Remote Access Overview

ℹ️ About Remote Access

INFRAX provides a single place for remote access to network nodes, virtual machine consoles, and container consoles. It supports browser-based connections through Apache Guacamole and native OS clients. Web sessions open directly inside the INFRAX interface, can be minimized and switched between, and can be moved to a separate browser tab when needed. Web connections can be recorded for audit, while credentials and access rights are managed centrally.

Table of Contents

Overview

The INFRAX remote access system lets users work with remote nodes and consoles from a single interface while keeping security, permissions, and connection history under control.

Key Capabilities

  • Multiple protocols - support for RDP, SSH, VNC, Winbox, web links, and VM/container consoles
  • Two connection modes - web client (Apache Guacamole) and native clients
  • Embedded web access - web sessions open inside INFRAX with minimize and switch support
  • Session recording - automatic recording of web connections for audit
  • Automatic tunneling - secure connections without direct internet exposure of target nodes
  • IDENTYX integration - centralized credentials and access rights
  • VM and container consoles - VMware, Proxmox, Hyper-V, and Docker from one interface
  • Central session log - every connection is written to the session history

How It Works

1. Select a node

The user opens the node tree or resource list and starts a connection to the required node, VM, or container.

2. Choose a mode

The system offers the web client or the native client. The chosen option can be saved for future connections.

3. Connect

INFRAX creates a secure tunnel, fills in credentials from IDENTYX, and opens the session in the selected client.

4. Log activity

The connection is stored in the session log. Web sessions are also recorded when recording is enabled.

Apache Guacamole Architecture

Apache Guacamole is a clientless remote access gateway that lets users connect through a browser without installing a separate application. INFRAX uses it for the web client and for web session recording.

What Apache Guacamole Does

Apache Guacamole provides browser-based access to remote sessions over HTML5. In INFRAX, it is the main mechanism for web connections, including the embedded mode inside the product interface.

Main Characteristics:

  • Clientless - works in a modern browser without a separate client
  • HTML5 - uses web technologies to display remote desktops and terminals
  • Multi-protocol - supports RDP, SSH, and VNC in a single interface
  • Session recording - records user activity for audit purposes
  • Embedded INFRAX mode - sessions open directly in the interface instead of a separate browser window

How It Works in INFRAX

Web Client

Web connections go through Apache Guacamole and open inside the INFRAX interface by default. If needed, they can be moved to a separate browser tab.

Native Client

The native mode uses the INFRAX plugin and the client applications installed on the local machine, including Remote Desktop, PuTTY, VNC Viewer, and Winbox.

Embedded UI

Active web sessions can be minimized, switched, and kept side by side in the application panel.

Recording and Audit

Recording is available only for web connections, which makes it possible to store user actions for later review and analysis.

Connection Modes

INFRAX supports two remote connection modes for network nodes. Web access is best for auditability and quick browser-based access, while the native client provides the highest performance and full protocol functionality.

Web Client (Apache Guacamole)

Characteristics:

  • Runs entirely in the browser
  • No additional software is required
  • Opens inside the INFRAX interface by default
  • Can be minimized and switched to another web session
  • Supports automatic session recording
  • Works well from different devices and platforms

Advantages:

  • ✅ No client installation needed
  • ✅ Works on any supported OS
  • ✅ Session recording for audit and control
  • ✅ One interface for the main protocols
  • ✅ Browser access without workstation setup
  • ✅ Convenient for multiple simultaneous connections

Limitations:

  • ⚠️ Slightly lower performance than native clients
  • ⚠️ Depends on the quality of the connection to the INFRAX server
  • ⚠️ Some protocol-specific features are not available in the browser

Native Client

Characteristics:

  • Uses the INFRAX plugin and client applications installed on the computer
  • Protocols: xrdp://, xssh://, xvnc://, xwinbox://
  • Maximum performance
  • Full protocol functionality
  • Works with familiar client applications
  • Supports all monitors for RDP connections

Advantages:

  • ✅ Maximum performance
  • ✅ Full support for protocol capabilities
  • ✅ Familiar client UI
  • ✅ Better for graphics, video, and heavy sessions
  • ✅ Support for all monitors in RDP

Limitations:

  • ⚠️ The INFRAX plugin must be installed
  • ⚠️ Session recording is not available
  • ⚠️ Winbox works only on Windows
⚙️ Default Mode Setting

An administrator can disable native connections by enabling the "Web client only" option. In that case, all users will connect through Apache Guacamole only.

Choosing a Connection Mode

When connecting to a node for the first time, the system shows a mode selection dialog:

  • Through the web interface - connection through Apache Guacamole
  • Through the native client - connection through installed client applications

You can save the selection so that the system automatically uses the preferred mode later.

