PMC Endpoint Manager – Managing Devices Across LAN and WAN Networks Behind NAT Routers
Introduction
The PMC Endpoint Manager is designed to manage NComputing devices across both local-area networks (LAN) and wide-area networks (WAN), including devices located behind firewalls and NAT routers. With capabilities like automatic discovery, check-in, remote firmware updates, provisioning, and flexible configuration, PMC ensures centralized and streamlined endpoint management—all accessible from a web browser.
This article shows a real-life example of how PMC can manage devices from both local and remote (WAN) networks, even when those devices are behind NAT routers and firewalls. The goal is to help you visualize how everything works together with as little complexity as possible.
Example Deployment Topology
In an example scenario below, PMC is deployed in a company's data center with both internal and external devices communicating through configured NAT routers. We will reference how PMC manages devices between internal and external networks.
Company Network Setup
Let’s imagine this company has a data center where PMC is installed. This is your central hub for managing all NComputing devices.
Here are some basic details if this proposed scenario:
PMC Internal Configuration
- PMC’s Internal IP address: 10.220.25.11
- PMC uses TCP Port: 443 (default secure HTTPS port)
- Public IP (Company’s Data Center Router): 55.124.17.81
- Public FQDN: some.external.fqdn
(DNS translates this to 55.124.17.81:11443)
In this theoretical scenario, the firewall is configured to forward (translate) incoming TCP traffic entering though the external Public IP (55.124.17.81) on port 11443 and route it to PMC’s internal IP (10.220.25.11) on port 443. This allows external devices to securely connect to PMC through the Internet. We will cover that next...
Remote Site Example
Let’s propose that in this example scenario, that there are remote offices, each with NComputing devices behind a typical office router (which uses NAT). Here’s what that setup looks like:
Remote Site | Internal Subnet | Public IP (seen by PMC) |
Site 1 | 172.16.18.0/24 | 13.8.3.21 |
Site 2 | 192.168.12.0/24 | 212.77.27.82 |
Site 3 | 10.0.5.0/24 | 72.163.4.17 |
The flexibility to utilize diverse formats for Connection Address enables external devices to connect to PMC with convenience. The supported formats are:
- 55.124.17.81:11443
- some.external.fqdn:11443
- https://55.124.17.81:11443
- https://some.external.fqdn:11443
Each format functions identically, allowing users to select the most suitable option for their specific setup or for ease of recall.
Internal LAN Devices
Devices within the internal subnet (e.g., 10.100.45.0/24) can access PMC directly, without NAT translation. Supported formats for Connection Addresses used to reach PMC are shown below:
- 10.220.25.11
- 10.220.25.11:443
- https://10.220.25.11
- https://pmc.company.local
(Assuming internal DNS resolves this FQDN to the correct internal IP.)
Access Restriction with IP Rules (PMC v4.1.1+)
PMC v4.1.1 introduced IP access restrictions for tighter security and control over which devices and users can access the system.
To use it:
Go to Administration > System Settings in PMC.
Enable IP access restrictions.
Here are some examples of IP rules you might configure:
Location | Rule (CIDR Format) |
Remote Site 1 | 13.8.3.21/32 |
Remote Site 2 | 212.77.27.82/32 |
Remote Site 3 | 72.163.4.17/32 |
Internal Office | 10.100.45.0/24 |
You can also restrict users from accessing PMC from outside these trusted locations by setting group-based IP access rules under Administration > User Management.
User Access Restrictions
User group access can also be limited to specific locations by defining IP rules under:
Administration > User Management → Select User Group → Define IP Access Rules.
Administration > User Management → Select User Group → Define IP Access Rules.
Conclusion
This deployment example demonstrates the flexibility of PMC in managing NComputing devices across geographically distributed networks, including NAT-configured environments. Whether devices are local or remote, PMC ensures reliable, secure, and centralized endpoint management.
If you need assistance with configuration or troubleshooting, please contact NComputing Technical Support.
Article Number: 849
Last Revised: 04/2025
Related Articles
PMC Version 4, Start Guide
Overview This document based on the release notes of PMC 4.1.1. It covers everything you need to know, in-depth, regarding installation and deployment of PMC. It is always recommended that you use the current release notes of every PMC version that ...How to deploy vSpace Pro for WAN access?
Considerations In the past, our networking products have mostly been mentioned as 'LAN only' devices, only, for practical purposes. However, products like the RX Series for vSpace are better equipped than their predecessors and their networking ...(Technical Details - Part 2) How to deploy 3rd party custom modules to LEAFOS devices
Deploying LEAFOS modules to LEAFOS devices Once the module containing a System Extension or a Packaged Application is created (please refer to the Part 1 article here), it can be deployed to LEAFOS devices. This can be done locally from a USB mass ...What is PMC?
OverviewNComputing PMC is an endpoint management system designed and developed to remotely manage NComputing access devices including LEAF OS devices (PCs/Laptops), RX420(RDP), RX-RDP+, RX-RDP and RX-300 thin clients. PMC is provided as a virtual ...Can PMC Endpoint Manager be used in offline mode?
PMC Offline Activation Mode – Overview Introduction The PMC Offline Activation Mode is a valuable feature for organizations operating in secure or restricted environments with no direct Internet access. Available in PMC version 3.2.2 and higher, this ...