Work From Home Is Easier Than Ever With BigFix Remote Control!

Author: Stefano Sidoti

BigFix Remote Control is an integral component of the BigFix Work from Home solution. Unlike ‘free’ management tools from OS vendors, BigFix’s patented single-port architecture helps enterprises protect remote computers from brute-force RDP and other attacks, with or without a VPN. 
To reduce help desk costs, BigFix Remote Control provides a fully secure channel to help Information Technology (IT) teams to support their remote users.

In prior BigFix Remote Control versions (before Oct 2020) an operator could only open remote sessions via remote Control Server, requiring direct connectivity between Server and target. In case of Internet users, a VPN had to be established.

With BigFix Remote Control 10.0.2 (released Oct 2020), Remote Control provides a solution where an operator can open a remote session where the end user needs to enter a connection code, without using a VPN, even when the controller and the target are over the Internet. 

Starting from BigFix Remote Control 10.0.5 (released Sept 2021) it is possible to take control of a managed target located anywhere in the world without requiring an end user to enter a connection code. 

This reduces desk side IT management costs, travel costs, and improves 24x7 operations. Using the Lite Web Portal, you can take control of such targets from anywhere, so an operator can easily manage sessions from their home network.

Remote Control sessions are used from operators to establish a connection to a computer in the target environment to observe or actively control the computer remotely. In the session the controller user's keyboard and mouse become the primary keyboard and mouse for the remote system. Functions such as chat, guidance, reboot, and file transfer are some of the options available for use in a Remote Control session.

To establish connection through Lite Web Portal, as a Remote Control administrator, you need to configure the relevant properties in the RC Server UI:

• Liteweb.portal.enable ⇒ To enable Lite Web Portal, set it to True.
• Liteweb.portal.autodetect.url ⇒ Set it to True.

No additional Broker Certificates are required. The Lite Web Portal can use the existing Broker certificate. 

Once the session is established, the communication from the Controller to the Server, as well as from the target to the Server, travels through the Broker Reverse Proxy tunnel.  As a result, the only communication requirement for both Controller and Target is line of sight with the RC Broker.

In a WFH scenario, two types of sessions can be established from the Lite Web Portal through the Broker:

1. On Demand sessions.
   To start an OD remote control session, select a broker session from within the Lite Web Portal UI. A request for a connection code is made. The code is generated by the Remote Control server and displayed on the controller computer. The session starts when the target user enters this connection code, and the authorization is performed successfully.
    
2. Unattended sessions.
   With Unattended sessions it's not required to have an end user on the target system to enter the connection code, thus allowing remote access to devices located everywhere.  Once the Server, the Broker, and the Controllers have been deployed, you can activate the Unattended Target Support by activating unattended target support on RC Server and configuring targets using the BigFix Remote Control Target Wizard on the BigFix Console.

​​​​​​To ensure the greatest security for such Internet sessions, at least one of the following configurable features must be defined (if none is selected the Server will enforce the Controller UUID verification):

1. The Controller Instance ID
   This feature is always enabled when operating on Unattended Targets. Every time the Controller is started, the controller generates a temporary and unique Controller Instance ID that is bound to the session being established. Only one Controller Instance ID can be bound to a session.
    
2. The Controller UUID
   When enabled from the Remote Control Server web interface, this function provides an additional level of authorization for operating on the Unattended Target Lists from the Controller.  Each controller provides a unique Universally Unique Identifier, named Controller UUID. When this security feature is enabled, the Controller UUID of the Controller that is about to start the Internet session must be listed among the authorized Controller UUID on the Server.
    
3. Two Factor Authentication via Mail
   This feature can be enabled from the Remote Control Server web interface and is only available when operating from the Lite Web Portal. It requires the configuration of an SMTP server in the Remote Control Server. 

The bottom line is it has never been easier to securely manage work from home with BigFix Remote Control!