Bomgar Cloud Network Infrastructure

The architecture of the Bomgar application relies on the Bomgar Cloud instance as a centralized routing point for all communications between application components. All Bomgar sessions between users and remote systems occur through the server components that run on the appliance. To protect the security of the data in transit, Bomgar uses TLSv1.2 to encrypt all application communications.

Customers may configure the security features such that the Bomgar deployment complies with applicable corporate policies or regulations. Security features include role-based access control, secure password requirements, and features to give remote support recipients the ability to resume control of their computers.

Bomgar enables remote control by creating a remote outbound connection from the endpoint system to the Bomgar Cloud instance. The Bomgar Cloud site is designed and tested to ensure it works properly and securely in the Bomgar Cloud infrastructure. Since all Bomgar sessions are initiated via outbound connections from the client to the appliance, it is possible to remotely control computers using Bomgar through firewalls.

Bomgar Cloud Network Infrastructure Diagram

Bomgar Appliance Network Infrastructure

Each Bomgar Cloud site comes with a subdomain of the bomgarcloud.com DNS address, such as yoursite.bomgarcloud.com. Optionally, if you would prefer to use your company web address with your own SSL certificate, you can use a Canonical Name (CNAME) record to point your default site address to your preferred address.

Since any customers you support using Bomgar use the public portal name you give them to request remote support, a simple yet descriptive name is the best approach. For instance, a company named 'Example' might use support.example.com for their CNAME record.

Example Firewall Rules for Cloud Deployments

Below are example firewall rules for use with Bomgar Cloud, including port numbers, descriptions, and required rules.

Firewall Rules
Internal Network to the Bomgar Cloud Instance
TCP Port 80 (optional) Used to host the portal page without the user having to type HTTPS. The traffic can be automatically rolled over to port 443.
TCP Port 443 (required) Used for all session traffic.
Bomgar Cloud Instance to the Internal Network
TCP Port 25, 465, or 587 (optional) Allows the appliance to send admin mail alerts. The port is set in SMTP configuration.
TCP Port 443 (optional) Appliance to web services (e.g., HP Service Manager, BMC Remedy) for outbound events.