The Privileged Access Appliance in the Network
The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components. All Bomgar sessions between users and remote systems occur through the server components that run on the appliance. To protect the security of the data in transit, Bomgar uses 256-bit Advanced Encryption Standard (AES) SSL to encrypt all application communications.
Bomgar's architecture offers customers the ability to choose how and where the appliance is deployed. Additionally, customers may configure the security features such that the Bomgar deployment complies with applicable corporate policies or regulations. Security features include role-based access control and secure password requirements.
Bomgar enables remote control by creating a remote outbound connection from the endpoint system to the Bomgar Appliance through firewalls. For Bomgar to provide remote control securely, the appliance is designed to use the most common network infrastructure or architecture that supports internet-accessible applications – a demilitarized zone (DMZ) with firewall protection.
The Bomgar Appliance is designed and tested to ensure it works properly and securely in internet environments. While the appliance can be deployed internal or external to your organization, to achieve optimal security, Bomgar recommends that you place the Bomgar Appliance inside the DMZ, as illustrated. This diagram shows the recommended configuration for one Bomgar Appliance.
By locating the appliance in the DMZ, the appliance is within the secure buffer zone. Since all Bomgar sessions are initiated via outbound connections from the client to the appliance, it is possible to remotely control computers using Bomgar through the firewalls.