Architecture & Integration

Two Paths to Full Control of Any Device Fleet.

A unified architecture for managing encoders, cameras, and IP devices — whether you build them, or already deploy them in the field.

RemoteGenius provides a single control plane for device fleets operating across unpredictable networks — cellular, CGNAT, firewalled enterprise LANs, or fully isolated environments.

  • Native access to existing device interfaces
  • Programmatic control through normalized APIs
  • Shared transport, security, and deployment model
  • Both paths run simultaneously on the same device
Request a Demo
Native Access Engineers, vendor support
Unified Control NOC, automation
Secure Reverse Transport One connection per device
Two Management Models

Two complementary control paths over one shared infrastructure.

RemoteGenius exposes two distinct but interoperable control paths. Both operate over the same secure reverse connectivity layer, allowing simultaneous access without duplicating infrastructure.

Native Device Access
Unified Programmatic Control
Primary users
Engineers, vendor support
NOC, automation systems
Interface
Device GUI / native API
RemoteGenius API & dashboard
Vendor knowledge
Required
Abstracted away
Automation
Limited
Full end-to-end
Fleet consistency
None — per-vendor
Fully normalized

Both models operate over the same secure reverse connectivity layer — no duplication of infrastructure.

Transport Layer

Secure connectivity without network changes.

All device communication is established through an outbound-only connection model. One reverse SSH tunnel per device, multiplexed across any number of local services.

Outbound-Only

No inbound ports, VPNs, or static IPs

  • Persistent reverse SSH tunnel initiated by the device
  • Zero firewall changes on the customer side
  • Works behind any NAT or proxy
Any Network

Traverses CGNAT, cellular, and enterprise firewalls

  • Carrier-grade NAT on mobile networks
  • LTE / 5G modems with rotating IPs
  • Segmented enterprise LANs with strict egress
Multiplexed

One connection → many services per device

  • HTTP / HTTPS — GUIs and REST APIs
  • WebSocket — real-time control and logs
  • MQTT, RTSP, ONVIF, custom TCP
Supported protocols
HTTP / HTTPSWebSocketMQTTRTSPONVIFCustom TCP
Option 1 — Native Device Access

Direct access to device interfaces — no integration required.

Operators reach the device exactly as designed by the manufacturer. Full vendor UI, native APIs, debug tools, logs — with zero feature loss and without exposing the device on the public internet.

  1. 01 Select device in dashboard
  2. 02 Open a secure session
  3. 03 Land inside the device UI — proxied
Characteristics
  • No VPN client, no port forwarding
  • No exposure of device credentials
  • RBAC-controlled access via RemoteGenius
  • Full feature parity with the native interface
Security model
  • Per-device SSH keys (ed25519)
  • Short-lived session tokens (JWT)
  • Centralized credential rotation
  • Immediate access revocation
When it is used
  • Debugging and field support
  • Vendor-specific configuration
  • Devices without formal integration
  • Early-stage or rapidly evolving firmware
https://console.remotegeni.us/session/…
DEVICE · vendor ui
Dashboard
Network
Streams
System
Logs
Option 2 — Unified Programmatic Control

Normalized control across multi-vendor fleets.

All devices — regardless of vendor or firmware — are exposed through a single schema and API. Operators work with standardized fields, consistent actions, and unified telemetry instead of vendor-specific implementations.

Underlying components
Device Shadow

Server-side digital twin

  • Maintains authoritative device state
  • Exposes a unified REST API
  • Decouples control logic from connectivity
Device Adapter

Modular translation layer

  • Converts generic commands to device-specific calls
  • Handles JSON, XML, query-param APIs
  • Encodes vendor-specific behavior
WS API Proxy

Local mediation bridge (optional)

  • For devices that restrict direct API access
  • Local API bridging and file interaction
  • Persistent outbound connection
Exposed to operators
  • Read full configuration snapshot
  • Patch multiple settings in one request
  • Execute actions — reboot, reset, restart stream
  • Monitor real-time telemetry
  • Perform firmware upgrades
  • Track full audit history
Unified schema examples

All device settings are mapped into canonical keys. Adapters handle type conversion, conditional fields, dependency chains, and reboot requirements.

