Posts

MeshCentral2 - Next Generation Mesh Agent

Image
On Thanksgiving day, MeshCentral got a major new update with the release of the next-generation Mesh Agent that has been over 4 months in the making. When installing MeshCentral v0.4.5-b or higher, the server will automatically update all agents with the more capable next generation agent. Probably the most awaited feature that comes with this agent is the new remote desktop privacy bar. When enabled, this displays a bar at the top of the remote device when doing a remote desktop session indicating that the system is being remote controlled and by who. In addition, the terminal was significantly improved for the latest Windows10 along with wall paper toggling and more. In details:
Remote Desktop Privacy Bar. With this new update, you can now configure the device group to show a remote privacy bar at the top of the remote device’s screen indicating that the device is being controlled and by who. This privacy bar is built to work on Windows and many Linux distributions. In addition, when…

MeshCentral2 - Let's Encrypt & Security Improvements

Image
As MeshCentral is being used by some as an internet facing server, it's important that as many industry standard security features be implemented. In the past weeks, MeshCentral and MeshCommander got more releases to continue to move security forward. From improved Let's Encrypt support to MeshCommander support for two-factor authentication, a lot of improvements have been made. Here is a list of the big ones:
GreenLockv3 support. MeshCentral has built-in support for getting and auto-renewing TLS certificates using Let's Encrypt which is a free CA service for web servers. Let's Encrypt updated it's validation protocol and is dropping support for the old protocol on December 1st requiring that everyone move to the new version. In the last week MeshCentral switched to using GreenLock v3 and made improvements. For example, MeshCentral will first try to get a Let's Encrypt staging certificate to test that everything is working before getting a production one.Invalid…

MeshCentral2 - Multi-Language Support

Image
MeshCentral is already widely used and some from the GitHub community has already taken the step to translate MeshCentral into other languages. Until now MeshCentral did not support multiple languages but this is changing today as an updated version was just published that has multi-language support. As one can imagine, with about 1400 different strings (not including duplicates) the work required make MeshCentral support a different language is significant. We have come up with a new system that makes the process fairly painless. Here are the details:
First, the MeshCentral web pages including the main web application and mobile application have been changed so that all JavaScript strings that need to be translated are double-quoted “” and non-translatable strings are single quoted ‘’. This makes is possible to automatically parse and extract all strings that need translation.Next, a new string extractor is packaged in MeshCentral that parses the HTML and JavaScript of all web pages a…

MeshCentral2 - Security, DB Record Encryption, Vault support

Image
Because MeshCentral is a web site that has control over a lot of devices, security is super important. MeshCentral already implements two-factor authentication, FIDO2 hardware keys support and much more. In the last few months, we added even more security features to insure that compute assets are as protected as possible. Here are some of the security features that were added recently:
Database Partial Record Encryption. When saving data in the database, some of the fields will need to be indexed for fast retrieval, but some of the data is sensitive such as account two-factor keys and Intel® AMT credentials. For these values, MeshCentral now offers an optional additional encryption layer using AES256-GCM. Fields that are marked as sensitive are encrypted and encoded in a special _CRYPT value in the database. When reading the record back, MeshCentral decodes and places the sensitive fields back transparently to the rest of the server code. This feature can be used on top of encryption …

MeshCentral2 - Added MQTT Support

Image
In the last week MQTT support was added to MeshCentral. The Message Queuing Telemetry Transport (MQTT) is a simple protocol often used for Internet Of Thing (IoT) devices. By making MeshCentral fully capable of handling MQTT connections, this opens many more opportunities for developers to attach their own devices and usages to MeshCentral. MeshCentral does require a few added lines in the server’s configuration file you can enable built-in MQTT support. Here are a few details:
MQTT Login Credentials. When enabled, a new “MQTT Login” link will show up at the bottom of a device “General” tab. Clicking on this will give the user a JSON document will all of the information needed to authenticate and login to the server. The document includes a username, password, URL’s and certificate hashes making it easy to cut and paste this into a device for a successful and secure connection.MQTT Console. The agent console tab was modified to support both agent commands and MQTT commands. In MQTT mod…

MeshCentral2 - Mouse Sync, Details Tab, Playback Viewer

Image
It’s been a while since the last blog post, but work continues in many areas and the GitHub community continues to help with feature requests and bug reports. One notable event that happened in the last week is the creation of the all new MeshCentral Reddit forum that will make it easier for MeshCentral users worldwide to exchange ideas and continue to help build the solution forward. Anyone is welcome to post. This week, we got three big items: 
Remote desktop mouse synchronization. Thanks to Bryan Roe for this complicated feature, the MeshAgent’s built-in remote desktop server now looks at the currently displayed mouse cursor. When the mouse cursor changes, it sends a message to the viewer that also changes the browser cursor on the HTML canvas. The result is that users have a much better and more responsive experience when performing remote desktop. Previously, the same mouse pointer was always shown in the viewer and users has to guess when, for example, the cursor was in the rig…

MeshCentral2 - 500k Downloads & Session Recordings

Image
This week marked a milestone as on August 11th MeshCentral passed the half a million download count according to npm-stat.com. MeshCentral had its first commit on GitHub on August 28, 2017 and so, we crossed this milestone in about 2 years. While the downloads don’t correspond to the number of installed servers or users, it’s still a big number. I would like to thank everyone that participates in the community to make MeshCentral a success. To celebrate this event, some in my management are getting MeshCentral commemorative mugs (picture below).

As MeshCentral is increasingly taking on enterprise level features, this week we are announcing a Remote management session recording support. This is often a requirement in order to deploy management solutions. The MeshCentral Management Presence Server (MPS) is now capable of recording Intel® AMT KVM sessions for later playback in addition to remote desktop and terminal sessions to the software agent. This feature is really 3 announcements i…