This protocol was specifically designed to allow different organizations to provide tool execution services to each other. As this naturally involves creating network connections over the boundaries of organization's networks, security is the top priority of its design and implementation. For a general overview of its network approach, please see the "administration" section below.

From an administrator's point of view, the main novelty compared to the older "SSH Remote Access" feature is that it is designed to connect different organizations over a shared "relay" server that can be placed outside the organization's internal network. This eliminates the need to open any incoming network ports in the organization's firewalls. Connections are only established from the internal network to the outside (e.g. the internet), but are never required in the opposite direction.

It is of course also possible to use this feature completely inside the organization's network, for example for securely providing tool execution services between different departments.

Although the current implementation is built on top of the SSH protocol, the actual Uplink protocol is not tied to it. SSH is used as the default transport mechanism as it provides well-tested encryption and login authorization. Technically, this mechanism could be replaced by any other that provides similar features. For example, the Uplink protocol could be expanded/adapted to support TLS connections, which would provide support for CA-based server certificates. At this time, however, there are no specific plans to implement this. Please contact us at <rce@dlr.de> if this feature would be relevant for you.