The IBM® Endpoint
Manager for Remote Control system
includes the following main components:
- IBM Endpoint
Manager for Remote Control Target
- The target is installed on every computer that you want to control
remotely with IBM Endpoint
Manager for Remote Control.
It listens for connection requests that come from the controller.
The target can also be used to start a remote control session over
the internet, by using a broker.
Targets that are outside of your
intranet can be configured to register their details with the server.
Sessions with these targets are managed by server policies. The targets
must be deployed with the Managed property set
to Yes. The ServerURL and BrokerList properties
must also be configured. Targets can also be configured so that they
do not send their details to the server. These targets are classed
as unregistered targets. There are two ways to configure unregistered
targets. You can install the target software and set the Managed property
to No. The BrokerList property must also be set.
You can also use the on-demand target features to start a remote control
session with a computer that does not have any target software preinstalled.
Server policies are used to manage the on-demand sessions. The target
software is deleted at the end of the session.
The IBM Endpoint
Manager for Remote Control target
can run in Windows, Linux, and Solaris operating systems.
- IBM Endpoint
Manager for Remote Control Controller
- Can be installed by using the Fixlet or installer that is provided
for use in peer to peer sessions. It can also be launched in context
from the remote control server or the IBM Endpoint
Manager console. In all instances, the controller can be used to allow
the user to control a remote computer on which the remote control
target is installed. The controller delivers an interface to several
actions, available to the controller user, like remote control, guidance,
chat, file transfer, collaboration, and many more. IBM Endpoint
Manager for Remote Control controller
supports JRE versions: Sun 1.6, Oracle 1.6, 1.7 or IBM® 1.5, 1.6,
1.7.
- IBM Endpoint
Manager for Remote Control Server
- A web application that manages all the deployed targets that are
configured to be in managed mode and to point to the IBM Endpoint
Manager for Remote Control Server
's URL. The server is a web application that can be deployed on an
existing WebSphere® server,
or installed through the installer package along with an embedded
version of WebSphere.
The server listens for HTTP or HTTPS connections by default. When
it is installed with the embedded WebSphere option, it listens on ports 80 and 443. When it
is deployed on top of an existing WebSphere server,
the IBM Endpoint
Manager for Remote Control server
listens on ports 9080 and 9443. The server requires a database server:
embedded Derby, only for proof of concept deployments, DB2®, SQL Server, and Oracle are the supported
options. Additionally, it can also be configured to synchronize and
authenticate user and group data from an LDAPv3 server, like Active
Directory or Tivoli Directory Server. This deployment scenario has
the same networking characteristics as peer to peer. Therefore, direct
TCP connectivity is required between all the controllers and all the
targets. However, the IBM Endpoint
Manager for Remote Control server
provides a method of centralized, and finer, policy control, where
targets can have different policies that are determined by the user
who is trying to start the remote control session. The Server also
provides for centralized audit and storage of full session automatic
recordings. In this scenario, the controller is not a stand-alone
application.but is started as a Java™ Web
Start application from the IBM Endpoint
Manager for Remote Control server's
web interface to start the remote control session.
Note: Peer to peer
and managed are not exclusive modes. The
IBM Endpoint
Manager for Remote Control target
can be configured in the following ways.
- Configured to be strictly managed.
- Configured to fail back to peer to peer mode when the server is
not reachable.
- Configured to accept both peer to peer and managed remote control
sessions.
The following components can be used only in managed mode:
- IBM Endpoint
Manager for Remote Control CLI
tools
- Are always installed as part of the target component but it is
also possible to install them separately. The CLI provides command-line
tools for the following tasks:
- Script or integrate the launch of managed remote control sessions.
- Run remote commands on computers with the managed target installed.
- IBM Endpoint
Manager for Remote Control Gateway
- A service that is installed in computers in secure network boundaries,
where there is strict control of traffic flows between the secure
networks. For example, the firewall at the boundary allows only traffic
between a pair of specific IP address and ports. In these scenarios,
a network of gateways can be deployed. The gateway routes and tunnels
the remote control traffic from the controller that is sitting in
a particular network zone, to the target that is in a different network
zone. The gateway is a native service that can be installed on a computer
that has a Windows or Linux operating system installed.
It does not have a default listening port, although 8881 is a usual
choice, and can be configured for multiple incoming listening ports
and outgoing connections.
- IBM Endpoint
Manager for Remote Control Broker
- A service that is installed in computers typically in a DMZ so
that computers out of the enterprise network, in an Internet cafe
or at home, can reach it. The IBM Endpoint
Manager for Remote Control broker
receives inbound connections from the controller and the target and
tunnels the remote control session data between the two components.
The broker is a native service that can be installed on a Windows or a Linux computer.
It does not have a default listening port, but 443 is a recommended
option because usually this port is open for outbound connections
and has fewer issues with content filtering than, for example, 80
would have.