There are a lot of specialist Remote Access Solutions available in the market. Many of these offer substantial toolsets with the complexity to match. If your requirements are simpler, for example you simply need a secure method of accessing your managed infrastructure using a least privileged approach, then sometimes the costly and complex Remote Access Solutions are overkill for your needs.
The Click Studios Browser Based Remote Session launcher is provided as part of the core Passwordstate solution. It’s not intended to be a feature for feature competitor with the likes of TeamViewer, AnyDesk or LogMeIn. Rather it provides a simple, secure and cost effective solution that is audited, only provides access to authorized users and supports session recordings.
What’s Required?
To be able to use the Browser Based Remote Session Launcher and remote into your devices you’ll need to ensure you have;
- installed the Browser Based Gateway on either your Passwordstate Web Server or a separate server,
- configured your Browser Based Gateway settings as appropriate,
- defined Remote Sessions Credentials for the hosts you want to remote into, and,
- added Hosts, and their associated properties, to the Hosts Tab.
Your Passwordstate V9 Build 9381 contains all the source files and instructions on how to install the Browser Based Gateway. To access the instructions, navigate to Administration->Remote Session Management and click on Install Browser Based Gateway.
Browser Based Gateway Settings
To configure your Browser Based Gateway Settings you need to navigate to Administration->Remote Session Management and click on Browser Based Gateway Settings. This will take you to the Configure Remote Session Gateway screen,
From here you can set the specific settings for the following;
Gateway URL: This is only required if you’ve decided to install the Browser Based Gateway on a different server to where your Passwordstate Webserver is hosted. The format you need to use for the URL is a FQDN (Fully Qualified Domain Name).
Port Number: Specify the Port Number that the Gateway will listen on.
Folder for Recorded Sessions: The folder for recorded sessions can either be the default folder, a different disk/folder on the Passwordstate Webserver or a defined share on another server using //<servername>/<sharename>.
When to Purge older Recordings: You can specify the number of days before older session recordings are deleted or disable deleting session recordings.
Specify Account if using a Network Share: This is used for purging sessions stored on a defined share. If you are not storing recorded sessions on a defined share you do not need to supply any details here.
Once you have supplied the required details ensure you have clicked on the Save button.
Remote Session Credentials
Remote Session Credentials act in a similar way to Privileged Account Credentials. They are in effect a privileged credential that is used to login to the remote hosts. For example, this could be either a Domain Administrator account for Windows Based Servers or the Root account on Unix Based systems. Ultimately your organization will determine what level of privileges are required for Systems Administration and apply those to the specified accounts.
For example, the Remote Session Credential used for remoting into the Windows Servers in our Demo Environment has;
- a description of RDP. This is just a description to provide a level of understanding on the method of remoting in and or and the target devices, and,
- the credential used to remote into the remote devices.
When I select the RDP entry it provides the options below (again as an example);
Note, we have only used the Description, Connection Type and Link To Credential. The Description and Connection Types are straightforward, remembering that only RDP and SSH Connection Types are used for the Browser Based Launcher. The Link to Credential is the path in Passwordstate for the credential being used. In this case the credential is imported from Active Directory and is stored in the Active Directory Accounts Password List under the Infrastructure folder located in the Root of Passwords Home.
The other options that are provided include;
Include Host Name Match: You can apply the Remote Session Credential based on individual hosts or query results. As an example, you could apply it to all Windows based Servers matching a naming Standard of Win*. The query results tab allows you to fine tune your query and is especially useful when using multiple queries separated by a comma.
Exclude Host Name Match: This works the same as the above but excludes hosts based on the results.
Site Location: This is only used for differentiating between internal and a Remote Site when a Remote Sites Locations Module subscription is used.
Host Type(s): Allows you to target specific Host Types. You can select one or more Host Types from the drop down list.
Operating System(s): Allows you to target specific Host Types. You can select one or more Host Types from the drop down list.
Again, once you have supplied the required details ensure you have clicked on the Save button. You can then add permissions to use this Remote Session Credential to Users and Security Groups by clicking on the Action icon next to the Credential, selecting View Permissions and then clicking on Grant New Permissions and selecting the appropriate Users or Security Groups.
Host Properties
Your Host Properties are selected under the Hosts Tab. Select the Host that has previously been setup and enter the required details,
The required fields are Host Name, Host Type, Operating System. The fields for Host Type and Operating System are used with the Query Properties for the Remote Site Credentials. You only need to enter details for the mandatory fields with the red asterisk (*). The other fields are for documentation. Note: you can only select and use Session Recording with the Browser Based Launcher not the Client Based Launcher.
In the red box above, the Connection Types other than RDP and SSH are used for the Client Based Launcher as is the Additional Parameters field.
By ensuring you have configured your Browser Based Gateway settings, defined a Remote Sessions Credential and have added a Hosts and associated properties to the Hosts Tab you’re on your way to using a simple, secure and cost effective solution for remote access.
If you have feedback and are unsure where to send it? Send it through to support@clickstudios.com.au.