Remote Access Controls
This section describes how to configure remote access controls for the system.
Overview
Before discussing how to control Cloud.Red Remote Access, let’s first discuss the controls available, the contexts where these controls apply, and the architecture of each control.
Cloud.Red Remote Access can be configured for Account, Agents, and Device Groups contexts for Remote Management, SSO, and File Transfer controls.
Account Controls
Under an Account, Remote Management can be configured as follows:
- None – No remote management is available, by default, across the Account
- Any – Both SSH and Proxy access are available, by default, across the Account
- SSH – SSH access (via the local agent) is available, by default, across the Account
- Proxy – Proxied HTTP(s) access (via the local agent) is available, by default, across the Account
Note:
The default is “Any”
An Agent or Device Group can be configured to override this behavior
Under an Account, SSO can be configured as follows:
- Enabled – Allows use, where applicable, of the SSO user accounts to managed hosts for remote access and allows display of device group’s SSO user accounts’ usernames and passwords, by default, across the Account
- Disabled - Disallows use, where applicable, of the SSO user accounts to managed hosts for remote access and disallows display of device group’s SSO user accounts’ usernames and passwords, by default, across the Account
Note:
The default is “Enabled”
An Agent or Device Group can be configured to override this behavior
Under an Account, File Transfers can be configured as follows:
- None – No file transfers are available, by default, across the Account
- Any – Both Push and Pull file transfers are available, by default, across the Account
- Push – Files can be pushed to hosts (via the local agent), by default, across the Account
- Pull – Files can be pulled from hosts (via the local agent), by default, across the Account
Note:
The default is “Any”
An Agent or Device Group can be configured to override this behavior
Agent Controls
Under an Agent, Remote Management can be configured as follows:
- None – No remote management is available, by default, from the Agent
- Any – Both SSH and Proxy access are available, by default, from the Agent
- SSH – SSH access (via the local agent) is available, by default, from the Agent
- Proxy – Proxied HTTP(s) access (via the local agent) is available, by default, from the Agent
Note:
The default is to inherit from the Account
A Device Group can be configured to override this behavior
Under an Agent, SSO can be configured as follows:
- Enabled – Allows use, where applicable, of the SSO user accounts to managed hosts for remote access and allows display of device group’s SSO user accounts’ usernames and passwords, by default, from the Agent
- Disabled - Disallows use, where applicable, of the SSO user accounts to managed hosts for remote access and disallows display of device group’s SSO user accounts’ usernames and passwords, by default, from the Agent
Note:
The default is to inherit from the Account
A Device Group can be configured to override this behavior
Under an Agent, File Transfers can be configured as follows:
- None – No file transfers are available, by default, from the Agent
- Any – Both Push and Pull file transfers are available, by default, from the Agent
- Push – Files can be pushed to hosts (via the local agent), by default, from the Agent
- Pull – Files can be pulled from hosts (via the local agent), by default, from the Agent
Note:
The default is to inherit from the Account
A Device Group can be configured to override this behavior
Device Group Controls
Remote Management Configuration under an Agent
- Any – Both SSH and Proxy access are available, by default, from the Device Group
- SSH – SSH access (via the local agent) is available, by default, from the Device Group
- Proxy – Proxied HTTP(s) access (via the local agent) is available, by default, from the Device Group
Note:
The default is to inherit from the Agent
SSO Configuration under an Agent
- Enabled – Allows use, where applicable, of the SSO user accounts to managed hosts for remote access and allows display of device group’s SSO user accounts’ usernames and passwords, by default, from the Device Group
- Disabled - Disallows use, where applicable, of the SSO user accounts to managed hosts for remote access and disallows display of device group’s SSO user accounts’ usernames and passwords, by default, from the Device Group
Note:
The default is to inherit from the Agent
File Transfers Configuration under an Agent
- None – No file transfers are available, by default, from the Device Group
- Any – Both Push and Pull file transfers are available, by default, from the Device Group
- Push – Files can be pushed to hosts (via the local agent), by default, from the Device Group
- Pull – Files can be pulled from hosts (via the local agent), by default, from the Device Group
Note:
The default is to inherit from the Agent