Working with Connections in the Interface

By default, web connections open directly inside the INFRAX interface:

  • Single window - the connection opens on top of the interface without new tabs
  • Minimize - an active connection can be minimized while you continue working in INFRAX
  • Switching - several connections can be opened at once and switched between
  • Connection panel - minimized sessions appear in the application header
  • Open in a new tab - a connection can be moved to a separate browser tab when needed
⚙️ Open Mode Setting

In user settings, you can choose whether web connections open inside the INFRAX interface or in separate browser tabs. See "Web Client" for details.

Supported Protocols

INFRAX supports the main remote access protocols and separate connection types for web interfaces and virtualization consoles.

Protocol Purpose Web Client Native Client
RDP Windows servers and workstations
SSH Linux/Unix servers, terminal access
VNC Linux desktops, macOS, cross-platform graphical access
Winbox MikroTik RouterOS devices ✅ (Windows only)
Web Opening device web interfaces N/A N/A
VM/Container Consoles VMware, Proxmox, Hyper-V VMs, and Docker containers Partially

Protocol Details

RDP (Remote Desktop Protocol)

Microsoft's remote desktop protocol for connecting to Windows servers and workstations. It provides full graphical access to the remote computer.

Used for: Windows Server, Windows Desktop

SSH (Secure Shell)

A secure protocol for remote management of Linux and Unix systems. It provides terminal access and command execution.

Used for: Linux servers, network equipment, Unix-like systems

VNC (Virtual Network Computing)

A cross-platform protocol for remote access to a graphical interface. It works on most operating systems.

Used for: Linux Desktop, macOS, specialized systems

Winbox

A specialized protocol for managing MikroTik RouterOS devices. It provides a convenient graphical interface for configuring MikroTik routers and switches.

Used for: MikroTik RouterOS devices

Limitation: Works only on Windows through the native client

Web

A connection type for opening device web interfaces. When this option is selected, the URL opens in the browser.

Used for: devices with web interfaces, routers, switches, management servers

VM and Container Consoles

Direct access to VMware vCenter/ESXi consoles, Proxmox VE, Microsoft Hyper-V, and Docker container consoles. This makes it possible to manage VMs without guest OS network connectivity and to run commands inside containers.

Used for: OS installation, initial VM setup, network recovery, boot diagnostics, container debugging

More info: See "VM Console Connections"

Connection Security

INFRAX provides a high level of security for remote connections through automatic tunneling, centralized credentials, and full activity logging.

Security Mechanisms

1. Automatic Tunneling

All connections pass through protected tunnels that are created automatically:

  • Traffic encryption
  • Connection isolation
  • Automatic tunnel creation and teardown
  • No direct internet access to target nodes

2. Credential System Integration

Credentials are stored in the protected IDENTYX system:

  • Centralized credential storage
  • Password encryption
  • Automatic selection of suitable credentials
  • No need to enter passwords manually

3. Access Rights System

Access to nodes and connection features is controlled by permissions:

  • Granular access control for network nodes
  • Control over whether remote access is allowed
  • Audit of all connection attempts
  • Ability to block remote access for specific users

4. Full Logging

All connections are registered in the system:

  • All sessions are stored in the log
  • User, time, and target node information
  • Web session recording through Apache Guacamole
  • Ability to review and analyze recordings
🔒 Security Benefits

With the INFRAX architecture, administrators get full control over remote connections without opening separate firewall ports for each server. All connections pass through one protected entry point that is easy to control and audit.

Session Management

INFRAX provides a remote connection log used for audit, control, and user activity analysis.

Session Log

All remote connections are recorded in Administration → Sessions. The log contains:

  • Session ID - unique identifier
  • Network node - target node of the connection
  • Initiator - user who created the connection
  • Created time - when the session was started
  • Connected time - when the user actually connected
  • Disconnected time - when the session ended
  • Status - active or closed
  • Duration - session length
  • Connection method - web or native client

Session Filtering

The log supports powerful filtering tools:

  • By status - active, closed, or all
  • By date - select a time range
  • By user - filter by initiator
  • By connection method - web or native
  • Full-text search - search by IP addresses, ports, and user names

Viewing Session Details

Click any session to see detailed information:

  • Full session timeline: created, connected, disconnected
  • Technical parameters: screen resolution, protocol, and extra data
  • Information about the target node, VM, or Docker container
  • Ability to play the recording for web sessions
📹 Session Recording

Recording is available only for web connections through Apache Guacamole. Native connections are not recorded. Recording settings, including which users are recorded, can be changed in the application settings.

System Benefits

The INFRAX remote access system gives you a single, manageable way to connect to infrastructure without juggling separate client applications and disconnected access paths.

🔐 Security

  • Single access point
  • Centralized credential management
  • Automatic tunneling
  • Full logging and audit

⚡ Convenience

  • One interface for all nodes
  • Personal shortcut panel for quick access
  • No need to remember IP addresses and passwords
  • One-click connection
  • Access from anywhere

📊 Control

  • Full connection history
  • Web session recording for audit
  • Monitoring of active connections
  • Usage analytics

🎯 Flexibility

  • Support for many protocols
  • Two connection modes
  • Configurable web session opening mode
  • Scalability