Meshcentral: Multi-Agent Server Addresses

Created on 27 Jan 2020  路  6Comments  路  Source: Ylianst/MeshCentral

Hi Ylian and Team,

Anyway to add invite codes to the agent, and allow the agent to run in multiple groups as needed, or even run on different servers...

example:
Server 1 -> Group A -> System Q
Server 2 -> Group BB -> System Q
On connection: Server 1 & Server 2 -> System Q Active.

Server 1 Server 2
\ /
\ /
\ /
\ /
\ /
\ /
\ /
|
System Q

Reason I ask for this is I have a server that services China in China to meet government regulation and restrictions and also to legally mask parent company to contracted company connections. Legally both companies can use the same systems, just not same network to connect to the system.

My thought is that Server 1 is original agent installer, then Server 2 Group BB would issue an invite code that the Agent from server 1 could allow input to place the invite token into the connection and then connect on both servers.

Thanks,
SomeGuru

question
Source
picture SomeGuru

All 6 comments

Nice ASCII art attempt! 馃

Right now, the MeshAgent can't connect to two servers at once. If we did do this, I can imagine would would have to deal with problems like which server gets to patch the agent, etc. You can also have conflicting policies, etc. A different idea would be to run two servers in peering mode and have agents connect to one or the other. This way, both servers will see the agent. You will need both servers to have access to a common database, but otherwise, both instances will connect to each-other using WebSocket.

Ylianst picture Ylianst on 28 Jan 2020
1

I'd think that a mesh agent connecting to two servers at once could lead to hostile takeover from a malicious person/ group.

If this were to be implemented, I'd like for the functionality to be disabled by the server admin

OutbackMatt picture OutbackMatt on 28 Jan 2020

I've had setups where I had two completely separate Mesh Agent installs on a machine, in separate folders, where each agent connected to different servers.

krayon007 picture krayon007 on 28 Jan 2020

@krayon007 Bryan,

I remember you saying something to that effect, let me tell my staff member in person tomorrow and if that works than we may have bridged a China server restriction issue I was facing...

Thanks, more testing to do...
SomeGuru

SomeGuru picture SomeGuru on 28 Jan 2020

They don't even need to be in separate folders. If there are two exe files (e.g. meshagent.exe and meshagent2.exe) they will each use the msh file with the associated name (e.g. meshagent.msh and meshagent2.msh) and therefore each will connect to each server as defined in 'its' msh file.

MailYouLater picture MailYouLater on 28 Jan 2020
👍1

Resolved by doing just as stated... Will close this request now.

SomeGuru picture SomeGuru on 30 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

M1CK431 picture M1CK431  路  3Comments
penguinthingie picture penguinthingie  路  4Comments
LPJon picture LPJon  路  3Comments
MailYouLater picture MailYouLater  路  4Comments
nroach44 picture nroach44  路  3Comments