Welcome to our community!

Add the ability to set an alternate relay address

Avatar
anonymous
  • updated
  • Considering for Future Release

Our situation :
We have 3 offices in Canada (HQ, A, B)
HQ-A have MPLS link between them,
HQ-B use VPN over internet.
All location have independent internet access.

We use access session on all system in all location, but the relay is located in the HQ.

Curent setup.
1 DNS name to the server that resolve to an external IP when out of the local infrastructure and an internal IP when inside the infrastructure.
- This way system on our internal network dont use the public internet access, it more secure, reduce the global bandwitch and load on our front end firewall.
The issue, if the inter-site link go down, the access session will not be able to connect, as the DNS will still resolve to the internal IP, resulting in disconnection.

Our need, be able to setup 2 URL for the a access session, as such when the 1st is irresponsible the client can try connecting to the second one, with a retest every X to go back to primary.
With this we could setup our client with a internal URL as primary and an external URL as secondary and still reach our system if the VPN or MPLS go down, but not the internet.

Duplicates 3
Have relay traffic listen on two different ports

Partner was having a problem with a access agent connecting to the ScreenConnect server using port 80 for the relay server.


He thought port 80 would be okay on all networks but some routers handle it differently. He mentioned that having two relay ports it could listen over would help with that situation


add failover options for the ScreenConnect server

add failover options for the ScreenConnect server, parnter has a backup ISP and would like ScreenConnect to failover to the other ISP when the primary one goes down

Allow ability to have 2 relay URI's

Partner would like the ability to have 2 relay uri's for easier/safer Uri migrations, as well as allowing for more disaster recover situations.

Replies 29
Avatar
0
Ben
Quote from Mark Bell

Here's another application for this feature... My SC server hosts other applications using both IPv4 and IPv6. I would like to be able to provide specific IPv4 and IPv6 addresses for both the relay and web server to listen on. While I understand I could use the "WebServerAlternateListenUri" parameter to specify and IPv6 address, I am currently using that for port 80 so my users can just enter the server's FQDN and not have to type in "https" in the URL when accessing a support session.

bro i want to contact u about the same issue so how can i contact u 

Avatar
1
Jeremy Nelson

Any progress on this?

Avatar
0
Ademar

Dear Sean Keown, Please let know where I have to do the adjustment you indicate.

Avatar
0
Sean Keown

Good point, I forgot that the control portion is using the relay address and is AES encrypted.  

Avatar
0
Gary Herbstman

As far as I know, CWC does not use an ssl cert to communicate with the server. Neither does CWA. They use other methods of authentication.


    Avatar
    0
    Sean Keown

    I could be wrong, but connecting via IP sounds dangerous unless your SSL certificate has your IP address inside of it. Otherwise the control agent would have to accept invalid SSL certificates which could be bad if someone is preforming a MITM attack. 

    Avatar
    0
    Gary Herbstman

    This should have alternate relays similar to how CW Automate works. We have had several situations where DNS failed and the control clients will not connect. If there was a backup/secondary via an IP address, it would have saved us a lot of grief.

    Avatar
    0
    jhardwick

    It would be nice to be able have the IPs from the Cloud tenants pushed out to the clients as well -- so the primary connection can be via DNS, but if for some reason DNS resolution isn't working it could still connect via IP.  


    I understand that the IPs on the cloud side can change from time to time and that I believe as things stand now, the config in question would only be refreshed when the client is installed... so understand that this might not be as simple of a change, but I think it would provide a great value.. 


    At a minimum the ability for the client to try to connect to the last known IP if for some reason DNS isn't working

    Avatar
    0
    Sean Keown

    Please make the port adjustable for the second host. i.e primary  relay://domain.com:443 secondary relay://domain.com:80  This would allow us to attempt a connection on port 443 by default and then failover to port 80 for sites that do packet inspection on 443 and block the relay from connecting. 

    Avatar
    0
    JoM
    Quote from Derm

    I would like to see an option for fallback addresses similar to how LabTech does it. remote.mydomain.com|backup remote.mydomain.com|1.2.3.4 etc. You can add additional names/ip addresses in order you would prefer it to check in.

    Yes, that would be useful, being able to add an IP address would means that even without DNS machines would still connect.

    

    Top contributors
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar
    Avatar