After setting up your docker instance please edit the "custom relay" fields in your admin panel.
Hah, they would surely flag Anydesk too, as they have flagged AutoHotKey, TinyTask, Macrium Reflect, qBittorrent and other things. Basically everything your "regular" user doesn't use. ("They" of course being heuristics, not actual lists.)Hi ZainT! You don't need any links for the docker version. Plese use the short tutorial above (it's very simple if you have docker already installed, just 2 command lines).
I guess your employers NOC does not flag Anydesk after recent attack on them where the attackers got unattended access to Samsung, Cloudflare, Attlasian and many more
As for security we are again going one step above by adding TPM 2.0 for RSA4096 key generation. This way the symetric AES256 keys will be exchanged using a machine assigned RSA key from the TPM (Remotly will have no access to the private asymetric key). Also all IDs of machines added to the trusted unattended list will be encrypted using TPM2.0 making it impossible for any third party to generate and inject their machine ID as a trusted one and gain hacked access.
We are integrating Remotly with several government institutions. Of course they also were suspicious at first. But after several presentations they have no more objections and are changing Teamviewer and Anydesk to our solution.
We are also going to certificate Remotly for security by one of the major certification organizations.
We are sure that in the near future Remotly will become the most secure remote access software for home and professional use.
No worries, it's easy getting things wrongSorry ZainT! I thought you were to use the docker version I will ask someone from our team to either add a link to the bare metal version with the relay in the panel or I will paste a link here shortly.
Is port 443 needed or could any port be used? I was planning on using 21, 587 and 993.As for NOC flagging we know that the problem exists in one place. The relay does not use an SSL/TLS certificate as it would require a domain with a certificate to even start the relay.
The relay is just a pipe for transporting AES256 encrypted data. It has no access to the symmetric key so an attack on the relay and getting the streamed audio/video data will not do the attacker any good.
The 443 port is used to fool most of the HW firewalls. But some of them use heuristics and may block this traffic.
For this we are preparing an even more advance solution where you will need a domain and a wildcard certificate and use a subdomain address instead of the IP.
So for example on our side will have several public relays of as I call it "last resort" like:
For others it will look like: remotly-relay.domain.com
In the panel you will enter the subdomain address of the relay assigned to your organisation and the 443 port will be used as this will be a standard TLS connection (TLS will envelope the AES256 stream making it encrypted twice).
Hah, they would surely flag Anydesk too, as they have flagged AutoHotKey, TinyTask, Macrium Reflect, qBittorrent and other things. Basically everything your "regular" user doesn't use. ("They" of course being heuristics, not actual lists.)
Unfortunately the entire company gets treated the same (and without too much info, what I do is not exactly level 1), so they rather like me personally, but they don't like dealing with the warnings coming from my user account. Actually in my mind, the more legit software that triggers warnings the better...
While on the subject, are you thinking about support for security keys (YubiKey in my case)?
No worries, it's easy getting things wrong
Is port 443 needed or could any port be used? I was planning on using 21, 587 and 993.