Remote Support Overview
Remote Support Overview
Section titled “Remote Support Overview”What is Remote Support?
Section titled “What is Remote Support?”Remote Support is part of the Secure Remote Access product by Admin By Request, that allows you to share screens and remotely control devices inside of your Admin By Request inventory, while using all of the well-known features of the Admin By Request ecosystem, such as: inventory, auditlog, settings and sub-settings, approval flows etc.
Remote Support allows either end users or IT admins to initiate a secure, just-in-time, remote support session – allowing them to share and control the end-user’s device – and tear everything down once the session is done – eliminating any access points for bad actors.
Prerequisites
Section titled “Prerequisites”In order to use the full power of Remote Support, there are several requirements that must be met:
Core Requirements
Section titled “Core Requirements”| Requirement | Specification | Purpose |
|---|---|---|
| Portal Access | https://www.adminbyrequest.com/Login | Central management interface |
| Client Software | Admin By Request for Windows 8.4.0, Build 31936+ | Endpoint agent functionality |
| API Connectivity | Port 443 | Communication with AdminByRequest services |
API Endpoints
Section titled “API Endpoints”| Data Location | IP Address | DNS Endpoints |
|---|---|---|
| Europe | 137.117.73.20 | api.adminbyrequest.com api1.adminbyrequest.com api2.adminbyrequest.com macapi1.adminbyrequest.com macapi2.adminbyrequest.com |
| USA | 104.45.17.196 | api.adminbyrequest.com api1.adminbyrequest.com api2.adminbyrequest.com macapi1.adminbyrequest.com macapi2.adminbyrequest.com |
Additional Connectivity Requirements
Section titled “Additional Connectivity Requirements”| Service | Port | Endpoints |
|---|---|---|
| MQTT Broker | 8883 | FastTrackHubEU1.azure-devices.net FastTrackHubUS1.azure-devices.net |
| Unattended Access | 3389 | RDP needs to be enabled on the device |
| Endpoint Enrollment | Varies | Must be enrolled with Admin By Request Secure Remote Access |
Firewall and Cloudflare Requirements
Section titled “Firewall and Cloudflare Requirements”For environments with strict firewall policies, the following additional connectivity may be required:
| Requirement | Port | Cloudflare Endpoints |
|---|---|---|
| Cloudflare Tunnel | 7844 | region1.v2.argotunnel.com region2.v2.argotunnel.com |
| SNI Enforcement | Varies | cftunnel.com h2.cftunnel.com quic.cftunnel.com |
Note: Refer to Cloudflare’s documentation for more information on “tunnel with firewall” configuration.
How Remote Support Works
Section titled “How Remote Support Works”Remote Support is based on the same gateway concept as the Unattended Access gateway, which is also part of the Admin By Request Secure Remote Access product. It allows a just-in-time setup between the gateway and the endpoint by establishing a secure Cloudflare tunnel.
Connection Process
Section titled “Connection Process”| Step | Action | Result |
|---|---|---|
| 1. Tunnel Establishment | Secure Cloudflare tunnel created between gateway and endpoint | Encrypted communication channel |
| 2. Session Creation | Just-in-time server session created on endpoint | Screen sharing and remote control capability |
| 3. Session Termination | Tunnel and server session terminated when session ends | Endpoint returned to original secure state |
Deployment Architecture
Section titled “Deployment Architecture”The setup is fully cloud-based and does not require any on-premise setup besides what’s mentioned in the prerequisites.
Ideal for: Organizations seeking immediate remote support capabilities without extensive infrastructure deployment.
