Posts

MeshCentral2 - Group Move, MongoDB performance, Quick Install

Image
This week, we got a bunch more interesting updates to the code base. Along with many more bug fixes, one feature request that was made on GitHub was to allow devices to be switched between device groups. In addition, MeshCentral is getting deployed a bunch more and so, work has been put in to optimize the MongoDB queries and indexes. Starting testing many 1000’s of connections to MeshCentral on relatively small cloud instances. So far, it seems an instance at 30$/month plus traffic costs will host a MeshCentral instance that will handle 10000+ agents. Lastly, started writing MeshCentral install scripts for various cloud provider instances so you can install MeshCentral easily in a few minutes. In details:
Move devices between groups. Device groups are built to apply the same policy to set of user permissions to a group of devices. In the past a device would join a group at install time and this group could not be changed. This caused issues because administrators did not have the flexi…

MeshCentral2 - Hardware Key Support, One-time Passwords, Running Stateless

Image
MeshCentral is an open source web based remote computer management web site. Because administrators can use MeshCentral to manage hundreds to thousands of computers remotely, the server is a security target. It’s important to support the best industry practices to try to minimize security risk. This week, three new security features where added to MeshCentral.
Support for hardware authentication keys. A few weeks back, work got started on adding 2-factor authentication to MeshCentral. First, with support for Google Authenticator. This week, we improve on this with support for hardware keys. You can get a YubiKey starting at 15$ that acts as a hardware based second authentication factor. Users first have to register their key with the web site. Then when logging in and after entering the username and password, user’s will be prompted for a login token. At this point, press the button on the USB key and
your automatically logged in. It’s super simple and can be used alongside Google Authe…

MeshCentral2 - OS support, Browser Tabs, Location & Security

Image
MeshCentral is an open source web based remote computer management web site. The last 2 weeks have been packed with an average of more than two releases a day. This rapid rate has been necessary in order to support the online feedback from everyone installing MeshCentral and giving it a try.

This week, Bryan Roe really shined has he installed more different Linux distributions virtual machines than I have ever seen before. Bryan is testing the MeshAgent on as many Linux variants as he can get his hands on. The remote desktop feature is especially difficult to implement correctly on different Linux distros. Remote desktop is now working on Windows, MacOS, Ubuntu, PepperMint, Zoran, SUSE, Linaro, Fedora, CentOS and Raspbian. A very impressive task. More debugging is being done on all these operating systems, but it’s looking good so far, screenshots below.

In addition this week:You can now Shift-Click on a device in MeshCentral to open it in a different tab. This has been an often request…

MeshCentral2 - Two-step authentication support

Image
MeshCentral is being deployed at an ever increasing rate with more computers being managed it’s important that it be done as securely as possible. Last week, the MeshAgent got TPM support for hardening of device identity, this week it’s the user’s turn to have improved authentication with support for Google Authenticator and compatible applications.

When logging into a web site, users are normally prompted for a username and password. This however can be a weak form of authentication. Especially for sites like MeshCentral that manage many computers, it’s important to authenticate users in the most secure way possible. One solution is RFC4226 and RFC6238 that standardize a way to transfer a pre-shared key to a user and compute a time limited token than is a second login factor. Google has a quick guide on 2 step authentication here which can be helpful.

Starting with MeshCentral v0.2.6-j there is now full support for 2-step login. This is an optional process and to get it setup, users …

MeshCentral2 - Design Document, TPM support, Speed & IoT

Image
This holiday break was no break for MeshCentral as it continued to progress. Big thanks to the people that post issues on GitHub. Because of the community, MeshCentral is getting a lot better and issues that would be difficult to find are being fixed. Over the past month a lot of things have changed and here is a small rundown of some of them:
Published the first version of the Design and Architecture document. This new document comes on top of the existing Install Guide and User’s Guide documents. It covers the internal workings of MeshCentral including the programming languages used, the dependencies, certificate generation, connection authentication, security and much more. The goal here for anyone to be able to get a good grasp as to how MeshCentral2 was designs, the trade-offs and how the security works. This is the first published version. Obviously, this document will grow in size as times permits. One possible use of this document is so that anyone can conduct a security review…

MeshCentral2 - Video Chat & Terminal

Image
MeshCentral is an open source web based remote computer management web site. As the software matures, people as increasingly been asking for features that enable remote support usages. For example, having the agent run only temporarily or being able to chat with a user on a remote computer. In the last few months, MeshCentral has gained some of these features including remote text chat. This week, we are doubling down and adding audio, video and file transfer support to the MeshCentral messenger application.

Modern browsers have WebRTC for video conferencing and MeshCentral2 is now taking full advantage of this. First, when you establish a chat session, the browser will try to switch to using WebRTC to setup a direct path between the two browsers. If this is successful, all chat messages and file transfers are will go directly between the browsers, skipping the server. This reduces the server traffic, improves server scaling and lowers hosting costs. In addition, once the WebRTC direc…

MeshCentral2 - Running as an Appliance

Image
MeshCentral is an open source web based remote computer management web site. One of the interesting advantages of MeshCentral version 2 is that the server is written entirely in NodeJS and so, can run on many operating systems, including Linux. In addition, it can run very efficiently on tiny appliance devices with limited, CPU and RAM. For example, you can load it on a ASUS Tinker Board, a Latte Panda, a Raspberry Pi or any of such devices. Once installed, it can easily manage 100’s of devices on a local network including remote management thru Intel® AMT when available. You can often install very light operating systems on these appliances that don’t run X Windows, freeing a lot of storage space and RAM.

The appliance form factor is perfect for an always on server that you can keep attached to a network router. Some of these boards can run using Power-over-Ethernet (PoE) so, only one cable needs to be plugged in. Once you have a device, get started using our MeshCentral Installer’s G…