The IBM® Endpoint Manager for Remote Control system includes the following main components:
- IBM Endpoint Manager for Remote Control Target
- The target is installed on every computer that you want to control
remotely with IBM Endpoint
Manager for Remote Control.
It listens for connection requests that come from the controller.
The target can also be used to start a remote control session over
the internet, by using a broker.
The IBM Endpoint Manager for Remote Control target can run in Windows, Linux, and Solaris operating systems.
Targets
that are outside of your intranet can be configured to register their
details with the server. Sessions with these targets are managed by
server policies. The targets must be deployed with the Managed property
set to Yes. The ServerURL and BrokerList properties
must also be configured. If you are using version 9.0.1, targets can
also be configured so that they do not send their details to the server.
These targets are classed as unregistered targets. There are two ways
to configure unregistered targets. You can install the target software
and set the Managed property to No. The BrokerList property
must also be set. You can also use the on-demand target features to
start a remote control session with a computer that does not have
any target software preinstalled. Server policies are used to manage
the on-demand sessions. The target software is deleted at the end
of the session.
- IBM Endpoint Manager for Remote Control Controller
- Can be installed by using the Fixlet or installer that is provided for use in peer to peer sessions. It can also be launched in context from the remote control server or the IBM Endpoint Manager console. In all instances, the controller can be used to allow the user to control a remote computer on which the remote control target is installed. The controller delivers an interface to several actions, available to the controller user, like remote control, guidance, chat, file transfer, collaboration, and many more. IBM Endpoint Manager for Remote Control controller supports JRE versions: Sun 1.6, Oracle 1.6, 1.7 or IBM® 1.5, 1.6, 1.7.
- IBM Endpoint Manager for Remote Control Server
- A web application that manages all the deployed targets that are
configured to be in managed mode and to point to the IBM Endpoint
Manager for Remote Control Server
's URL. The server is a web application that can be deployed on an
existing WebSphere® server,
or installed through the installer package along with an embedded
version of WebSphere.
The server listens for HTTP or HTTPS connections by default. When
it is installed with the embedded WebSphere option, it listens on ports 80 and 443. When it
is deployed on top of an existing WebSphere server,
the IBM Endpoint
Manager for Remote Control server
listens on ports 9080 and 9443. The server requires a database server:
embedded Derby, only for proof of concept deployments, DB2®, SQL Server, and Oracle are the supported
options. Additionally, it can also be configured to synchronize and
authenticate user and group data from an LDAPv3 server, like Active
Directory or Tivoli Directory Server. This deployment scenario has
the same networking characteristics as peer to peer. Therefore, direct
TCP connectivity is required between all the controllers and all the
targets. However, the IBM Endpoint
Manager for Remote Control server
provides a method of centralized, and finer, policy control, where
targets can have different policies that are determined by the user
who is trying to start the remote control session. The Server also
provides for centralized audit and storage of full session automatic
recordings. In this scenario, the controller is not a stand-alone
application.but is started as a Java™ Web
Start application from the IBM Endpoint
Manager for Remote Control server's
web interface to start the remote control session. Note: Peer to peer and managed are not exclusive modes. The IBM Endpoint Manager for Remote Control target can be configured in the following ways.
- Configured to be strictly managed.
- Configured to fail back to peer to peer mode when the server is not reachable.
- Configured to accept both peer to peer and managed remote control sessions.
The following components can be used only in managed mode:
- IBM Endpoint Manager for Remote Control CLI tools
- Are always installed as part of the target component but it is
also possible to install them separately. The CLI provides command-line
tools for the following tasks:
- Script or integrate the launch of managed remote control sessions.
- Run remote commands on computers with the managed target installed.
- IBM Endpoint Manager for Remote Control Gateway
- A service that is installed in computers in secure network boundaries, where there is strict control of traffic flows between the secure networks. For example, the firewall at the boundary allows only traffic between a pair of specific IP address and ports. In these scenarios, a network of gateways can be deployed. The gateway routes and tunnels the remote control traffic from the controller that is sitting in a particular network zone, to the target that is in a different network zone. The gateway is a native service that can be installed on a computer that has a Windows or Linux operating system installed. It does not have a default listening port, although 8881 is a usual choice, and can be configured for multiple incoming listening ports and outgoing connections.
- IBM Endpoint Manager for Remote Control Broker
- A service that is installed in computers typically in a DMZ so that computers out of the enterprise network, in an Internet cafe or at home, can reach it. The IBM Endpoint Manager for Remote Control broker receives inbound connections from the controller and the target and tunnels the remote control session data between the two components. The broker is a native service that can be installed on a Windows or a Linux computer. It does not have a default listening port, but 443 is a recommended option because usually this port is open for outbound connections and has fewer issues with content filtering than, for example, 80 would have.