Unattended remote access utility/ computer
-
@scottalanmiller said in Unattended remote access utility/ computer:
@dmacf10 said in Unattended remote access utility/ computer:
@AdamF I like the idea of a Raspberry Pi with MeshCentral as an agent for remote access.
that's what I would do, too.
Any website with IN stock Pis?
-
@ElecEng said in Unattended remote access utility/ computer:
I have been using these recently and love them plus they give you BIOS-level access and virtual media with no limitations.
That's really cool, but don't you need a $350 item PER device? That's going to get really expensive, really quickly. Especially considering enterprise Intel desktops have this functionality included automatically (Intel vPro, we use it regularly since it fully integrates with meshCentral) and production level servers have this built in with a lot more functionality. At $350, it would be normally better to just upgrade the device being controlled, wouldn't it?
-
@AdamF said in Unattended remote access utility/ computer:
@scottalanmiller said in Unattended remote access utility/ computer:
@dmacf10 said in Unattended remote access utility/ computer:
@AdamF I like the idea of a Raspberry Pi with MeshCentral as an agent for remote access.
that's what I would do, too.
Any website with IN stock Pis?
MicroCenter seems to always have them.
-
@scottalanmiller said in Unattended remote access utility/ computer:
@AdamF said in Unattended remote access utility/ computer:
@scottalanmiller said in Unattended remote access utility/ computer:
@dmacf10 said in Unattended remote access utility/ computer:
@AdamF I like the idea of a Raspberry Pi with MeshCentral as an agent for remote access.
that's what I would do, too.
Any website with IN stock Pis?
MicroCenter seems to always have them.
But not today it seems.
-
Why put a device on the network?
If you're going for MC anyway - you could just install MC on just about everything in the network.
Though for things like switches/routers, the RPi could be nice if you don't have a server or something already onsite you could remote into.
-
MeshCentral has a router app that works nicely via relay. I have at least one PC at each site and the router allows me to connect to most anything at our sites. It's worth a look.
-
@Dashrender Yep, no PCs/servers on the network.
-
@AdamF
It works quite well - especially for the cost.
For our company's onsite ones, I even have a cheap POE add-on card, so I can restart the Pi if it fully hangs up (rare). Obviously this does not work for your use case. -
@AdamF said in Unattended remote access utility/ computer:
@scottalanmiller said in Unattended remote access utility/ computer:
@dmacf10 said in Unattended remote access utility/ computer:
@AdamF I like the idea of a Raspberry Pi with MeshCentral as an agent for remote access.
that's what I would do, too.
Any website with IN stock Pis?
Good.Luck.
I've not seen anyone have stock of rPi 3 or 4 in almost a year. Adafruit doesn't have any in stock, nor does SparkFun,.. And if you can find one you might be better off buying a mini PC or using a older pc...
-
@AdamF said in Unattended remote access utility/ computer:
I would like to have a tiny network device where I can install at a remote location so I can always connect to it and then get to any other connected device on the network. The remote location would not have a static IP. What are some good/inexpensive solutions out there to accomplish this. I thought of a RasberryPi of some flavor, which would work fine. I just want to brainstorm some ideas/software to install on the device so that I can remotely connect to it at any time via SSH, or an agent, or something else.
Any ideas?
I don't like the idea. It's basically a hidden backdoor into the LAN. Shadow IT.
Why not use the firewall/router instead? Every site must have one. Have it establish a tunnel to a hub of your choice.
It's more transparent and the one in control of the firewall can decide what you are able to access. I'm thinking liability and what not.
If you are hell bent on the idea of bypassing perimeter security, why not use something like an edgerouter? Set it up as a router on a stick and have it dial out.
-
@AdamF said in Unattended remote access utility/ computer:
@scottalanmiller said in Unattended remote access utility/ computer:
@AdamF said in Unattended remote access utility/ computer:
@scottalanmiller said in Unattended remote access utility/ computer:
@dmacf10 said in Unattended remote access utility/ computer:
@AdamF I like the idea of a Raspberry Pi with MeshCentral as an agent for remote access.
that's what I would do, too.
Any website with IN stock Pis?
MicroCenter seems to always have them.
But not today it seems.
You have to stop in. Not online.
