Remote Control
BigFix Remote Control application helps to communicate between different components, clients, and endpoints within BigFix environment.
The Remote Control system includes the following main components:
- Remote Control Targets
- They are installed on every computer that you want to control remotely with Remote Control. They listen for connection requests coming from the controller, and can be used also to start a remote control session over the internet, using the broker. Remote Control target can run under Windows, Linux , macOS and Solaris operating systems.
- Remote Control Controller
- It can be installed using the Fixlet or installer provided for use in peer-to-peer sessions, or it can be launched also in context from the remote control server or the BigFix® console. In all instances, the controller can be used to allow the user to control a remote machine where the remote control target is installed. It delivers an interface to several actions, available to the controller user, like remote control, guidance, chat, file transfer, command, collaboration, and many more. Remote Control controller supports JRE versions: Oracle 8 or IBM® 8.
- Remote Control Server
- It is a web application that manages all the deployed targets
that are configured to be in managed mode and to point to the Remote Control Server's
URL. It is a web application that can be deployed on an existing WebSphere
server, or installed through the installer package along with an embedded
version of WebSphere. Listens for HTTP or HTTPS connections by default,
on ports 80 and 443 when installing the embedded WebSphere option,
or 9080 and 9443 when deploying on top of an existing WebSphere server.
The server requires a database server: embedded Derby, only for proof
of concept deployments, DB2, SQL Server and Oracle are the supported
options. Additionally, it can also be configured to synchronize and
authenticate user and group data from an LDAPv3 server, like Active
Directory or TDS. This deployment scenario has the same networking
characteristics as peer to peer therefore, direct TCP connectivity
is required between all the controllers and all the targets. However,
the Remote Control server
provides a method of centralized, and finer, policy control, where
targets can have different policies depending on who is the user trying
to start the remote control session. The Server also provides for
centralized audit and storage of full session automatic recordings.
In this scenario, the controller is not a standalone application but
is launched as a Java Web Start application from the Remote Control server's
web interface to start the remote control session. Note: Peer to peer and managed are not exclusive modes, but the Remote Control target can be configured to be strictly managed, to fail back to peer to peer when the server is not reachable or be able to accept both peer to peer and managed remote control sessions.
The following components can be used only in managed mode:
- Remote Control CLI tools
- They are always installed as part of the target component but
you can also install them separately. The CLI provides command line
tools to:
- Script or integrate the launch of managed remote control sessions.
- Run remote commands on machines with the managed target installed.
- Remote Control Gateway
- It is a service that is installed in machines in secure network boundaries, where there is strict control of traffic flows between the secure networks. For example, the firewall at the boundary will only allow traffic between a pair of specific IP address and ports. In these scenarios, a network of gateways can be deployed to route and tunnel the remote control traffic from the controller that is sitting in a particular network zone to the target which is in a different network zone. The gateway is a native service that can be installed on a Windows or Linux machine. It does not have a default listening port, although 8881 is a usual choice, and can be configured for multiple incoming listening ports and outgoing connections.
- Remote Control Broker
- It is a service that is installed in machines typically in a DMZ so that machines out of the enterprise network, in an Internet cafe or at home, can reach it. The Remote Control broker receives inbound connections from the controller and the target and tunnels the remote control session data between these two components. The broker is a native service that can be installed on a Windows or a Linux machine. It does not have a default listening port, but 443 is a recommended option because usually this port is open for outbound connections and has fewer issues with content filtering than, for example, 80 would have.