  • net.lan.ip LAN IPv4 address
  • net.wifi.ssid Wi-Fi network name
  • stream.bitrate Encoder output bitrate

Operators never interact with vendor-specific APIs.

ReGen Bridge device
ReGen Bridge

Bring legacy and non-integrated devices under control.

ReGen Bridge devices act as local intermediaries when direct integration is not possible. They connect securely to RemoteGenius servers and communicate with local devices over LAN — enabling control of closed systems, legacy hardware, and devices without remote capabilities.

  • Secure outbound link to the RemoteGenius cluster
  • Talks to local devices over Ethernet or serial
  • Runs adapters for closed or legacy hardware
  • No changes required to device firmware or topology
Deployment scenarios
Device exposes API only
Bridge + Adapter
No remote access at all
Bridge device required
Full integration possible
No bridge needed
Deployment Models

Flexible deployment across cloud and on-prem.

Same APIs regardless of mode. A Cloud Gateway abstraction lets clusters operate connected, disconnected, or in a hybrid failover posture.

Cloud

Fully managed

  • Multi-tenant or dedicated clusters
  • Auto-scaling infrastructure
  • Centralized control plane
On-Premise

Isolated and air-gapped

  • Local authentication and control
  • Operates with no external connectivity
  • Manual sync of global data
Hybrid

Cloud + on-prem combined

  • Failover between modes
  • Redundant clusters across sites
  • Seamless transition online / offline
Multi-Tenant Architecture

Designed for small fleets and global deployments alike.

The same platform serves two-device pilots and thousand-node rollouts. Logical isolation is enforced at every layer.

Capabilities
  • Multi-tenant shared infrastructure
  • Dedicated single-tenant clusters
  • Virtual servers per customer
  • Logical isolation across all layers
Enforcement layers
  • API-level tenant isolation
  • Database scoping per org
  • Token-based device authentication
  • Cluster-wide whitelisting
Result

Small customers get zero-setup infrastructure. Enterprises get full control and isolation.

Security Model

End-to-end security by design.

Security is not a layer bolted on top — it is the transport. Every tunnel, every API call, every device is authenticated and auditable.

Transport

SSH-encrypted tunnels

  • Device ↔ platform end-to-end encryption
  • Per-device ed25519 key pairs
  • No shared secrets across the fleet
Identity

JWT & token-based auth

  • Short-lived session tokens
  • Token rotation and expiry
  • Centralized credential management
Governance

RBAC and audit

  • Role-based access across users and devices
  • Audit logging of all actions
  • Scoped API access per tenant
For Hardware Vendors

Extend your devices into a managed platform.

Adoption does not require firmware redesign. Integration can evolve over time — from zero-code bridge access to full native API integration.

Immediate Gains

Cloud control without the build

  • Skip building remote infrastructure
  • Ship enterprise features on existing hardware
  • Meet US and EU managed-device expectations
Integration Levels

Pick your depth

  • Native API integration via Device Adapter
  • Proxy-based integration via WS API Proxy
  • No integration — bridge-only access
Enterprise Requirements

Unlock regulated buyers

  • Remote management and support
  • Full auditability of access and changes
  • Automation APIs for NOC integration

Adoption does not require firmware redesign. Integration can evolve over time.

Operational Model

How customers actually use the system.

In production, the two paths are not used equally. Automation dominates the day-to-day; native access is kept in reserve for the long tail of edge cases.

90–95%
Unified API

Automation for scale — NOCs, dashboards, and scripted operations

5–10%
Native UI fallback

Reserved for debugging, vendor tooling, and new firmware

Takeaways

One platform. Two paths. Every device.

A single connectivity model, two control paths, and deployment flexibility from a single tenant to a global fleet.

  • One connectivity model supports all devices
  • Two control paths serve different operational needs
  • Bridge devices extend coverage to any hardware
  • Adapters normalize vendor diversity
  • Deployment works in cloud, on-prem, or hybrid
  • Security and auditability are built in
Request a Demo
Talk to Engineering