Remote desktop
This scenario is for ISVs that provide Remote Desktop access using the endpoint agent managed by the cloud service. The purpose of such integration is to provide MSP technicians with remote desktop access to managed workloads directly from Acronis Cyber Platform.
Integration with locally installed Remote Desktop application
This integration model does not require direct communication between Acronis Cyber Platform and the ISV’s cloud. Instead, the Cyber Protection console makes a request to the locally installed Remote Desktop application that is normally used by the ISV’s service for remote access. To make such a request, existing workloads that have the Acronis agent and the vendor’s remote desktop agent installed are extended with a new action - open a remote session to the selected workload. The advantage of this integration method is its simplicity. But the following conditions must be met in order to open the Remote Desktop session successfully:
The Remote Desktop application must be installed on the same device that attempts to initiate a connection from the Cyber Protection Console.
The Remote Desktop application must be configured to launch with the MSP administrator account credentials.
The Remote Desktop agent must be installed on the target workload to initiate the remote session.
The Acronis agent must be installed on the target workload to discover and display the workload in the Cyber Protection console.
The MSP administrator account must have sufficient privileges provided by the vendor’s service to access the target workload.
Recommended Extension points
Integration with a locally installed Remote Desktop application requires only three Extension Points.
Integration settings
Integration settings are needed to enable the integration, no additional configuration is needed. Integration is enabled for all MSP customers simultaneously.
Workloads
Acronis workloads must be extended with a new action that makes a request to the locally installed Remote Desktop application to establish a remote session. This request must include the target workload ID to allow the Remote Desktop application to establish the connection to the correct target.
Roles
For the Remote Desktop application, it is recommended to use the following existing roles:
Company Admin or Management Portal Administrator - required to enable the integration.
Company Admin, Protection Cyber Administrator or Protection Administrator - allows users to establish remote desktop sessions to customer workloads. Users without this role cannot establish remote sessions.
Integration with direct communication to ISV’s cloud
This integration model requires mapping customer tenants in Acronis Cyber Platform to corresponding organizations on the ISV’s vendor side. Then, for each mapped customer, ISV’s cloud reports the list of workloads with installed remote desktop agents to Acronis Cyber Platform. These workloads are reported as a new workload type with the new custom action named “Remote connect”. Workloads reported by the integration are merged with Acronis workloads in the management portal and displayed as a single entity, effectively adding the new “Remote connect” action to existing Acronis workloads.
Recommended Extension points
The minimal integration scenario that allows the application to enrich Acronis Cyber Platform with Remote Desktop capabilities requires the following Extension Points:
Integration settings - to enable the integration and do customer mapping.
Workloads - to display workloads with ISV agents in Acronis Cyber Platform Devices list and extend existing actions with new “Remote connect” action.
The extended scenario may include additional Extension Points:
Alerts - to display alerts generated by the Remote Desktop service.
Main menu - to configure tenant-level settings for Remote Desktop tools.
Widgets - to display ISV endpoint agents’ statuses and other statistics.
Integration settings
To ensure the correct synchronization of workloads from ISV Cloud to Acronis, integration settings must include:
Partner credentials and connection settings - required to authenticate in the ISV cloud and fetch the list of End Customers. These settings enable the integration for the Partner.
Customers mapping - a list of customers fetched from ISV cloud that allows specifying an existing customer mapping or creating a new corresponding customer mapping in Acronis Cyber Platform. Mapping an ISV customer to Acronis customer results in enabling the application for the specific customer.
Application configuration and mapping can be done only by Partner and cannot be done by End Customers.
Roles
For the Remote Desktop application, it is recommended to use the following existing roles:
Company Admin or Management Portal Administrator - required to enable the integration and perform customer mapping.
Company Admin, Protection Cyber Administrator or Protection Administrator - allows users to establish remote desktop sessions to customer workloads. Users without this role cannot establish remote sessions.
Workloads
To report workloads with remote desktop agents installed from ISV cloud to Acronis:
Workloads must be extended with a new workload type.
Workloads reported by the ISV’s connector must be merged with Acronis workloads (or displayed alongside, if there is no matching workload on the Acronis side).
A new workload type must bring new attributes and new actions. One of these actions must be a command to establish a remote session with the workload. If several types of remote connections are possible (e.g., for attended and unattended access) the integration may bring several custom actions.
To successfully merge ISV’s and Acronis workloads, ISV’s workload attributes must include network parameters (hostname, IP addresses and MAC address).
Additional attributes are optional:
Endpoint agent status.
Endpoint agent version.
Alerts
Alerts can be optionally used to report issues that occurred during remote sessions. Alerts must be submitted as a new alert type and contain the following parameters:
Workload status.
Status description.
Workload name.
Error name.
Error description.
Widgets and Reports
Remote Desktop application may create widgets to report endpoint agent state and remote session issues:
Pie-chart diagram with Remote Desktop agents’ statuses.
List of 10 latest alerts generated by Remote Desktop integration.
These widgets should be declared by the application. The widget data must be based only on alerts or workload attributes submitted by the application.
It is recommended to add application-specific widgets to the Overview dashboard in the Cyber Protection console.