Meshcentral Technical Presentation

tenderlaΛογισμικό & κατασκευή λογ/κού

13 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

137 εμφανίσεις

MeshCentral

Technical Presentation

MeshCentral

Based on a local peer
-
to
-
peer mesh of agents, this secure and
scalable architecture solves the outside
-
in problem with no
network setup


Meshcentral


Peer
-
to
-
peer network


2

MeshCentral

Mesh Agent runs on:



Microsoft Windows (32
bit

& 64
bit
)



Apple Mac OSX (x86)


Linux (x86, 64
bit
, MIPS, ARMv5)


Raspberry Pi &
PogoPlug

(
ARMv5)


Xen

(x86
)



Google Android (x86, ARM
)



Agent is open source.

All Mesh Code is 100% Intel.

3

Mesh Agent

Source
Code


Visual

Studio


GCC

Cross
-
Compile


Android

SDK


MeshCentral

Location

WiFi

reporting

R
-
Wake

Intel® Remote Wake

TLS

Client

TCP Forward

Intel® AMT Forward

UDP 16990


TCP 16990


UDP 16991


TCP 16991


Intel
®

AMT

Serial
-
over
-
LAN


TCP Forward

Support

Libraries

Microstack

OpenSSL

SQLite

MESH

P2P

Module

S
-
UDP

Server / Multicast

HTTPS

Server

Guardpost

Management

Module

STUN

Client

SR
-
UDP

Firewall Buster

TLS

Server

Terminal

Command Shell

Serial

COM Port

TCP

10 Relay Sockets

WMI

Management

MEI

Intel
®

AMT

Desktop

Remoting

Files

Remote Access

TCP

5 Relay Sockets

Intel
®

AMT

Mesh Server

Intel® Smart Connect
Agent

CryptoAPI

Intel® Remote Wake

Intel® Identity

Protection Technology

Intel® Active Management

Technology

Trusted
Platform
Module

Wake
-
on
-
LAN

Support

AES Acceleration

(AES
-
NI)

Digital Random Generator

(RDRAND)

-

Agent Design

MeshCentral

Mesh Agents are signed and self
-
updating from the server and
from other agents. Scalable update and agents.

Over 100 agents updates have been this way.


Meshcentral


5

MeshCentral

Mesh agents have their own messaging API application can use
to unicast to a single agent, or multicast in the P2P network.

In both cases, the message will “hop” from node
-
to
-
node.


6

Hopping Unicast Message

Hopping Multicast
Message

MeshCentral

Web based remote desktop encodes the desktop as JPEG
images and sends them to a web or C# client. The web client
uses an HTML5 canvas to display the decoded output and
capture input.


7

Windows, Linux, OSX

Mesh Agent

HTML5 Browser

JPEG Images

Input Commands

Keyboard, Mouse, Touch

MeshCentral

Secure Direct Connections Behind NAT’s


Agents have STUN support and a Reliable UDP network stack.


Management traffic can flow directly from a console to a relay agent
within a network.


Use direct tunnel for any TCP traffic: KVM,
Files,
Intel®
vPro



Meshcentral

8

STUN
Server

Router NAT

Barrier

Reliable Tunnel

(Over UDP)

MeshCentral

Mesh Server Direct Connections


If the Mesh server is installed in an intranet environment, a the
server direct mode can be enabled.


Nodes are checked to see if they are directly routable.


Server initiates TCP connects to routable nodes.


No relay agents needed.


Meshcentral

9

Server and
some clients
are the same
network

Mesh Server
initiates TCP
connections

MeshCentral

Intel
®

vPro support


Monitors
Intel
®

vPro
computers in sleep states


Solves four big deployment problems with Intel
®

vPro:
Discovery, Credentials, Remote Access & Provisioning


Remote access to BIOS, boot repair OS…


Meshcentral

Out
-
of
-
band

Communication


10

Intel
®

vPro

P2P Monitoring


MeshCentral

Remote access to private web pages. A routing cookie is sent to
the browser along with a redirection to a different web port. Each
HTTP request is forwarded over the P2P network.

Meshcentral

11

Relay Agent

Target HTTP

Server

Routing Cookie

& Redirect

HTTP Traffic

MeshCentral

Intel
®

vPro Fast Call for Help (CIRA) support


Built
-
in support for Intel
®

AMT remote access connections.


Traffic automatically routed to CIRA when possible.


All applications API’s stay the same, identical security model.


Meshcentral

12

Out
-
of
-
band

Communication


Intel
®

AMT 4.0+

Javascript WSMAN Stack

(Used for Web Applications)

MeshCentral

Intel
®

vPro

traffic is routed 3 ways

-

Agent Relay, CIRA and Direct.


Meshcentral

13

Proxy / NAT

NAT

Direct

Routing


Agent

Relay


CIRA

Routing

MeshCentral

Intel
®

vPro

events

-

Correctly routed when coming over a CIRA channel

14

Meshcentral

NAT

CIRA

Routing

MeshCentral

Developer API’s are available for writing new usages on top of
the mesh infrastructure. Web, agent and control API’s provide
developers with flexibility.


Meshcentral


Online web API

Enumerate devices

Remote power control

Remote messaging

Remote TCP streaming

Local Control API

Enumerate devices

Local power control

Local messaging

Agent API

Inter
-
agent messaging

Broadcast messaging

Capability search

15

MeshCentral

Main site

meshcentral.com


Information site

meshcentral.com/info


Advanced software

opentools.homeip.net



16

MeshCentral.com

17