Docs
RemoteApp
RemoteApp machine

RemoteApp machine

A RemoteApp machine is a Windows host used to deploy RemoteApp services and install remote applications. Users can access and use the applications on this host remotely, enabling centralized management and remote usage.

Tinker is a tool provided by JumpServer for automating the deployment of RemoteApp services and publishing remote applications. When a user connects to a remote application, Tinker is also responsible for launching the application and performing auto-fill operations. Tinker is automatically installed by JumpServer during the deployment of the publishing machine.

Prerequisites

The RemoteApp machine must meet the following requirements:

  • Running Windows Server 2019 operating system.
  • At least 4 CPU cores and 8 GB of RAM.
  • OpenSSH or WinRM is installed and configured.
  • Remote Desktop Services (RDS) license is installed and activated.
  • Network access to JumpServer over HTTP/HTTPS is available.

Create a RemoteApp machine

1
In the upper-right of the page, click .image
2

In the left menu, click RemoteApp.

3

On the right page, click RemoteApp machine tab.

4

Above the table, click + Create.

5

In the Name field, type RemoteApp machine's name.

6

In the IP/Host field, type the IP address or hostname.

7

In the Protocols field, set the protocol and port.

  • rdp is required for users to connect to the RemoteApp.
  • ssh requires the OpenSSH service to be installed on the machine.
  • winrm requires the WinRM service to be installed on the machine.

You must select either ssh or winrm, as JumpServer uses them to manage the RemoteApp machine, including initial deployment and RemoteApp publishing. By default, the system uses ssh. To use winrm, see Use WinRM for RemoteApp machine.

8

In the Accounts field, add an account to manage the machine. It must meet the following requirements:

  • The account is a member of the Windows Administrators group.
  • Privileged is enabled.
9

Optionally, check Using same account to enable login with the same username.

When the user connects to a RemoteApp , JumpServer will prioritize using a user with the same username to log in RemoteApp machine. This is especially useful when both JumpServer and the RemoteApp machine are integrated with the same AD/LDAP service.

Important

For this feature to work, you need to set CACHE_LOGIN_PASSWORD_ENABLED=true in the config.txt file and restart the service.

10

Optionally, check Auto create accounts to generate two types of accounts automatically:

  • js_ Private accounts use the prefix js_ followed by the user's username.
  • jms_ Public accounts use the prefix jms_ followed by a random string.

When a user connects to a RemoteApp, the system first tries to log in to the RemoteApp machine using the js_ account, which is private and unique to the user. If the RemoteApp on that machine doesn't support concurrent sessions for the same user, the system will instead use a random public jms_ account.

11

Optionally, set Accounts Create Amount to specify the number of public jms_ accounts.

12

In the Core API field, type the JumpServer IP address or hostname.

13

Optionally, check Ignore certificate verification to specify whether to ignore the certificate when Tinker accesses Core API.

14

Optionally, check Existing RDS license to use your own license. If unchecked, a 120-day trial license will be used. For more information, see RDS licensing documentation (opens in a new tab).

1

In the RDS license server field, type the RDS license server address.

2

In the RDS licensing mode field, choose the licensing mode.

3

In the RDS single session per user field, set whether each user is allowed to have only one RDS session. If enabled, when a user connects a second session, the first session will be disconnected.

4

In the RDS max disconnection time (ms) field, defines the maximum amount of time (in milliseconds) a disconnected session remains active.

5

In the RDS remote app logoff time limit (ms) field, specifies how long the system waits before logging off a user after all RemoteApp programs are closed.

15

Optionally, in the Zone field, select only one zone.

16

Check Active to enable this RemoteApp machine.

17

Optionally, type a description for this machine.

18

Click Submit or Save & Continue.

Use WinRM for RemoteApp machine

1

Create a RemoteApp machine and select "winrm" and "rdp" protocols. For more information, see Create a RemoteApp machine.

2
In the upper-right of the page, click .image
1

In the left menu, click Platform.

2

Duplicate the "RemoteAppHost" platform.

3

In the Name field, type a name, such as "RemoteAppHost-WinRM".

4

In the Ansible config field, change ansible_connection from ssh to winrm.

5

Click Submit.

3
In the upper-left of the page, select , then click Console.image
1

Change to "SYSTEM" organization.

2

In the left menu, click Assets.

3

On the right page, find your created RemoteApp machine and click Edit.

4

In the Platform field, select the "RemoteAppHost-WinRM" platform.

5

Click Submit.

4

Finished.

Deploy the RemoteApp machine

1
In the upper-right of the page, click .image
2

In the left menu, click RemoteApp.

3

On the right page, click RemoteApp machine tab.

4

In the table, find the RemoteApp machine and click name.

5

On the details page, click the Deploy publishing machine tab.

6

In the "Quick Update" card on the right, find "Initialization deployment" and click Deploy. This will start a task to initialize the deployment of the RemoteApp machine and publish all RemoteApp.

7

In the table on the left, you can view the deployment history and deployment logs.

Integrate RADIUS (X-Pack)License