[PMC Deployment Example] How PMC Endpoint Manager Manages Devices Across Local and Wide-Area-Network behind NAT-routers
PMC Endpoint Manager manages NComputing devices over local and wide-area networks, including those behind firewalls and NAT-routers. Features such as automatic discovery, check-in, flexible configuration, remote firmware updates, and provisioning of new devices make deployment easy. Additionally, you can manage all your devices from a web browser.
The example below illustrates the network deployment topology, showing how PMC manages devices on both local and WAN networks (including devices behind the NAT-routers).
There is a Company Network with PMC located in the company’s Datacenter. PMC’s internal IP is 10.220.25.11 and it uses the default TCP port 443. The router connecting the Datacenter with the Internet has the 55.124.17.81 public IP on its Internet interface. Let’s assume that the public DNS resolves the ‘some.external.fqdn’ FQDN to the 55.124.17.81 public IP. This router is configured to forward (translate) the TCP traffic arriving from the Internet on the 11443 port of the public IP (55.124.17.81:11443) to the PMC’s internal IP and port (10.220.25.11:443).
There are three external sites, each one with a NAT router translating the internal (private) IPs to some public IPs when the devices establish connections to Internet locations:
|
Site |
Internal/private/local Subnet IP address |
Public IP (visible in PMC) |
|
External site 1 |
172.16.18.0/24 |
13.8.3.21 |
|
External site 2 |
192.168.12.0/24 |
212.77.27.82 |
|
External site 3 |
10.0.5.0/24 |
72.163.4.17 |
The devices from all the three external sites can by configured to connect to PMC through any of following addresses or URLs:
55.124.17.81:11443
some.external.fqdn:11443
https://55.124.17.81:11443
https://some.external.fqdn:11443
All of them will work in the same way.
10.220.25.11
10.220.25.11:443
https://pmc.company.local (assuming that internal DNS resolves ‘pmc.company.local’ to 10.220.25.11)
To restrict the PMC access for the devices or users, the ‘IP access restrictions’ feature of PMC 4.1.1 should be enabled in under Administration > System Settings.
The devices from allowed locations should by whitelisted by creating IP access rules:
|
Whitelisted location |
IP access rule |
|
External site 1 |
13.8.3.21/32 |
|
External site 2 |
212.77.27.82/32 |
|
External site 3 |
72.163.4.17/32 |
|
Internal device subnet |
10.100.45.0/24 |
Similarly, the access for the PMC users can be restricted to specific locations only by creating the IP access rules for the user group members under Administration > User Management.
Related Articles
PMC 3.0, Start Guide
Overview This document is an extraction from the release notes of PMC 3.1.2. It covers everything you need to know, in-depth, regarding installation and deployment of PMC. It is always recommended that you use the current release notes of every PMC ...What is PMC?
OverviewNComputing PMC is an endpoint management system designed and developed to remotely manage NComputing access devices including LEAF OS devices (PCs/Laptops), RX420(RDP), RX-RDP+, RX-RDP and RX-300 thin clients. PMC is provided as a virtual ...L-series, RX Series: Can a Deployment happen over Wide Area Networks (WAN)?
Please refer to this KB article for detailed descriptions: How to deploy vSpace Pro server for WAN accessHow to deploy vSpace Pro for WAN access?
Considerations In the past, our networking products have mostly been mentioned as 'LAN only' devices, only, for practical purposes. However, products like the RX Series for vSpace are better equipped than their predecessors and their networking ...How to configure router 'port forwarding rule' to remotely access my vSpace Pro server in the office from home, with L-series, RX300 or LEAF OS devices?
Customers who deploy vSpace Pro servers can access their user sessions remotely via the router port forwarding method. However, this approach can result in security vulnerabilities (port 27605 forwarding) and should be the last option if the customer ...