Bomgar Privileged Access Cloud Network Infrastructure
The architecture of the Bomgar application relies on the Bomgar Cloud instance as a centralized routing point for all communications between application components. All Bomgar sessions between users and remote systems occur through the server components that run on the appliance. To protect the security of the data in transit, Bomgar uses TLSv1.2 to encrypt all application communications.
Customers may configure the security features such that the Bomgar deployment complies with applicable corporate policies or regulations. Security features include role-based access control, secure password requirements, and a full audit trail.
Bomgar enables remote control by creating a remote outbound connection from the endpoint system to the Bomgar Cloud instance. The Bomgar Cloud site is designed and tested to ensure it works properly and securely in the Bomgar Cloud infrastructure. Since all Bomgar sessions are initiated via outbound connections from the client to the appliance, it is possible to remotely control computers using Bomgar through firewalls.
Bomgar Appliance Network Infrastructure
Each Bomgar Cloud site comes with a subdomain of the bomgarcloud.com DNS address, such as yoursite.bomgarcloud.com. Optionally, if you would prefer to use your company web address with your own SSL certificate, you can use a Canonical Name (CNAME) record to point your default site address to your preferred address.
Since users use this site to access the /login interface, a simple yet descriptive name is the best approach. For instance, a company named 'Example' might use access.example.com for their CNAME record.
Example Firewall Rules for Cloud Deployments
Below are example firewall rules for use with Bomgar Cloud, including port numbers, descriptions, and required rules.
|Internal Network to the Bomgar Cloud Instance|
|TCP Port 443 (required)*||Used for all session traffic.|
|Bomgar Cloud Instance to the Internal Network|
|TCP Port 25, 465, or 587 (optional)||Allows the appliance to send admin mail alerts. The port is set in SMTP configuration.|
|TCP Port 443 (optional)||Appliance to web services for outbound events.|