Console Connect architecture and region setup

Avatar
Nerdio Product Support

Console Connect architecture and region setup

Console Connect architecture overview

Console Connect provides secure, remote connectivity between IT support staff and endpoints on Azure Virtual Desktop, Windows 365 Cloud PCs, or Intune managed devices through Nerdio Manager for Enterprise . It enables administrators, help desk staff, and Console Connect operators to perform remote sessions, transfer files, and manage devices without requiring direct inbound connectivity to the endpoint. The architecture leverages a Console Connect Region as the secure communications hub, ensuring that connections between all endpoints are brokered securely over TLS (TCP 443) as illustrated:

Console Connect components

The following components make up the overall Console Connect solution:

Nerdio Manager app

The Nerdio Manager app provides the management interface for IT support staff. It communicates with the Console Connect Region to obtain connection information and supports a number of different roles such as:

  • Admin

  • Help Desk

  • Console Connect Operator

Console Connect Region

The Console Connect Region is a cloud-hosted broker service that manages communication between IT support session and endpoints. This service handles the device registration and identification as well as IP addresses of hosts for providing connectivity during a Console Connect support session. It ensures all traffic is encrypted and routed securely.

  • TLS 443: Device registration and metadata exchange

  • TLS 443: Remote sessions, file transfer, remote control, and management

Traffic flow summary

The process flow of Console Connect work in the following way:

  • Using the Nerdio Manager app management interface, IT support staff request a connection to a device.

  • The Nerdio Manager app communicates with the Console Connect Region to retrieve the device details.

  • The Console Connect Region validates the target endpoint and then establishes the initial connection request.

  • Once authorized, IT support staff can establish a secure session with the endpoint.

Region setup overview

Console Connect Regions act as local secure brokers for remote connectivity between IT support staff and supported endpoints, such as Intune managed physical endpoints, AVD host pools, and Windows 365 Cloud PCs. Setting up a region ensures that traffic is routed locally and sessions are optimized to provide Console Connect capabilities for IT support staff.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Related articles

Comments (0 comments)

Please sign in to leave a comment.