Transcript Meshcentral Technical Presentation

MeshCentral
Technical Presentation
MeshCentral
Based on a local peer-to-peer mesh of agents, this secure and
scalable architecture solves the outside-in problem with no
network setup
Meshcentral
2
Peer-to-peer network
MeshCentral
Mesh Agent runs on:
• Microsoft Windows (32bit & 64bit)
•
•
•
•
Apple Mac OSX (x86)
Linux (x86, 64bit, MIPS, ARMv6)
Raspberry Pi & PogoPlug (ARMv6)
Xen (x86)
• Google Android (x86, ARM)
Agent is open source.
All Mesh Code is 100% Intel.
3
Visual
Studio
GCC
CrossCompile
Android
SDK
Mesh Agent
Source
Code
MeshCentral - Agent Design
Web Browser
Mesh Server
UDP 16990
WebRTC
Location
Data Channel
WiFi reporting
TLS
R-Wake
Client
Intel® Remote Wake
S-UDP
Server / Multicast
Wake-on-LAN
Support
TCP 16990
HTTPS
TCP
MESH
10 Relay Sockets
P2P
Intel® Smart Connect
Agent
TCP Forward
Intel® AMT Forward
WMI
Module
Server
Management
STUN
LMS/MEI
Client
Intel® AMT
Intel® AMT
Intel® Active Management
Technology
UDP 16991
SR-UDP
Firewall Buster
TCP 16991
TLS
Intel® Remote Wake
Guardpost
Management
Module
Desktop
Remoting
Files
Remote Access
Server
Terminal
Intel®
AMT
Serial-overLAN
AES Acceleration
(AES-NI)
Serial
Command Shell
COM Port
Microstack
TCP
TCP Forward
5 Relay Sockets
OpenSSL
SQLite
Digital Random Generator
(RDRAND)
Trusted
Platform
Module
CryptoAPI
Support
Libraries
Intel® Identity
Protection Technology
MeshCentral
Mesh Agents are signed and self-updating from the server and
from other agents. Scalable update and agents.
Over 100 agents updates have been this way.
Meshcentral
5
MeshCentral
Mesh agents have their own messaging API application can use
to unicast to a single agent, or multicast in the P2P network.
In both cases, the message will “hop” from node-to-node.
Hopping Unicast Message
6
Hopping Multicast
Message
MeshCentral
Web based remote desktop encodes the desktop as JPEG
images and sends them to a web or C# client. The web client
uses an HTML5 canvas to display the decoded output and
capture input.
JPEG Images
Input Commands
Keyboard, Mouse, Touch
HTML5 Browser
7
Windows, Linux, OSX
Mesh Agent
MeshCentral
Secure Direct Connections Behind NAT’s
• Agents have STUN support and a WebRTC data channel
stack.
• Management traffic can flow directly from a console to a relay
agent within a network.
• Use direct tunnel for any TCP traffic: KVM, Files, Intel®
Meshcentral
STUN Server
vPro…
Router NAT
Barrier
Web Socket
WebRTC /
STUN
WebRTC /
TURN
TURN
Server
8
MeshCentral
Mesh Server Direct Connections
• If the Mesh server is installed in an intranet environment, a the
server direct mode can be enabled.
• Nodes are checked to see if they are directly routable.
• Server initiates TCP connects to routable nodes.
• No relay agents needed.
Meshcentral
Mesh Server
initiates TCP
connections
9
Server and
some clients
are the same
network
MeshCentral
Intel® vPro support
• Monitors Intel® vPro computers in sleep states
• Solves four big deployment problems with Intel® vPro:
Discovery, Credentials, Remote Access & Provisioning
• Remote access to BIOS, boot repair OS…
Meshcentral
Intel® vPro
P2P Monitoring
10
Out-of-band
Communication
MeshCentral
Remote access to private web pages. A routing cookie is sent to
the browser along with a redirection to a different web port. Each
HTTP request is forwarded over the P2P network.
Routing Cookie
& Redirect
Meshcentral
Relay Agent
HTTP Traffic
Target HTTP
Server
11
MeshCentral
Intel® vPro Fast Call for Help (CIRA) support
• Built-in support for Intel® AMT remote access connections.
• Traffic automatically routed to CIRA when possible.
• All applications API’s stay the same, identical security model.
Meshcentral
Out-of-band
Communication
Intel® AMT 4.0+
Javascript WSMAN
Stack
(Used for Web Applications)
12
MeshCentral
Intel® vPro traffic is routed 3 ways
- Agent Relay, CIRA and Direct.
CIRA
Routing
NAT
Meshcentral
Proxy / NAT
Agent
Relay
Direct
Routing
13
MeshCentral
Intel® vPro events
- Correctly routed when coming over a CIRA channel
Meshcentral
NAT
CIRA
Routing
14
MeshCentral
The Meshcentral multi-display feature uses both Websockets and
WebRTC for more efficient traffic handling.
Efficient use of a single Web Socket to
relay
all of the desktop thru Meshcentral
Meshcentral new Multi-Desktop feature.
Monitor many computer’s screens at once.
If the browser supports it, create many
WebRTC connections to the target computer
for even more efficiency & speed
15
MeshCentral
Developer API’s are available for writing new usages on top of
the mesh infrastructure. Web, agent and control API’s provide
developers with flexibility.
Meshcentral
Online web API
Enumerate devices
Remote power control
Remote messaging
Remote TCP streaming
Local Control API
Enumerate devices
Local power control
Local messaging
16
Agent API
Inter-agent messaging
Broadcast messaging
Capability search
MeshCentral
Main site
meshcentral.com
Information
info.meshcentral.com
17
MeshCentral.com
18