Device Management via IoT or Embedded Web Server?

(WebSockets Behind Firewall)

WebSockets Behind Firewall

IoT and Embedded Web Server technologies both have their plusses and minuses. In this hands on article, we will show how it is possible to re-use the device management application for both solutions. You may compile the code we present below and connect to the IoT testing server (the online portal) we have setup.

Increase your customer's confidence in your product by providing a dual IoT solution that assures your product never ends up as explained in the EE Journal article RIP, Cloud-Connected Devices.

Why use an Embedded Web Server ?

Embedded Web Servers have been used for device management long before IoT was coined, and it is still very popular due to its simplicity. Just take your home router as an example, which provides a web interface for all the router settings.

The benefit with using an Embedded Web Server is that it does not rely on any third party products that may fail, thus making it more reliable and always available on the local network where the device is deployed.

The negative with an Embedded Web Server powered device is that it is not easy to control the device outside of the local network where the device is deployed. Technically challenging solutions such as setting up a pinhole (port forwarding) in the router is possible, but it is not an ideal solution.

Why use IoT?

IoT has many benefits such as being able to manage and supervise multiple devices in multiple locations. With IoT, the devices typically act as a network client and connect to an online IoT cloud server. A user does not directly control a device, but must first navigate to the cloud solution for getting access to the device(s).

What is an IoT device?

An IoT device is simply a network enabled client that sends and/or receives data from an online cloud server. The data transmitted can be anything including sensor data and control messages. IoT device protocols include HTTP, MQTT, WebSockets, SMQ, OPC-UA and so on.

The negative with an IoT solution is for devices that are more often controlled from the local network where they are deployed. The IoT round-trip slows down communication, making some real time applications too slow. Should the IoT cloud server or its network infrastructure go down, the devices become impossible to control.

Combining IoT and Embedded Web Server

Reaping the benefits of both solutions and eliminating the negatives is to design a device that can both provide a local web interface via an embedded web server and be controlled via an IoT cloud server. However, doing so has traditionally incurred extra complexity and development time.

Is it possible to provide both solutions and re-use the device management application for both solutions?

Yes it is possible, but doing so requires re-thinking the traditional way of designing web based device management applications. Instead of using the standard HTTP GET/POST for performing the actual commands, a persistent WebSocket connection is used. For this to work, the HTML application must be designed as what is known as a Single Page Application (SPA).

See the end of this article for how to provide a similar solution for standard HTTP servers.

Proof of Concept

To show that it is indeed possible to re-use an SPA for both local management directly via an embedded web server and remotely via IoT, we created an online testing server you may use. The testing server is available at the following URL:

IoT Testing Server:

The simulated device code can be downloaded to your computer and compiled as follows:

git clone git clone git clone cd MinnowServer/example/make make packwww minnow IOT=true ./minnow

The above commands download the Minnow Server (WebSocket server) from GitHub and compile the Minnow Server reference example in IoT mode by the make command IOT=true.

The above commands require that you have git make gcc zip, and curl installed on your host computer. You may install the required tools as follows:

sudo apt-get -y install git make gcc zip curl

If you are using Windows, use the Windows 10 Linux subsystem or use the online C compiler we have setup by navigating to:

Online C compiler and IoT testing server:

When the Minnow Server runs, the server connects to the online IoT server after 3 seconds if the Minnow Server is not controlled locally.

When the Minnow Server runs, use your browser and navigate to http://localhost:#, where # is the port number the server is listening on. You may then control the device using a local connection. The default credentials are user "root" and password "password.

You may also control the device using the online server, but make sure to close the local connection first. After closing the connection, the server will connect to the online IoT server after 3 seconds. You may then click the link presented on the online IoT server. Click this link and login.

See the article Creating Single-Page Apps with the Minnow Server for details on how the reference example works.

This example focuses on devices with extreme memory limitations since only one network connection is used for the cloud server connection and the local WebSocket server connection service. Note that the example can only be used by one human operator at a time. We recommend using the Barracuda App Server for systems with more memory. You may also download the ready to use Barracuda App Server's WebSocket C source code example from GitHub.

The following video, starting at 4:20, shows an ESP8266 microcontroller being controlled via the online IoT server. See the Minnow Server's GitHub documentation for details on installing the software on a microcontroller.

The above Minnow Server example is also included in our free ESP32 IoT IDE.

How to Access a Standard HTTP Server Behind a Firewall

What if you do not want to limit your design to only WebSockets, but also want to use standard HTTP including all standard services provided via HTTP? This is possible, but it gets more complicated and is best solved by a product designed specifically for this purpose.

IoT & HTTP Behind Firewall

The Barracuda App Server includes a reverse HTTP(S) connection bridge designed for a free product called SharkTrustX. The Barracuda App Server, when embedded in a product, runs on the local (LAN) network and SharkTrustX runs as an online connection bridge portal.

See the IoT & HTTPS Behind Firewall Product SharkTrustX for details.

Discover More:

Whether you are a maker, a startup, or a large business, we've got you covered. Please send us an email if you have any questions or if you are unsure on what product to select. We are here to help you find the best solution, and we'd really like to help you with your hardware/software project challenges.


OPC-UA Client & Server

An easy to use OPC UA stack that enables bridging of OPC-UA enabled industrial products with cloud services, IT, and HTML5 user interfaces.

Edge Controller

Edge Controller

Use our user programmable Edge-Controller as a tool to accelerate development of the next generation industrial edge products and to facilitate rapid IoT and IIoT development.

On-Premises IoT

On-Premises IoT Platform

Learn how to use the Barracuda App Server as your On-Premises IoT Foundation.

Embedded Web Server

Barracuda Embedded Web Server

The compact Web Server C library is included in the Barracuda App Server protocol suite but can also be used standalone.

WebSocket Server

Microcontroller Friendly

The tiny Minnow Server enables modern web server user interfaces to be used as the graphical front end for tiny microcontrollers. Make sure to check out the reference design and the Minnow Server design guide.

WebDAV Server

Network File System

Why use FTP when you can use your device as a secure network drive.

HTTP Client

Secure HTTP Client Library

PikeHTTP is a compact and secure HTTP client C library that greatly simplifies the design of HTTP/REST style apps in C or C++.

WebSocket Client

Microcontroller Friendly

The embedded WebSocket C library lets developers design tiny and secure IoT applications based on the WebSocket protocol.

SMTP Client

Secure Embedded SMTP Library

Send alarms and other notifications from any microcontroller powered product.

Crypto Library

RayCrypto C Library

The RayCrypto engine is an extremely small and fast embedded crypto library designed specifically for embedded resource-constrained devices.

Embedded PKI Service

Automatic SSL Certificate Management for Devices

Real Time Logic's SharkTrust™ service is an automatic Public Key Infrastructure (PKI) solution for products containing an Embedded Web Server.


Modbus TCP client

The Modbus client enables bridging of Modbus enabled industrial products with modern IoT devices and HTML5 powered HMIs.

Posted in Whitepapers