LogicMonitor seeks to disrupt AI landscape with $800M strategic investment at $2.4B valuation to revolutionize data centers.

Learn More

    Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

    Get to know us
    Services

      Resources

      Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

    Learn

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

    Support

    Product Documentation

    Remote Session

    Last updated on 22 October, 2024

    The Remote Session feature in LogicMonitor provides a secure way to remotely access and operate on devices from within your LogicMonitor portal. Remote sessions are enabled via the use of Apache Guacamole, a clientless remote desktop gateway that requires no plugins or client software.

    The remote session protocols available for establishing a communication stream between your account and the Collector monitoring your device are RDP, SSH, VNC, Telnet, and HTTP/S. The protocol must be configured for the device endpoint in order to be able to establish a remote session connection. Remote sessions take place via a secure SSL connection where supported by the protocol (Telnet is not encrypted and for HTTP/S you have the option to use SSL/HTTPS or just HTTP).

    Note: The maximum duration for a remote session is 60 minutes. After 60 minutes, whether you are currently interacting with the remote device or not, the session will time out.

    Initiating a Remote Session

    1. From the Resources Tree, select the DataSource or Instance you wish to access.
    2. Select Manage Resource Options > Start Remote Session.



    3. Select a protocol from the Start Remote Session window. 
      You can use any protocol from the options; however, RDP protocol is used for Windows, and SSH protocol is used for non-Windows or Linux resources.
      Note: To use VNC, Telnet, and HTTP/s, ensure that Collector version 28.600 is installed or later. If a previous version of Collector is installed, the protocols are disabled, and a message is displayed upon mouse hover.



    4. Select either your phone number or email ID for two-factor authentication. 

      Note: The phone or email ID verification window is displayed only when the Require Two-Factor Authentication for Remote Session option is enabled from Portal Settings. For more information, see Portal Settings.



      Note: If you are using the Authy app, the Authy app token and OneTouch options are available for verification once the two-factor authentication using the phone number is successful. 
      A Remote Session Login window is displayed once the two-factor verification is completed successfully.



      Note: Currently, the two-factor authentication only applies to local and SAML users.
    5. Enter the account and password for your resource.
      Note: You must log into the resource within three minutes of initiating the remote session or the session will time out.
      LogicMonitor does not support SSH key authentication or Network Level Authentication on Windows.
    6. Once the remote session is initiated, select Control+Alt+Shift to open the Apache Guacamole clipboard for copy-and-paste functionality or directly input new command lines.
      Note: If the two-factor authentication is enabled for accessing the LogicMonitor account and Remote Session login, you must authenticate only once while accessing the account.

    Remote Session Device Properties

    LogicMonitor supports several Remote Session protocol properties that you can use to override default connection behavior.

    ProtocolProperty NameDefault ValueMandatoryDescription
    SSHremotesession.ssh.port22NoPopulate to override default SSH port value.
    RDPremotesession.rdp.port3389NoPopulate to override default RDP port value.
    Telnetremotesession.telnet.port23NoPopulate to override default Telnet port value.
    VNCremotesession.vnc.port5900NoPopulate to override default VNC port value. (Default is 5900 or 5900 + display number. If VNC server is serving display number 1 (sometimes written as :1), your port number here would be 5901).
    HTTP/Sremotesession.http.ssl.enabletrueNoSSL is enabled by default. Enter false if you are using HTTP instead of HTTPS.
    HTTP/Sremotesession.http.port443 (for HTTPS by default); 80 (for HTTP if
    ssl.enable is false)    		NoPopulate to override the default port for the HTTP/S connection. Defaults are 443 for HTTPS and 80 for HTTP.
    HTTP/Sremotesession.http.rootpath/NoSpecify the HTTP/S path. By default the root path is used.
    RDP and SSH (deprecated)remotesession.port=[portnumber]Values set for SSH or RDP ports using one of the properties listed above will override the value set for this propertyNoThis property is deprecated, but still supported. It carries the port number required to RDP/SSH into the device (typically only used if a non-standard port is required).
    If you are setting up Remote Session for the first time, use the above SSH and RDP port properties.
    RDP and SSH (deprecated)remotesession.protocol=[RDP or SSH]N/ANoPreviously used to indicate the protocol (RDP or SSH) for the device (rather than allowing LogicMonitor to automatically determine protocol based on device type), but with the addition of new protocols and the ability to manually select preferred protocol upon remote session initiation, this property is fully deprecated and no longer used.

    For more information on adding/updating properties for a resource, see Resource and Instance Properties.

    Access Controls

    Remote sessions do not change the underlying authentication and access control of the device operating system, but they do allow access to the device in situations where it may not otherwise be possible. For this reason, LogicMonitor has several controls in place that serve to limit access to the Remote Session feature on a global or more granular basis.

    ControlDescription
    Account-wideRemote Session can be disabled on an account-wide basis from LogicMonitor’s account settings. For more information, see About the Account Information Page.
    Per-collector Remote Session can be disabled on a per-Collector basis, effectively disabling the feature for all devices assigned to that Collector. This is accomplished by manually updating the remotesession.disable setting found in the Collector’s configuration file to “true”. For more information on editing a Collector’s configurations, see Editing the Collector Config Files.
    Role-based accessRemote Session is defined as a separate user privilege. As discussed in Roles, a role can be given the ability to initiate remote sessions on all devices, those in a specific group, or no devices at all.

    Requirements and Limitations

    Please note the following requirements/limitations:

    • The protocol used to initiate a session must be enabled on the device to which you are attempting to connect.
    • The remote session connection will not work if “RDP Security Layer” is enabled for Window Server 2008’s Remote Desktop.
    • If working with non-Windows or Linux devices (e.g. Cisco controllers), you will most likely use SSH to establish communication. However, you may need to manually do one of the following to ensure a proper connection:
      • Ensure default SSH configurations are in place
      • Enable username/password access for SSH on the device
    • Make sure that the IPs used by the relay server are allowed (added to allow list). See LogicMonitor Public IP Addresses and DNS Names for a complete list.
    • HTTP/S protocol limitations:
      • Domain/device redirects. Redirects to another domain/device are not supported.
      • Port redirects. Use the properties listed in the Remote Session Device Properties section of this support article to specify the HTTP/S port, use of SSL, and path.
      • SSO login redirects. This affects vCenter remote session logins. In addition, if the page is requesting resources out of target device domain and is not accessible from a public browser (e.g. the webpage is requesting another device’s CSS resources which are not accessible from the browser directly), those resources will not be available via the remote session.
      • Link parsing in the HTTP body request. During a remote session, the HTTP/S protocol uses a RelayServer which works as a reverse proxy to return a page when the HTTP/S connection is initiated. It only acts upon HTTP requests and responses in the header in order to determine that the link is valid and for the same host. This affects some devices, such as Cisco UC devices.

    Note: While not possible with some redirects, if they are known the path can be added as the value for the remotesession.http.rootpath property to connect to the redirect page directly.
    In This Article