Remote Access
Introduction
The AppsAnywhere team needs access to AppsAnywhere environments to provide installation, configuration, support and upgrades for all AppsAnywhere, Analytics, Cloudpaging and Parallels RAS services.
With AppsAnywhere Cloud deployments, access is enabled by default.
For self-hosted deployments, access will need to be pre-arranged to prevent delays when access is required.
End user machine access
Should access be needed to configure AppsAnywhere, provide product support assistance or to investigate an incident, this can be arranged on an ad-hoc basis.
Access can be via screenshares or dedicated AppsAnywhere Support accounts enabled with MFA and disabled when not in use.
Server access
This only applies to self-hosted deployments.
Remote access is essential for all servers within an AppsAnywhere environment. All server access must be pre-approved, is documented in AppsAnywhere Support, alongside the server access logs and the accounts utilized for remote access can be configured with Multi-Factor Authentication (MFA).
The preferred order of remote access methods is as follows:
VPN connection and direct RDP/SSH connection to the servers.
VPN connection and access from a dedicated jump host to the servers.
Direct RDP/SSH connection to the servers from the AppsAnywhere network.
Any other method.
The preferred order of accounts used for remote access methods is:
A shared AppsAnywhere Support account
Named AppsAnywhere Support accounts
In order to be able to provide a level of service that is secure for insurance purposes and efficient to use, screen sharing services such as Zoom, Teams and Google Meet are not supported for server remote access during installations and upgrades.
A screen share can be setup for observing the session, but AppsAnywhere must be able to control access and securely transfer resources for insurance purposes.
AppsAnywhere and Analytics (Linux Servers)
The AppsAnywhere and Analytics appliances are pre-configured for secure SSH connections from AppsAnywhere, however, SSH is disabled by default when the appliance is imported.
Before connection can be made First-time Configuration - AppsAnywhere Admin Documentation must be completed to enable SSH access for a specified IP range, in accordance with one of the following options:
a) SSH access over a VPN connection
SSH access is restricted to the VPN IP range.
Once the VPN connection is established, the connected device can SSH directly to the servers.
b) SSH access via Jump box
Once VPN connection is established, connection to the jump box is via RDP and from that device, SSH connection is established to the servers.
c) SSH access via Windows Servers
SSH access is restricted to the IP range of a Cloudpaging Admin/License (or other) server.
Once VPN connection is established, connection to the server is via RDP and from that device, SSH connection is established to the AppsAnywhere servers.
Cloudpaging and Parallels RAS (Windows Servers)
Remote access to Windows Servers is typically through a Microsoft Remote Desktop connection. Alternatively, AppsAnywhere can utilize any tool preferred by the customer for third-party access to servers.