dialout, so it makes sense to create also the virtual device with this group assigned.

When socat is running, the virtual device is accessible and LucidIoCtrl can communicate with the remote device like this:

Accessing a remote USB Analog Input Module connected to a Network Device Server

Accessing a remote USB Analog Input Module connected to a Network Device Server

This instruction runs the LucidIoCtrl command line tool on the client. It connects through the remote network device server to the USB IO module and requests device information of the USB analog input module.

socat as ser2net Alternative on the Network Device Server

Since socat is a bidirectional relay for data streams it can also be used on the network device server as a substitution for ser2net. While ser2net is a quick and convenient solution which is easy to setup, socat offers more options and supports SSL encryption.

socat tcp-l:4001,fork,keepalive,nodelay,reuseaddr /dev/ttyACM0,b115200,raw

This call uses the local device /dev/ttyACM0 and listens to TCP port 4001. It routes all data for this port to the device like ser2net does. The parameter fork creates a child process, the parameter keepalive supports TCP keepalive packets, nodelay opens the port with non-delay options and reuseaddr allows reusing an address even if it is already used by socat. Raw data transmission is used and the baudrate is set to 115200bps. Since the USB IO modules are virtual serial devices, which do not need an initialization of the serial port parameters, some parameters can be omitted.

I use a reduced parameter set which works without any implications, and we start a background process listening on TCP port 4001.

(socat tcp-l:4001,keepalive,reuseaddr /dev/ttyACM0) &

Note: If ser2net is already running on the system it must be disabled before socat is used by calling:

/etc/init.c/ser2net stop

Encrypting Data Streams with socat

Opening a TCP port that is routed to a device can become a security leak and there is a potential risk that data are eavesdropped, intercepted or injected from a manipulating communication partner. This could result e.g. in wrong temperatures being transmitted or unintentional changes of the state of a digital output by some fraudulent computer.

If security aspects are important for a relayed port, socat supports encryption based SSL certificates that can be created by using OpenSSL. Beside of the data encryption this method allows also to grant different access rights to some USB IO modules connected to a network device server. These access rights can be granted on module level what means that e.g. an USB analog output module and a USB analog input module, both connected to the same computer, can have different access privileges.

USB IO Module Network Device Server with socat and SSL Data Encryption

USB IO Module Network Device Server with socat and SSL Data Encryption

The picture shows the principle how the data encryption works. All configuration for the data encryption is done by socat parameters and it is not necessary to change the application running on the client computer when adding secure data encryption.

SSL is consists of a private key and trust certificates that can be distributed on any computer that is trustworthy.

OpenSSL is used in order to create private keys and trust certificates for the network device server and all client computers. A good tutorial for this can be found here.

The created trust certificates can be exchanged between all communication partners. The generated private key files and the merged PEM files must be securely saved on the related computer.

After the certificates have been distributed, socat is ready for SSL encryption.

(sudo socat openssl-listen:4001,keepalive,reuseaddr,cert=$HOME/server.pem,cafile=$HOME/client.crt /dev/ttyACM0)&

This command starts the network device server listening on SSL port 4001. It encrypts the data with the server private key stored in server.pem and it trusts all clients whose trust certificates are stored in the file client.crt.

(sudo socat pty,link=/dev/lio0,user=klaus,group=dialout,mode=660,nonblock,raw,ignoreof, waitslave openssl-connect:RPI-AZ-1:4001,cert/$HOME/client.pem,cafile=$HOME/server.crt) &

This command creates a virtual device /dev/lio0 on the client computer. All data sent to this device are encrypted with the client private key stored in client.pem.

Compared to the calls of socat explained earlier, the last two calls are only extended by the parameters cert and cafile. The parameter cert refers to the PEM file which contains the private key and the public certificate of the communication partner. The parameter cafile links to a file which contains all trusted certificates.

Conclussion

In this article I have shown how a USB IO module can be shared within a network as a device having an entity in the /dev folder. The advantage of this method over the TCP port sharing is that existing software, which is using device names, can be used without adaption.

socat is a powerful tool that can create bidirectional redirections of data streams. In the first part of the article I have shown how a client running socat can connect to a network device server running ser2net what is a very convenient way.

In the second part of this article I explained how to use socat on the client computer as well as on the network device server replacing ser2net on the network device server. The reason for this was that employing socat on the network device server offers more functionality such as data encryption.

The SSL encryption supported by socat adds more security to the transmitted data and is the foundation of the further work.