Versions Compared

Old Version 2

changes.mady.by.user Emese Pogany

Saved on

compared with

New Version Current

changes.mady.by.user Emese Pogany

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes the communication flow of a secure shadowing session in the IGEL Universal Management Suite (UMS) environment.

...

IGEL OS 12

Shadowing of IGEL OS 12 devices is always secure, i.e. via the Unified Protocol. The communication is always encrypted. 

Direct Connection - UMS Console (Internal / External VNC Viewer)

Before the shadowing communication flow:

  • REST connection is initiated between the Console and the UMS Server

  • Unified Protocol WebSocket connection is initiated between the Device and the UMS Server

  • Shadow settings and information are forwarded

Shadowing flow:

  1. The UMS Console requests the UMS Server to initiate a VNC session for shadowing.

  2. The UMS Server requests the device to open a VNC session for shadowing.

  3. The device opens the shadowing WebSocket tunnel to the UMS Server and starts the VNC session.

  4. The UMS Server forwards the VNC session information to the UMS Console.

  5. The UMS Console opens the shadowing WebSocket tunnel and starts the VNC session.

  6. The VNC data is sent through the opened WebSocket tunnels between the UMS Console and the UMS Server and between the UMS Server and the Device. 

Drawio
border1
zoom1
simple0
inComment0
custContentId74876359
pageId74453184

...

lbox

...

diagramDisplayNameDirect Connection UMS Console Shadowing

...

contentVer2
revision2
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameDirect Connection UMS Console Shadowing
pCenter0
width1001
linksauto
tbstyletop
height775.5


Direct Connection - UMS Web App

Before the shadowing communication flow:

  • Device settings are sent to the UMS Server through REST

  • Unified Protocol WebSocket connection is initiated between the Device and the UMS Server

  • Shadow settings are forwarded

Shadowing flow:

  1. The UMS Web App starts the VNC session by opening the shadowing WebSocket tunnel to the UMS Server with information on the device to be shadowed.

  2. The UMS Server requests the device via the Unified Protocol WebSocket to open a VNC session for shadowing.

  3. The device opens the shadowing WebSocket tunnel to the UMS Server and starts the VNC session.

  4. The VNC data is sent through the opened WebSocket tunnels. 

Drawio
border1
zoom1
simple1
pageId74453184
custContentId74778706
lbox1
diagramDisplayNameShadowing_OS12_DirectConnection
contentVer1
revision1
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameShadowing_OS12_DirectConnection
width600
linksauto
tbstyletop


Over ICG - UMS Console (Internal / External VNC Viewer)

Before the shadowing communication flow:

  • Unified Protocol WebSocket connections are initiated between the UMS Server and the ICG and between the Device and the ICG

  • Shadow settings are forwarded

  • UMS Server sends shadowing information through REST to the UMS Console

Shadowing flow:

  1. The UMS Console requests the UMS Server to initiate a VNC session for shadowing.

  2. The UMS Server requests the ICG to open a VNC session for shadowing.

  3. The UMS Server sends the VNC information to the UMS Console and the ICG requests the device to open a VNC session for shadowing.

  4. The device opens the shadowing WebSocket tunnel to the ICG and starts the VNC session  and the UMS Console opens the shadowing WebSocket tunnel to the ICG and starts the VNC session.

  5. The VNC data is sent through the opened WebSocket tunnels. 

Drawio
border1
zoom1
simple1
pageId74453184
custContentId74909613
lbox1
diagramDisplayNameUMSConsole_ICG_Shadowing_OS12_new
contentVer1
revision1
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameUMSConsole_ICG_Shadowing_OS12_new
width600
linksauto
tbstyletop

Over ICG - UMS Web App

Before the shadowing communication flow:

  • Device settings are sent to the UMS Server through REST

  • Unified Protocol WebSocket connections are initiated between the UMS Server and the ICG and between the Device and the ICG

  • Shadow settings are forwarded

Shadowing flow:

  1. The UMS Web App starts the VNC session by opening the shadowing WebSocket tunnel to the UMS Server with information on the device to be shadowed.