Session Initiation Methods
Section titled “Session Initiation Methods”Remote Support sessions can be initiated through two primary methods:
1. End User Initiated
Section titled “1. End User Initiated”| Step | Process | Security Control |
|---|---|---|
| Request Submission | End user requests Remote Support session from their endpoint with reason justification | Documents legitimate business need |
| Admin Approval | IT admin approves or denies request via Admin By Request portal | Maintains authority over session access |
| Session Activation | Secure tunnel established upon approval | Ensures only authorized sessions occur |
2. IT Admin Initiated
Section titled “2. IT Admin Initiated”| Step | Process | Security Control |
|---|---|---|
| Device Selection | IT admin navigates to specific device in portal inventory and clicks Support | Targets specific endpoint for assistance |
| User Approval | End user asked to approve incoming Remote Support session | Ensures user consent and awareness |
| Session Establishment | Secure Cloudflare tunnel initiated and just-in-time server session created | Provides secure, audited connection |
Session Security and Compliance Features
Section titled “Session Security and Compliance Features”Core Security Controls
Section titled “Core Security Controls”| Feature | Implementation | Business Value |
|---|---|---|
| Multi-Factor Authentication (MFA) | Required for session initiation and access | Prevents unauthorized session access |
| View-Only Access | Optional mode limiting admin to observation only | Protects sensitive information during review |
| Session Expiration | Automatic termination after predefined time | Prevents forgotten active sessions |
| Session Recording | Complete video capture of all session activities | Provides audit trail for compliance and training |
Audit and Compliance
Section titled “Audit and Compliance”| Capability | Function | Compliance Benefit |
|---|---|---|
| Session Logging | All remote support sessions logged in audit log | Complete visibility into support activities |
| Video Recording | Downloadable recordings of session activities | Evidence for compliance audits and incident review |
| User Consent Tracking | Documentation of user approval for sessions | Supports privacy and compliance requirements |
Technical Architecture
Section titled “Technical Architecture”Gateway Components
Section titled “Gateway Components”| Component | Role | Technical Specification |
|---|---|---|
| Cloudflare Tunnel | Secure connection establishment | Encrypted tunnel between gateway and endpoint |
| Session Server | Just-in-time remote desktop service | Temporary RDP/VNC session on endpoint |
| Audit Logger | Session activity recording | Comprehensive logging and video capture |
Network Flow
Section titled “Network Flow”- Initiation → Session request from user or admin
- Approval → Authorization through portal workflows
- Connection → Cloudflare tunnel establishment
- Session → Remote desktop/screen sharing activation
- Termination → Automatic cleanup of all connections
Best Practices
Section titled “Best Practices”Security Best Practices
Section titled “Security Best Practices”| Practice | Implementation | Security Benefit |
|---|---|---|
| Always Use MFA | Enable multi-factor authentication for all sessions | Prevents credential-based attacks |
| Record Sessions | Enable video recording for compliance and audit | Provides complete audit trail |
| Set Time Limits | Configure appropriate session expiration times | Reduces risk of abandoned sessions |
| Review Audit Logs | Regularly review session activities | Enables early threat detection |
Operational Best Practices
Section titled “Operational Best Practices”| Practice | Implementation | Operational Benefit |
|---|---|---|
| User Training | Educate users on session request process | Reduces support delays and improves efficiency |
| Clear Approval Workflows | Define who can approve sessions and under what conditions | Streamlines authorization process |
| Session Documentation | Require detailed reasons for session requests | Improves audit quality and justification |
| Regular Access Reviews | Periodically review who can initiate sessions | Maintains security hygiene |
Troubleshooting Common Issues
Section titled “Troubleshooting Common Issues”| Issue | Possible Cause | Resolution |
|---|---|---|
| Connection Failed | Firewall blocking required ports | Verify port 443, 8883, and 7844 are open |
| Session Not Recording | Recording feature disabled | Enable recording in Remote Support settings |
| Approval Delays | Approvers not receiving notifications | Check notification settings and approver availability |
| Poor Performance | Network bandwidth limitations | Verify adequate bandwidth for video streaming |
Key Takeaway: Remote Support provides a secure, just-in-time remote assistance solution that maintains comprehensive security controls while enabling efficient IT support through temporary, audited sessions that automatically terminate to eliminate persistent access points.
Conclusion
Section titled “Conclusion”Remote Support by Admin By Request offers a comprehensive solution for secure, temporary remote assistance that combines the flexibility of on-demand support with the security of just-in-time access. By leveraging secure Cloudflare tunnels, comprehensive approval workflows, and detailed session recording, organizations can provide efficient IT support while maintaining strict security controls and complete audit trails.
The cloud-based architecture ensures rapid deployment without extensive infrastructure requirements, while the dual initiation methods (user and admin-initiated) provide flexibility for various support scenarios. With features like MFA, session expiration, and comprehensive logging, Remote Support enables organizations to balance operational efficiency with security and compliance requirements.