MeshCentral & MeshCommander Blog

Because MeshCentral is a web site that has control over a lot of devices, security is super important. MeshCentral already implements two-factor authentication, FIDO2 hardware keys support and much more. In the last few months, we added even more security features to insure that compute assets are as protected as possible. Here are some of the security features that were added recently:
Database Partial Record Encryption. When saving data in the database, some of the fields will need to be indexed for fast retrieval, but some of the data is sensitive such as account two-factor keys and Intel® AMT credentials. For these values, MeshCentral now offers an optional additional encryption layer using AES256-GCM. Fields that are marked as sensitive are encrypted and encoded in a special _CRYPT value in the database. When reading the record back, MeshCentral decodes and places the sensitive fields back transparently to the rest of the server code. This feature can be used on top of encryption …

In the last week MQTT support was added to MeshCentral. The Message Queuing Telemetry Transport (MQTT) is a simple protocol often used for Internet Of Thing (IoT) devices. By making MeshCentral fully capable of handling MQTT connections, this opens many more opportunities for developers to attach their own devices and usages to MeshCentral. MeshCentral does require a few added lines in the server’s configuration file you can enable built-in MQTT support. Here are a few details:
MQTT Login Credentials. When enabled, a new “MQTT Login” link will show up at the bottom of a device “General” tab. Clicking on this will give the user a JSON document will all of the information needed to authenticate and login to the server. The document includes a username, password, URL’s and certificate hashes making it easy to cut and paste this into a device for a successful and secure connection.MQTT Console. The agent console tab was modified to support both agent commands and MQTT commands. In MQTT mod…

It’s been a while since the last blog post, but work continues in many areas and the GitHub community continues to help with feature requests and bug reports. One notable event that happened in the last week is the creation of the all new MeshCentral Reddit forum that will make it easier for MeshCentral users worldwide to exchange ideas and continue to help build the solution forward. Anyone is welcome to post. This week, we got three big items: 
Remote desktop mouse synchronization. Thanks to Bryan Roe for this complicated feature, the MeshAgent’s built-in remote desktop server now looks at the currently displayed mouse cursor. When the mouse cursor changes, it sends a message to the viewer that also changes the browser cursor on the HTML canvas. The result is that users have a much better and more responsive experience when performing remote desktop. Previously, the same mouse pointer was always shown in the viewer and users has to guess when, for example, the cursor was in the rig…

This week marked a milestone as on August 11th MeshCentral passed the half a million download count according to npm-stat.com. MeshCentral had its first commit on GitHub on August 28, 2017 and so, we crossed this milestone in about 2 years. While the downloads don’t correspond to the number of installed servers or users, it’s still a big number. I would like to thank everyone that participates in the community to make MeshCentral a success. To celebrate this event, some in my management are getting MeshCentral commemorative mugs (picture below).

As MeshCentral is increasingly taking on enterprise level features, this week we are announcing a Remote management session recording support. This is often a requirement in order to deploy management solutions. The MeshCentral Management Presence Server (MPS) is now capable of recording Intel® AMT KVM sessions for later playback in addition to remote desktop and terminal sessions to the software agent. This feature is really 3 announcements i…

Progress has been relentless thanks in part to the encouragements from the GitHub community. In the past few weeks we continued to focus on user requested features as the NPM download rate sometime exceeds 10k downloads a week. In addition to fixing many bugs, we added a bunch of new features this week and published a new MeshAgent for Windows (32 and 64bit) thanks for many improvements from Bryan Roe. Here are just some of the highlights:
MeshCtrl. As MeshCentral is integrated into various existing software ecosystems, it’s important make MeshCentral integrate well and responsive to other software actors. Administrators may want to automatically create and remove user accounts, automate the creation of device groups and get information on existing device states to feed this data into other software. To enable this MeshCentral now includes MeshCtrl, a command line tool that allows administrative operations on MeshCentral servers. MeshCtrl comes built into MeshCentral when you install t…

MeshCentral is an open source web based remote computer management web site that supports Intel® Active Management Technology (Intel AMT). In the past few weeks a lots of new features and bug fixes have been made. Mesh Agent improvements are thanks for Bryan Roe and many of the other features and fixes are thanks to the help of the GitHub community. There are too many changes to list here, however here is a selection of a few of the more interesting ones:
Support for FreeBSD and Puppy Linux. Bryan Roe has continued to port the MeshAgent into more Linux variants with support for Puppy Linux, a Linux distribution that is small and easy to use. More impressive still, this week Bryan got the MeshAgent installing, running and self-update on FreeBSD. This is the first time that MeshCentral works on BSD and certainly an interesting addition to the list of supported operating systems.Improved account creation and invitation email. Requested by the GitHub community, this feature allows an admin…

MeshCommander is an open source, web based Intel AMT management console that can be used as a stand-alone tool, loaded inside the Intel AMT firmware or as part of MeshCentral, the remote management web site. Over the last few weeks we made many improvements to MeshCommander and v0.7.8 just got published online. In this version, the stand-alone MeshCommander for Windows no longer uses IMRSDK.dll to perform IDER operations, instead all versions of MeshCommander now use the JavaScript IDER module. In addition to this, many more improvements and fixes have been made. In detail:
Improved IDER. Because of the new JavaScript IDER module, the stand-alone Windows version of MeshCommander now shows a “heat map” of disk reads in real time. This was available on other versions of MeshCommander (Firmware/NPM/MeshCMD), but it’s now on all versions.Drag & Drop IDER. Starting an IDER session to a remote computer is now as simple as dragging & dropping a .img or .iso or both file types on MeshC…