Remote Access
Introduction
The AppsAnywhere team needs access to AppsAnywhere environments to provide installation, configuration, support and upgrades for all AppsAnywhere, Analytics, Cloudpaging and Parallels RAS services.
With AppsAnywhere Cloud deployments, access is enabled by default.
For on-premises deployments, access will need to be pre-arranged to prevent delays when access is required.
Environmental Access
Should access be needed to configure AppsAnywhere, provide product support assistance or to investigate an incident, this can be arranged on an ad-hoc basis.
Access can be via screenshares or dedicated AppsAnywhere Support accounts enabled with MFA and disabled when not in use.
Server Access
This only applies to on-premises deployments.
Remote access is required to all servers in an AppsAnywhere environment. All server access is agreed in advance and recorded in AppsAnywhere Support, in addition to server access logs.
The preferred access method is via VPN connection and direct RDP/SSH connection to the servers. Access from a dedicated jump box is also recommended.
VPN access can be via dedicated AppsAnywhere Support accounts enabled with MFA and disabled when not in use.
Alternatively, AppsAnywhere Support will work with compatible existing customer solutions.
In order to be able to provide a level of service that is secure for insurance purposes and efficient to use, screen sharing services such as Zoom, Teams and Google Meet are not supported for server remote access during installations and upgrades.
A screen share can be setup for observing the session, but AppsAnywhere must be able to control access and securely transfer resources for insurance purposes.
AppsAnywhere and Analytics (Linux Servers)
The AppsAnywhere and Analytics appliances are pre-configured for secure SSH connections from AppsAnywhere, however, SSH is disabled by default when the appliance is imported.
Before connection can be made First-time Configuration - AppsAnywhere Admin Documentation must be completed to enable SSH access for a specified IP range, in accordance with one of the following options:
a) SSH access over a VPN connection
SSH access is restricted to the VPN IP range.
Once the VPN connection is established, the connected device can SSH directly to the servers.
b) SSH access via Jump box
Once VPN connection is established, connection to the jump box is via RDP and from that device, SSH connection is established to the servers.
c) SSH access via Windows Servers
SSH access is restricted to the IP range of a Cloudpaging Admin/License (or other) server.
Once VPN connection is established, connection to the server is via RDP and from that device, SSH connection is established to the AppsAnywhere servers.
Cloudpaging and Parallels RAS (Windows Servers)
For remote access to Windows Servers, the preferred method is for customers to provide a secure VPN connection via shared or named accounts which then use the AppsAnywhere support user account for remote desktop access.