The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components. All Bomgar sessions between representatives and remote customers occur through the server components that run on the appliance. To protect the security of the application data in transit, Bomgar uses 256-bit Advanced Encryption Standard (AES) SSL to encrypt all application communications.
The Bomgar Appliance enables remote control by creating a remote outbound connection from the customer's system to the Bomgar Appliance through firewalls. For Bomgar to provide remote control securely, the appliance is designed to use the most common network infrastructure or architecture that supports internet-accessible applications – a demilitarized zone (DMZ) with firewall protection.
In the context of computer networking, the DMZ is between two firewalls and thus separated from the internet and intranet(s). The firewalls block any traffic types known to be illegal and provide intrusion containment. The internet firewall allows only expected traffic using the correct ports. The Bomgar Appliance is designed and tested to ensure it works properly and securely in Internet environments. To achieve optimal security, Bomgar recommends that you place the Bomgar Appliance inside the DMZ, as shown below. This diagram shows the recommended configuration for one Bomgar Appliance.
By locating the appliance in the DMZ, the appliance is within the secure buffer zone. Since all Bomgar sessions are initiated via outbound connections from the client to the appliance, it is possible to remotely control computers using Bomgar through the firewalls.