Getting Started with Remote Access

How do I get started – General

The very first thing is to make sure Remote Access is turned on:

  1. In order to enable remote access, simply log into the Admin By Request portal and head over to Settings > Server Settings > Remote Access Settings.

  2. From the AUTHORIZATION tab, ensure that Allow remote control is turned On:

How do I get started – Managed Service?

A managed service is a way of operating Remote Access so that your infrastructure allows an outbound connection to establish a secure tunnel from your respective endpoints and that these have the Admin By Request Server agent installed.

Using Admin By Request's Managed Service for remote access is the default. If you decide on this option when first enabling Remote Access, no configuration is required; all you need to do is:

  1. Ensure your endpoints have the Admin By Request Server agent installed.

  2. Connect to an endpoint (see below).

If this is not the first time enabling Remote Access and you have previously configured an on-premise gateway, the following tasks are needed to setup a managed service using a Cloudflare tunnel:

    1. Ensure that your endpoints have the Admin By Request Server agent installed

    2. In the portal, go to Settings > Server Settings > Remote Access Settings.

    3. Select the Gateways menu and, from the CLOUD tab, ensure that Allow cloud gateway is On:

    NOTE:

    The CLOUD tab becomes visible only when an on-premise gateway is created. If no on-premise gateway exists, Remote Access will use the managed service option, which is enabled by default and requires no configuration.

    Configuring an on-premise gateway means disabling the cloud gateway (see How do I get started – Self-hosted Implementation?) which is why the CLOUD tab becomes available when a gateway is created.

    That’s it. The Admin By Request agent will now attempt to establish a secure tunnel via an outbound call - allowing connections directly via the managed gateway.

  2. NOTE:

    In order to allow Admin By Request to connect to your endpoints, these endpoints need to allow traffic on the following ports:

    • RDP - 3389

    • SSH - 22

    • VNC - 5900 and 5901

    1. From the portal, head over to your Inventory and select an endpoint with the Admin By Request Server agent installed:

    2. Click the Remote link for this server and then, on the Hardware Inventory screen, click Remote control:

    3. Enter User name and Password and click Sign in:

    After a few seconds, the connection appears directly in your browser.

How do I get started – Self-hosted Implementation?

A self-hosted implementation means that you run Remote Access on-premise inside your own infrastructure, including the ability to run Docker containers. To establish a secure tunnel, your infrastructure must also allow outbound connections to Cloudflare.

IMPORTANT:

With the release of the 2.0.9 version of Remote Access, we have introduced a new environment variable that needs to be present in order for the gateway to function properly.

The new variable is called AUTH__TOKEN and, If you're upgrading your on-premise gateway from 2.0.1 to the latest version, you will need to add this environment variable to your Docker setup.

Please refer to Upgrading Remote Access On-Premise (Self-hosted) for more information.

The following tasks are needed to setup a self-hosted implementation:

    1. Ensure that your endpoints have the Admin By Request Server agent installed.

    2. In the portal, go to Settings > Server Settings > Remote Access Settings.

    3. Select the Gateways menu and, from the CLOUD tab, ensure that Allow cloud gateway is Off:

    4. Click Save if making changes.

    1. In the portal (Remote Access Global Settings), from the Gateways menu, select the ON-PREMISE tab. This shows the current gateways for your tenant:

    2. Click Add New, followed by Save. This will create a new Gateway with the default name Gateway 1:

    3. Click the words Install gateway. This displays a view that allows access to the Docker compose file used for the installation:

      The Docker compose file contains all the information necessary to orchestrate the Docker containers required to make Remote Access work.

    4. Click Copy YML to clipboard to copy the Docker compose file to your clipboard.

    5. Add a new docker-compose.yml file to your Docker host, paste in the content and run the following command:

      Copy 
      sudo docker compose up -d

      This will spin up the containers and communicate back to the Admin By Request portal with all of the necessary information. Furthermore, a secure tunnel will be initiated between Cloudflare and the Connector container.

  3. NOTE:

    In order to allow Admin By Request to connect to your endpoints, these endpoints need to allow traffic on the following ports:

    • RDP - 3389

    • SSH - 22

    • VNC - 5900 and 5901

    1. From the portal, head over to your Inventory and select an endpoint with the Admin By Request Server agent installed:

    2. Click the Remote link for this server and then, on the Hardware Inventory screen, click Remote control:

    3. Enter User name and Password and click Sign in:

    After a few seconds, the connection appears directly in your browser.

Upgrading Remote Access On-Premise (Self-hosted)

A new environment variable has been introduced from version 2.0.9 that needs to be present in order for your gateway to function properly. The new variable is called AUTH__TOKEN and you can add this environment variable to your Docker setup to enable the next docker compose pull to complete successfully.

AUTH__TOKEN needs to be set for all three images: Connector, Proxy and Discovery. The value of the AUTH__TOKEN variable can be anything you choose - it just needs to be the same across the different services. We recommend setting it to a UUID value or something of similar complexity.

In the case of a Docker compose file, the change would look like this:

Once these changes have been made, you can run the following commands (in order):

Copy 
sudo docker compose pull
sudo docker compose up -d

This will spin up the containers using the new image and the newly added AUTH__TOKEN variable.

NOTE:

If you spin up a new gateway using the portal, you will not need to change anything manually. The required changes will be incorporated into the docker compose file generated by the portal.

Discovery

When using the self-hosted on-premise setup, the Discovery module is also available. The Discovery module automatically looks at the current network in which it is running and reports findings back to the portal about endpoints responding on ports 3389, 22 or 5900/5901.

This gives you the advantage of not having to manually map endpoints that are not running the Admin By Request Server agent. This also has the benefit of mapping your network(s) automatically to your Admin By Request inventory, allowing you to connect to agent-less devices like routers, firewalls etc.

Refer to Configuring Discovery for more information on Discovery.