Upload
kassandra-shipton
View
241
Download
1
Tags:
Embed Size (px)
Citation preview
MeshCentralTechnical Presentation
MeshCentral
Based on a local peer-to-peer mesh of agents, this secure and scalable architecture solves the outside-in problem with no network setup
Meshcentral
Peer-to-peer network
2
MeshCentral
Mesh Agent runs on:
• Microsoft Windows (32bit & 64bit)
• Apple Mac OSX (x86)• Linux (x86, 64bit, MIPS, ARMv6)• Raspberry Pi & PogoPlug (ARMv6)• Xen (x86)
• Google Android (x86, ARM)
Agent is open source.All Mesh Code is 100% Intel.
3
Mesh AgentSource Code
VisualStudio
GCCCross-
Compile
AndroidSDK
MeshCentral
TerminalCommand Shell
LocationWiFi reporting
R-WakeIntel® Remote
Wake
TLSClient
TCP ForwardIntel® AMT ForwardUDP
16990
TCP 16990
UDP 16991
TCP 16991
Intel® AMT
Serial-over-LAN
TCP Forward
SupportLibraries
Microstack OpenSSL SQLite
MESH
P2PModule
S-UDPServer / Multicast
HTTPSServer
Guardpost
ManagementModule
STUNClient
SR-UDPFirewall Buster
TLSServer
SerialCOM Port
TCP10 Relay Sockets
WMIManagement
LMS/MEIIntel® AMT
DesktopRemoting
FilesRemote Access
TCP5 Relay Sockets
Intel® AMT
Mesh Server Intel® Smart Connect Agent
CryptoAPI
Intel® Remote Wake
Intel® IdentityProtection Technology
Intel® Active ManagementTechnology
Trusted Platform Module
Wake-on-LANSupport
AES Acceleration(AES-NI)
Digital Random Generator(RDRAND)
- Agent Design
WebRTCData Channel
Web Browser
MeshCentral
Mesh Agents are signed and self-updating from the server and from other agents. Scalable update and agents.Over 100 agents updates have been this way.
Meshcentral
5
MeshCentral
Mesh agents have their own messaging API application can use to unicast to a single agent, or multicast in the P2P network.In both cases, the message will “hop” from node-to-node.
6
Hopping Unicast Message
Hopping Multicast Message
MeshCentral
Web based remote desktop encodes the desktop as JPEG images and sends them to a web or C# client. The web client uses an HTML5 canvas to display the decoded output and capture input.
7
Windows, Linux, OSXMesh Agent
HTML5 Browser
JPEG Images
Input CommandsKeyboard, Mouse,
Touch
MeshCentral
Secure Direct Connections Behind NAT’s• Agents have STUN support and a WebRTC data
channel stack.• Management traffic can flow directly from a console to
a relay agent within a network.• Use direct tunnel for any TCP traffic: KVM, Files, Intel®
vPro… Meshcentral
8
STUN Server
Router NATBarrier
WebRTC / STUN
TURN Server
WebRTC / TURN
Web Socket
MeshCentral
Mesh Server Direct Connections• If the Mesh server is installed in an intranet
environment, a the server direct mode can be enabled.
• Nodes are checked to see if they are directly routable.• Server initiates TCP connects to routable nodes.• No relay agents needed.
Meshcentral
9
Server and some clients are the same
network
Mesh Server initiates TCP connections
MeshCentral
Intel® vPro support• Monitors Intel® vPro computers in sleep states• Solves four big deployment problems with Intel® vPro:
Discovery, Credentials, Remote Access & Provisioning• Remote access to BIOS, boot repair OS…
Meshcentral
Out-of-bandCommunication
10
Intel® vProP2P Monitoring
MeshCentral
Remote access to private web pages. A routing cookie is sent to the browser along with a redirection to a different web port. Each HTTP request is forwarded over the P2P network.
Meshcentral
11
Relay Agent
Target HTTPServer
Routing Cookie& Redirect
HTTP Traffic
MeshCentral
Intel® vPro Fast Call for Help (CIRA) support• Built-in support for Intel® AMT remote access
connections.• Traffic automatically routed to CIRA when possible.• All applications API’s stay the same, identical security
model.
Meshcentral
12
Out-of-bandCommunication
Intel® AMT 4.0+
Javascript WSMAN Stack(Used for Web Applications)
MeshCentral
Intel® vPro traffic is routed 3 ways- Agent Relay, CIRA and Direct.
Meshcentral
13
Proxy / NAT
NAT
DirectRouting
AgentRelay
CIRARouting
MeshCentral
Intel® vPro events- Correctly routed when coming over a CIRA channel
14
Meshcentral
NAT
CIRARouting
MeshCentral
The Meshcentral multi-display feature uses both Websockets and WebRTC for more efficient traffic handling.
15
Meshcentral new Multi-Desktop feature.
Monitor many computer’s screens at once.
Efficient use of a single Web Socket to relay
all of the desktop thru Meshcentral
If the browser supports it, create many WebRTC connections to the target
computer for even more efficiency & speed
MeshCentral
Developer API’s are available for writing new usages on top of the mesh infrastructure. Web, agent and control API’s provide developers with flexibility.
Meshcentral
Online web APIEnumerate devicesRemote power controlRemote messagingRemote TCP streaming
Local Control APIEnumerate devicesLocal power controlLocal messaging
Agent APIInter-agent messagingBroadcast messagingCapability search
16
MeshCentral
Main site
meshcentral.com
Information
info.meshcentral.com
17
MeshCentral.com
18