Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Solution Framework
  3. Security Posture & Compliance

Category filter

Securing Technician Sessions with End-to-End Encryption for Remote Support

Jump To

1. Overview

Secure Remote Control functions as the “Digital Safety Net” for IT administration within the Hexnode ecosystem. It enables secure remote interaction between the administrator’s Hexnode UEM Portal and the managed device.

Core Protections:

  • Uses encrypted communication channels between the device and the Hexnode Cloud.
  • Protects remote sessions from interception risks, such as Man-in-the-Middle (MitM) attacks, through HTTPS/TLS-based secure transport.
  • Supports organizations in maintaining enterprise security and compliance frameworks (e.g., SOC 2, HIPAA, and GDPR) through strict access controls and audit logging.
  • Secures visual data (screen pixels) and input commands (keystrokes, touches) during remote sessions.

2. Technical Encryption Specifications

Hexnode utilizes secure communication protocols and real-time transport technologies to protect remote session data exchanged between the endpoint and the Hexnode Cloud.

Security Layer Standard/ Protocol Purpose in Hexnode UEM
Data in Transit TLS Secures communication between the Hexnode UEM portal and managed devices.
Session Streaming Secure real-time transport technologies Enables encrypted screen streaming and remote interaction.
Connection Establishment NAT traversal mechanisms (e.g., STUN) Facilitates secure portal-to-device connectivity behind firewalls and NAT environments.
Identity Validation Certificate-based validation Ensures devices communicate only with verified Hexnode Cloud endpoints.

3. Network & Connectivity Requirements

To maintain secure and uninterrupted remote sessions, the following network parameters must be permitted on corporate firewalls:

Port Protocol Hexnode-Specific Purpose
443 TCP Primary HTTPS port used for encrypted communication and remote session signaling.
3478 TCP/UDP Used for NAT traversal to establish remote connections in restricted networks.
5349 TCP Secure NAT traversal over TLS for session establishment.
80 TCP May be used for initial communication or fallback scenarios where applicable.

4. Authorization & Access Control

Hexnode governs remote sessions through strict access controls to ensure that only authorized administrators can initiate remote actions:

  • Role-Based Access Control (RBAC): Access to the Manage tab and the ability to trigger remote sessions is governed by custom or default administrative roles configured in Admin > Technicians and Roles.
  • Standard User Consent (Privacy Level): By default, end-users receive a prompt via the Hexnode Remote Assist app (or native OS prompts) and must explicitly tap “Allow” (e.g., granting Screen Recording or Accessibility permissions) before the session begins.
  • Unattended Access: Cannot be triggered silently by default on standard user devices. It requires administrators to configure and deploy the appropriate Policy to enable remote viewing on supported device types (commonly used for Kiosk Lockdown, POS systems, or dedicated endpoints).

5. Session Privacy & Compliance Features

To protect end-user privacy and maintain immutable audit trails for enterprise compliance, Hexnode enforces the following controls:

  • Automated Audit Logging: Every remote session start, stop, and failure is recorded. Administrators can review these in the Action History under the Device Summary page or globally via Reports > Audit Reports.
  • Configurable Privacy Levels: Administrators must explicitly define the remote interaction behavior in the portal. Employee-facing devices are typically configured with “Prompt User” to ensure privacy compliance.
  • Granular Policy Targeting: Remote access policies, including unattended configurations, can be restricted to specific Device Groups or User Groups. This ensures silent remote access is not inadvertently applied to unintended endpoints, such as BYOD (Bring Your Own Device) hardware.

6. Implementation Workflow: Enabling Secure Control

Enabling the feature requires configuring global settings, deploying companion applications, and initiating the remote action.

Step A: Enable Global Settings

  1. Navigate to Admin > General Settings in the Hexnode UEM Portal.
  2. Scroll to the Remote View & Control Settings section.
  3. Check Enable Remote View and Enable Remote Control.
  4. Click Save.

Step B: Ensure Necessary Applications are Present

Ensure that the Hexnode UEM app and the Hexnode Remote Assist app are installed on the targeted endpoints.

Additionally, verify that all required permissions for Remote View and Remote Control (such as screen capture and accessibility access, where applicable) have been granted on the device.

Step C: Initiating the Session

  1. Navigate to the Manage tab.
  2. Select the target device to open the Device Summary page.
  3. Click the Actions dropdown menu.
  4. Select Start Remote View or Start Remote Control.

7. Troubleshooting Common Issues

  • Issue: Remote Session Fails to Initialize
    • Cause: The device may be offline, not actively syncing with Hexnode UEM, required network ports (such as TCP 443) may be blocked, or secure traffic may be intercepted by firewall or proxy configurations.
    • Fix: Confirm that the device is online and recently synced.Ensure required ports are allowed through the firewall and exclude Hexnode Cloud traffic from SSL inspection or deep packet inspection mechanisms.
  • Issue: “Start Remote View” or “Start Remote Control” Option Greyed Out
    • Cause: Remote View and Remote Control may not be enabled in global settings, or the assigned technician role may not have the necessary remote access permissions.
    • Fix: Verify that Remote View and Remote Control are enabled under Admin > General Settings and confirm that the technician role includes appropriate remote access privileges under Admin > Technicians and Roles.
  • Issue: Black Screen During Remote Session
    • Cause: The device may be locked, asleep, or awaiting user consent.Required screen capture or accessibility permissions may not be granted.
    • Fix: Unlock the device and ensure that all required permissions for remote viewing or control are granted before initiating the session.
Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Solution Framework