-
@gjacobse said in Unattended remote access utility/ computer:
@AdamF said in Unattended remote access utility/ computer:
@scottalanmiller said in Unattended remote access utility/ computer:
@dmacf10 said in Unattended remote access utility/ computer:
@AdamF I like the idea of a Raspberry Pi with MeshCentral as an agent for remote access.
that's what I would do, too.
Any website with IN stock Pis?
Good.Luck.
I've not seen anyone have stock of rPi 3 or 4 in almost a year. Adafruit doesn't have any in stock, nor does SparkFun,.. And if you can find one you might be better off buying a mini PC or using a older pc...
Who the heck is buying so many and why don't they just make more faster? Argh
-
@Pete-S said in Unattended remote access utility/ computer:
I don't like the idea. It's basically a hidden backdoor into the LAN. Shadow IT.
Why not use the firewall/router instead? Every site must have one. Have it establish a tunnel to a hub of your choice.Well the big reason to do it is security. The MeshCentral to RP way is way more secure and doesn't advertise the remote access. Few routers offer anything like that and instead push dangerous VPNs that create a lot of risk. Both are equally "Shadow IT" if you look at it that one. Just one is done well and is the recommended way, and the other is the "don't do that" way. There are good ways to do a VPN like that, but not generally using a router and it's quite safe to assume not the router that wasn't selected specifically for that purpose.
-
@Pete-S said in Unattended remote access utility/ computer:
It's more transparent and the one in control of the firewall can decide what you are able to access. I'm thinking liability and what not.
How does that really differ? In one case the IT that manages the firewall determines the access, but without security planning ahead of time (presumably.) And in the other the same IT person that can manage the remote access device can determine the remote access. Lower liability with the RP because it's more secure as an approach.
In either case, if you do it without permission, it's a problem. In both cases if you do it with permission, it is not.
-
@Pete-S said in Unattended remote access utility/ computer:
If you are hell bent on the idea of bypassing perimeter security, why not use something like an edgerouter? Set it up as a router on a stick and have it dial out.
That's better but, what benefit does that bring? More complexity, making them potentially change their router strategy, more effort, much much much much more difficult to keep secure. Anything that uses "use a VPN" as an option, even one that is "reach out" requires a ton of work (and trust) to ensure it is not creating extra exposure. VPNs are SO dangerous under normal conditions and usages.
The reason to do the RP method is security and good practice. All other things like following process, having permission, telling IT, etc. should be treated the same across the board. And both can have MFA and all that. And yes, in theory, you can make a VPN locked down to do nothing but allow an RDP connection to a single host and ... and ... and... if you do it all well enough, all you've done, is basically rebuilt the RP/MeshCentral solution. At no point do you gain an advantage, you only carry the risk that you won't totally recreate the solution, in the hopes of a break even.
Why NOT do the better, more secure, best practice method that's nearly zero effort right from the beginning. Why start with something complex, probably expensive, and risky only to hope you don't get anything wrong for no advantage?
-
@ElecEng said in Unattended remote access utility/ computer:
I have been using these recently and love them plus they give you BIOS-level access and virtual media with no limitations.
This too:
https://www.lantronix.com/products/lantronix-spider/ -
@JasGot said in Unattended remote access utility/ computer:
@ElecEng said in Unattended remote access utility/ computer:
I have been using these recently and love them plus they give you BIOS-level access and virtual media with no limitations.
This too:
https://www.lantronix.com/products/lantronix-spider/Same issues though, no computer to access and would need one for every machine if they existed.
-
-
Great video. Thanks for that. Your assumption is correct. There are no PCs or servers on this network, just other networking equipment. I like the idea of the Pi and Mesh Central. I finally was able to find one and have it on order. Time to setup a mesh central vm.
I also found this as an option as well https://www.amazon.com/gp/product/B082VVCFNG/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&th=1
Not too badly priced either. But I am going with the Pi.
-
@AdamF said in Unattended remote access utility/ computer:
Great video. Thanks for that. Your assumption is correct. There are no PCs or servers on this network, just other networking equipment. I like the idea of the Pi and Mesh Central. I finally was able to find one and have it on order. Time to setup a mesh central vm.
I also found this as an option as well https://www.amazon.com/gp/product/B082VVCFNG/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&th=1
Not too badly priced either. But I am going with the Pi.
I'm leery about anything running a Celeron J or N series CPU, a Pi is probably going to perform better.