Company logoHelp Center
Visit oncld.io

Unattended Access Overview

3 min. readlast update: 08.31.2024

What is Unattended Access?

Unattended Access is a feature of Secure Remote Access that allows you to connect remotely to your servers and network endpoints directly from your browser, using a lot of the well-known Admin By Request features like: inventory, auditlog, settings and sub-settings, approval flows, integrations etc.

The implementation of Unattended Access eliminates the need for VPN and jump servers, while still maintaining a secure and segregated setup.

Prerequisites

Organizations wishing to use endpoint clients running Admin By Request for Secure Remote Access Windows 8.4 need the following:

  • Access to the portal at https://www.adminbyrequest.com/Login

  • Admin By Request for Windows 8.4.0, Build 31936+ on each client

  • Admin By Request API - port 443 for the following:

    • 104.45.17.196 (if your data is located in Europe)

    • 137.117.73.20 (if your data is located in the USA)

    • api.adminbyrequest.com

    • api1.adminbyrequest.com

    • api2.adminbyrequest.com

    • macapi1.adminbyrequest.com

    • macapi2.adminbyrequest.com

  • MQTT broker connectivity - port 8883 for the following:

    • FastTrackHubEU1.azure-devices.net

    • FastTrackHubUS1.azure-devices.net

  • For Unattended Access, RDP needs to be enabled on port 3389 on the device

A further prerequisite applies to Vendor Access: SSO must be enabled for each user who will login to the Vendor Access portal (https://access.work).

Unattended Access has two primary ways of operating (i.e. two possible setups):

1. Unattended Access as a managed service

The only requirement for using Unattended Access as a managed service is that your infrastructure allows an outbound connection to establish a secure tunnel from your respective endpoints and that these have the Admin By Request endpoint client installed.

2. Unattended Access as a self-hosted implementation

In order to run Unattended Access on-premise inside your own infrastructure, you will need to be able to run a few Docker containers as well as allow outbound connections to Cloudflare in order to establish a tunnel.

How does Unattended Access work?

The idea behind Unattended Access is to allow users to connect to your remote endpoints using nothing but their browsers. In order to achieve this, the browser creates a Secure WebSocket connection to a Docker-based gateway, hosted either in your own infrastructure or as a managed service.

The connection is made via a secure Cloudflare tunnel, as shown in the following diagram:

The gateway comprises three different images:

  • Connector
    Handles validation and translation of the data between the portal and the proxy container, as well as managing logs, health checks and other data.

  • Proxy
    Establishes a protocol connection between Admin By Request and your endpoint using either RDP, SSH or VNC.

  • Discovery
    Handles automatic discovery of connectable devices running on the same network as the gateway.

Was this article helpful?