Remote control plugin configuration

Nytrio Remote Control Plugin performs all remote control command from Nytrio Server (or one of its relays) to the client machines. The SSH protocol is used to push control orders (shell commands) or to encapsulate any other TCP protocol to assure secure data transmission.

All parameters referenced below are under plugins.control branch in the main agent configuration tree.


Main settings

Param Key Description
active Enable / disable Nytrio Control Plugin
wol_timeout Wake-On-Lan timeout value (in seconds)
max_command_attempts Maximum deployment commands attempts (max. allowed value in the front)
minimal_success_rate Minimal rate to declare a group deployment as successful
package_directory Main / root package repository directory
respository_max_size Root repository maximum size (0 for unlimited)


Remote control settings

Path : plugins.control.remote_control

Nytrio uses VNC protocol encapsulated into an SSH tunnel to make remote graphical connections to clients. The browser connects to the channel using an HTTP Websocket connection (noVNC).

Param Key Description
activate_websocket_proxy Enable / disable VNC Websocket Proxy
websocket_proxy_params Websocket proxy settings (edition is not recommended)
disable_host_checking Disable host identity check (could reduce connection delay)
vnc_tunnel_command Command used to create SSH tunnel
ssh_tunnel_timeout Maximum time to create SSH tunnel (increase it for slow networks)
tunnel_port_range_start SSH tunnel temporary port range start
tunnel_port_range_end SSH tunnel temporary port range end
static_mappings Static VNC mapping (avoid SSH tunnel, described below)
frontend_params.host Public Server address to reach VNC Websocket Proxy
frontend_params.timeout NoVNC frontend-side connection timeout
frontend_params.encrypt Indicates if an SSL-layer is used
frontend_params.path Relative VNC URIs
frontend_params.password Not applicable


Static mappings

If a VNC server is exposed directly (outside of SSH tunnel, which is not recommended), you can use static mapping to avoid an SSH tunnel creation. This could be useful to reach hypervisor VNC servers for example.

Path: plugins.control.remote_control.static_mappings

copy
"static_mappings": {
    "host_1": {
        "host": "192.168.130.1",
        "password": "nytrio",
        "port": 9108
    },
    "host_3": {
        "host": "192.168.130.1",
        "password": "nytrio",
        "port": 9102
    },
    "host_2": {
        "host": "192.168.130.1",
        "password": "nytrio",
        "port": 9119
    },
    "host_4": {
        "host": "192.168.130.1",
        "password": "nytrio",
        "port": 9115
    }
}

In the example above, we defined 4 static VNC mappings. A static VNC host is defined by host_{id}. You can find a machine id in its computer inventory view URI.
Example: https://nytrio/#/computers/1/inventory stands for computer id=1.

You can note also that we can use the same host address to map several machines VNCs. In this example, the host address is the hypervisor one.


Remote Shell settings

Nytrio uses GateOne for web-based terminal connections. GateOne runs as a separate service and therefore, it's highly recommended to use API authentication to avoid security holes, since GateOne terminals open remote Shells as root.

GateOne terminals will be created on-the-fly for each remote shell connection. For API authentication connections, a terminal session token will be created to assure Shell Protection.

Path: plugins.control.remote_shell

Param Key Description
api_authentication Enable / disable Secure API authentication
user_term_settings Default terminal settings
gt_host_connect_path Terminal creation command
vnc_tunnel_command Command used to create SSH tunnel
gateone_config_dir GateOne configuration directory
gateone_url GateOne Websocket server public URL
tunnel_port_range_end SSH tunnel temporary port range end
api_version GateOne API version
api_key GateOne API key (found in GateOne configuration)
api_passphrase GateOne API passphrase (found in GateOne configuration)