Remote Session as Windows or Unix Screen in an HTML5 Browser
This article discusses deployment architecture and benefits of agentless universal remote desktop and shell access. At its heart it is an RDP, SSH and VNC gateway to HTML5 that transmits its data over HTTPS protocol. We call it Session Manager. The other literature sometimes call it a Jump Server. For the end user agentless Session Manager looks like a Windows desktop inside a modern browser: no applets, no ActiveXs, not even Remote Desktop or terminal software is required on the client computers. Everything is completely agentless.
It could also be a Unix screen or a router shell.
Since the only software requirement for the client device is the browser, the installation and the maintenance of the software is easy. The software is deployed on the server once and stays here. There is no need to do any special maintenance at the end points (which could be numerous and remote). Users can use Session Manager from the secure locked down or mobile devices such as browser based terminals like Chromebooks.
Architecture of RDP, SSH, VNC Gateway to HTML5
The server part of an agentless Session Manager is a gateway, not a proxy (proxy inputs and outputs the same protocol). The gateway translates RDP, SSH or VNC protocols to interactive HTML5 graphics. On one side of the server, a client accesses gateway using secure HTTPS protocol. It eliminates the need to open RDP or SSH ports in the firewall or setup a VPN to provide access to computers behind the firewall. All traffic between clients and hosts flows through the secure and manageable HTTPS connection.
On the other side of the same server, the gateway is completely aware about high level RDP, SSH and VNC communication protocols. Inside its logic the gateway operates with user keystrokes and images, files and texts, mouse clicks and clipboards, not with low level TCP/IP traffic which is hard if ever possible to reconstruct into its original semantics. This inherent gateway function allows the Session Manager to implement business level features like session recording and keystrokes filtering, whitelisting and user substitution as well as many other options that will be available in the future.
Session Manager Integration with an Identity Vault
And there is even more. Session Manager could be integrated with powerful Identity Vault that, among other things, can store and share records about devices and their accounts with passwords, access keys or certificates. The identity vault allows the Gateway to establish connection to Windows or Unix computers without disclosing passwords to the end user. In addition to that, the vault monitors, shares, logs sessions for auditing purposes, enables search and analyses session related events and even correlates them with other account events that happen in the system.
Xton Technologies builds, markets and distributes enterprise privileged accounts management software including identity vault that enables permission based sharing of secret information like passwords and security certificates for employees, contractors and scripts, policy driven password reset and centralized script execution for Windows, Unix and IoT devices as well as provides agentless access to network resources without disclosing passwords or keys to end users capable to record and monitor RDP, VNC or SSH sessions.
Xton Access Manager is an unlimited, agentless, cross-platform privileged access management solution built from the ground up with an enterprise feature set. Simple to implement, without your typical enterprise cost and effort.
Xton Access Manager is now available for download. Please fill out this form to receive a download link to get started today, even on your current desktop or laptop. Documentation is available to help or you can email or call us to request a trial extension, discuss questions and share your feedback. We would love to talk to you.