Posts

MeshCommander - Mutual-Auth TLS, Alarm Clock, IDE-R drag & drop, Clock Sync

Image
MeshCommander is an open source, web based Intel AMT management console that can be used as a stand-alone tool, loaded inside the Intel AMT firmware or as part of MeshCentral, the remote management web site. Over the last few weeks we made many improvements to MeshCommander and v0.7.8 just got published online. In this version, the stand-alone MeshCommander for Windows no longer uses IMRSDK.dll to perform IDER operations, instead all versions of MeshCommander now use the JavaScript IDER module. In addition to this, many more improvements and fixes have been made. In detail:
Improved IDER. Because of the new JavaScript IDER module, the stand-alone Windows version of MeshCommander now shows a “heat map” of disk reads in real time. This was available on other versions of MeshCommander (Firmware/NPM/MeshCMD), but it’s now on all versions.Drag & Drop IDER. Starting an IDER session to a remote computer is now as simple as dragging & dropping a .img or .iso or both file types on MeshC…

MeshCentral2 - Intel AMT ACM/CCM + Agent/Agentless Activation

Image
MeshCentral is an open source web based remote computer management web site that supports Intel® Active Management Technology (Intel AMT). This week, we added many more improvements to support Intel AMT activation in many different situations on both Windows and Linux operating systems. Intel AMT is an important part of being able to fully remotely manage a computer no matter the state of the operating system and today it’s getting even better with this new Intel AMT activation “super option”.

When a computer is first purchased, Intel AMT needs to be activated. There are two ways to activate Intel AMT: In Client Control Modes (CCM) and Admin Control Mode (ACM). CCM is simple but offers limited remote management options, while ACM requires a more complex activation flow but offers more management features. MeshCentral now supports activation in both these modes, with ACM activation requiring a trusted certificate from a certificate authority.

In addition to ACM and CCM modes, MeshCentr…

MeshCentral2 - Multi-OS User Consent Feature

Image
In the last few months MeshCentral usage has been increasing a lot with increased activity on GitHub. Last week, Bryan Roe released the latest MeshAgent2 with many bug fixes and new features. This new agent is a major improvement over the previous one in terms of stability, but there is one feature in particular that is especially interesting.

One of the most requested features that was missing so far was user consent request. That is, when an administrator wants to take control over a remote computer, a pop-up prompt is displayed asking the remote user to confirm that this administrator is allowed to access the computer. In some cases, this is a very important feature in order to meet privacy and security policies. Since MeshCentral can be used in wildly different situations, the user consent system is configurable per device group. User consent can be used for remote desktop, terminal and remote file access and can be used along with the user notification feature.

Because MeshCentral …

MeshCentral2 - Invitation Link, Auto-Backup, Idle Timeout, Terminal, Router

Image
MeshCentral is an open source web based remote computer management web site and in the past few weeks it’s been improving a lot. The enthusiasm within the GitHub community for MeshCentral has been growing and I would like to thank everyone who participates and thanks for the bug reports and suggestions, MeshCentral getting a lot better because of it. Since my last blog a lot has been going on. I am going to select some of the highlights and present them here.
Public agent installation invitation link. In the latest version of MeshCentral, the administrator can now create a time limited invitation link. Administrators then send the link to users who get instructions on how to install the MeshCentral agent . This makes is a lot easier to provide remote support which is the main usage that this new feature is intended for. If someone asks for help, you can just send the link and once the user installs the agent, you can remote into the computer and fix issues. To get started with this fea…

MeshCentral2 - Traefik Support, Night Mode, Batch Accounts

Image
MeshCentral is an open source web based remote computer management web site. In the last week the focus has been on bug fixes and small feature improvements submitted by GitHub users. Time has been spent testing MeshCentral with Traefik for low-cost corporate deployments, night mode for a more relaxing UI, batch account operations for administrators, improved scaling and much more. In detail:
Documented support for Traefik. MeshCentral can be deployed in corporate environments at very low cost using Docker and reverse-proxies making a small instance of MeshCentral deployable at near zero marginal cost. To make this happen, MeshCentral support needs to support reverse proxies. NGINX is already support and this week, we added Traefik and open source reverse proxy to the MeshCentral User’s Guide. MeshCentral now has a health check URL that can be used to poll the server to make sure it works correctly.Night mode. Increasingly users expect web applications to support a more relaxing dark u…

MeshCentral2 - Server-side IDER & Real-time heat map

Image
MeshCentral is an open source web based remote computer management web site. Last week, an all-new IDE redirect (IDER) library was unveiled completely built into JavaScript that allows MeshCommander to perform remote disk redirection to Intel® AMT. We also showed that we could use MeshCommander thru MeshCentral to perform IDER, using MeshCentral as a traffic relay. This week, we add upon what was announced last week with MeshCentral now gaining the ability to launch an IDER session from the server allowing faster, lower latency disk streaming over the Internet. On top of this, both MeshCommander and MeshCentral IDE redirection now feature a disk sector read “heat map” showing network sector reads in real time. In detail:
MeshCentral IDER. With the latest MeshCentral server, users can now upload disk images (.img / .iso) into the server using the “My Files” tab. Then, they can signal the server to launch a disk redirection session to a target Intel AMT device. The server will do all the…

MeshCommander - JavaScript IDER

Image
In the 10 years that I have been making software for Intel® AMT, I have rebuilt pretty much everything. From coding a WSMAN stacks twice to my own Serial Terminal and KVM viewer. This was needed to make Intel AMT usable with web technologies and bring hardware manageability usages to modern standards. In all this time, I have not touched what I consider to be the most powerful feature of Intel AMT: IDE Redirect (IDE-R).

For people who don’t know, IDE redirect allows a trusted administrator to remotely mount disk images on an Intel AMT computer over the network. You can then reboot on this image to perform computer recovery, OS re-installation, virus scanning or more. IDE redirection can completely transform a remote computer in a way and speed that no other Intel AMT feature can. Problem is, performing this operation was limited by use of IMRSDK.dll, a native library that was difficult to deal with and did scale or not port. It was especially badly suited for web technologies and so,…