  2. The UMS Server requests the ICG to open a VNC session for shadowing and opens a WebSocket tunnel for the shadowing.

  3. The ICG requests the device to open a VNC session for shadowing.

  4. The device opens the Shadowing WebSocket to the ICG and starts the VNC session.

  5. The VNC data is sent through these WebSockets.

Drawio
border1
zoom1
simple1
pageId74453184
custContentId74778712
lbox1
diagramDisplayNameWebApp_OS12_Shadowing_ICG_new
contentVer1
revision1
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameWebApp_OS12_Shadowing_ICG_new
width600
linksauto
tbstyletop

IGEL OS 11 or Earlier

Direct Connection - Internal VNC Viewer

The UMS Console requests the device's certificate and the session password from the UMS Server. The UMS Console then establishes an SSL tunnel with the device using the session password. The device sends the certificate to the UMS Console; the UMS Console checks the certificate against the certificate it has received from the UMS Server. In return, the UMS Console sends the session password to the device. After that, the SSL tunnel between the UMS Console and device is established and can be used for exchanging VNC data. 

Drawio
border1
zoom1
simple1
pageId74453184
custContentId74876353
lbox1
diagramDisplayNameSecure shadowing direct
contentVer1
revision1
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameSecure shadowing direct
width600
linksauto
tbstylehidden

Direct Connection - UMS Web App

The UMS Web App requests the UMS Server to initiate a VNC session for shadowing. The UMS Server establishes an SSL tunnel with the device using a session password and the device's certificate. The UMS Web App and the UMS Server communicate via WebSocket, which also carries the VNC data.

Drawio
border1
zoom1
simple1
pageId74453184
custContentId74909619
lbox1
diagramDisplayNameSecShadowingWebApp
contentVer1
revision1
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameSecShadowingWebApp
width600
linksauto
tbstylehidden

Over ICG - Internal VNC Viewer

Both the UMS Server and the device have established a WebSocket connection to the ICG; this WebSocket is used for commands from the UMS and messages from the device. 

The UMS Console and the device establish a dedicated WebSocket for secure shadowing with the ICG. 

Drawio
border1
zoom1
simple1
pageId74453184
custContentId74811075
lbox1
diagramDisplayNameVNC Viewer over ICG
contentVer1
revision1
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameVNC Viewer over ICG
width600
linksauto
tbstylehidden

Over ICG - UMS Web App

The UMS Web App requests the UMS Server to initiate a VNC session for shadowing. The UMS Server creates an additional WebSocket connection for exchanging the VNC data. The UMS Web App and the UMS Server communicate via WebSocket, which also carries the VNC data. 

Drawio
border1
zoom1
simple1
pageId74453184
custContentId74909625
lbox1
diagramDisplayNameSecShadowWebAppICG
contentVer1
revision1
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameSecShadowWebAppICG
width600
linksauto
tbstylehidden

Direct Connection - External VNC Viewer

The external VNC viewer runs on the same machine as the UMS Console. The UMS Console starts the external viewer and then acts as a proxy between the device and the external VNC viewer.

Drawio
border1
zoom1
simple1
pageId74453184
custContentId74909631
lbox1
diagramDisplayNameexternal viewer
contentVer1
revision1
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameexternal viewer
width600
linksauto
tbstylehidden

Over ICG - External VNC Viewer

The external VNC viewer runs on the same machine as the UMS Console. The UMS Console starts the external viewer and then acts as a proxy between the ICG and the external VNC viewer.

Drawio
border1
zoom1
simple1
pageId74453184
custContentId74811081
lbox1
diagramDisplayNameExternal viewer over ICG
contentVer1
revision1
baseUrlhttps://igel-jira.atlassian.net/wiki
diagramNameExternal viewer over ICG
width600
linksauto
tbstyletop