Remote Application

Note：JumpServer Community edition supports remote application with Website only.

1 Function Description

• The RemoteApp functionality, released by Microsoft after Windows Server 2008, is an integrated service feature within the system. It enables users to access remote desktops and applications from client, allowing them to use various desktops and applications published remotely without needing to install the operating system and applications on their local client machine.

2 RemoteAPP machine

• RemoteApp need to configure an host for remote application.
• The RemoteAPP server is the primary entity responsible for running web page assets or executing programs such as Navicat for connecting to Database remotely.

2.1 Edition Requirement

• The Remote Application Srver is a Windows Server，Windows edition requirement is as follows：

Windows Server 2016	Windows Server 2019

2.2 RemoteApp Server Creation

• Clicking on Create at page of RemoteAPP server then create a new Remote Application Server.

• We support deploying the application deployment server using the WinRM and OpenSSH protocols (it's recommended to use the WinRM service included with Windows Server).

WinRMOpenSSH

• If you deploy the RemoteAPP server with WinRM protocol, it need to add the WinRM protocol on the page of create remoteapp server page.

• WinRM configure successfully.

• To deploy the application deployment server using the OpenSSH protocol, you need to install the OpenSSH protocol. You can find the OpenSSH installation package on the JumpServer page by navigating to Web Terminal - Help - Download.

• After uploading the OpenSSH installation package to the RemoteAPP server, double-click on it to start the installation process.

• OpenSSH configure successfully.

• Detailed Parameter Description：

Parameter	Description
Name	Name of the RemoteAPP Server
IP/Host	IP address of RemoteAPP Server
Protocol Group	Protocol groups and ports supported by RemoteAPP Server
Account List	The connection account information for the RemoteAPP Server, e.g, would be Administrator
Automatic Account Creation	The account created through this option is used to connect to the RemotpAPP
The number of accounts created	The number of accounts created for user shared
IP Address of Core service	The communication address for the Agent on the RemoteAPP Server with the Core component of JumpServer is typically configured as the IP address or hostname of the JumpServer server
RDS License	Enable RDS License
RDS License Sever	Enable RDS License Server
RDS Authorization Mode	Select "Device" or "User" to set the authorization mode. A.Device：Allows one device (used by any user) to connect to the application deployment server. B.User：Grants one user access to the application deployment server from an unlimited number of client computers or devices
RDS Single-User Session	Choose between "Disable" or "Enable" to set the single-user single-session mode. A.Disable：Allow each user to connect to the server's remote desktop from multiple client computers simultaneously. B.Enable：Disallow each user from connecting to the server's remote desktop from multiple client computers simultaneously
RDS Maximum time of disconnection	If a session connection reaches this maximum time, the connection will be automatically terminated
RemoteAPP logout time limit	Logout time after a remote application session is disconnected

2.3 RemoteAPP Deployment

• After creating the application deployment server, you need to manually execute the deployment of the application deployment server by installing Python, Chrome, Navicat, DBeaver, or custom remote applications.
• Click on the Name of RemoteAPP Server to enter the details page，Select the Deployment tab within the details page，Click the Initialize Deployment button in the "Quick Update Module" section to initialize the RemoteAPP server.

2.4 View RemoteAPP server details

• Clicking on RemoteAPP Details button and enter the page of RemoteApp server details.
• The page contains detailed information about the RemoteAPP, including a list of RemoteAPP accounts, RemoteAPP applications and deployment logs etc.

• Detailed Parameter Description：

Module	Description
Details	This module primarily includes the basic information of the RemoteAPP server and simple automated tasks such as updating hardware information and testing connectivity.
Account List	This module primarily manages the accounts on the RemoteAPP server. By default, JumpServer creates 100 system users to support remote sessions
Remote Application	This module contains default remote applications as well as custom remote application information. Within this module, you can directly deploy remote applications
RemoteAPP Deployment	This module is primarily used for the initial deployment of the RemoteAPP server and for viewing deployment logs
Activity Logs	This module records activity log for the RemoteAPP server. Clicking on it allows you to view the details of the activity

3 Remote Application

• Creating remote application resources allows for remote access to asset and implements password autofill functionality.
• For example, here's the process of accessing JumpServer web page with password autofill:

3.1 Create Website Asset

• Click and switch to view of Console at Asset Management - Asset List Page.
• Select Web tab，click to create Website asset.

• The Selector parameter needs to be obtained from the code parameters on the target URL page.
• For elements details you can open the developer tools page for the target URL using F12 :

• Fill in the obtained parameters to the target website asset created, referring to the first image in the current page's 3.1 Tittle.

3.2 Create rule of asset authorization

• Click and switch to Permission Management - Asset Authorization page.
• Create a new rule of authorization，following the figure：

3.3 Access Website asset

• To access the target Website asset through the Web Terminal, you'll need to follow these steps:
• Accessing Website assets requires the local client to install the JumpServer client program. The installation package can be found on the JumpServer page - Web Terminal - Help - Download page.

3.4 Page Layout

• The current RemoteAPP page layout is:

4 Customized Applet

4.1 Applet Introduction

• Applet is a directory that contains Python scripts and must include at least the following files：

├── i18n.yml
├── icon.png
├── main.py
├── manifest.yml
└── setup.yml

• Description of the purpose of file name：

File Name	Description
main.py	Auto filled executed script of Python
icon.png	ICON of Applet
manifest.yml	Applet elements
setup.yml	Installation description
i18n.yml	The file for manifest.yml internationalization

4.2 Metadata Description with Manifest.yml

• Manifest.yml defines the metadata of Applet, such as name, author, version, and supported protocols.

name: mysql_workbench8 （required）
display_name: MySQL Workbench8
comment: A tool for working with MySQL, to execute SQL and design tables (required）
version: 0.1 (required）
exec_type: python (reserved，Not yet used)
author: Eric (required）
type: general (required）
update_policy: none (Not yet used)
tags: (required）
  - database
protocols: (required）
  - mysql

• Detailed Parameter Description：

Parameter	Description
name	The name should preferably be alphabetical and not contain special characters
protocols	Protocols supported by Applet script
tags	Labels
type	Mainly option is General or Web。
i18n.yml	The file for manifest.yml internationalization

4.3 Installation conditions with setup.yml

• setup.yml defines the installation type of programs called up by Applet

type: msi # exe, zip, manual
source: https://jms-pkg.oss-cn-beijing.aliyuncs.com/windows-pkgs/mysql-workbench-community-8.0.31-winx64.msi
arguments:
  - /qn
  - /norestart
destination: C:\Program Files\MySQL\MySQL Workbench 8.0 CE
program: C:\Program Files\MySQL\MySQL Workbench 8.0 CE\MySQLWorkbench.exe
md5: d628190252133c06dad399657666974a

• Detailed Parameter Description：

Parameter	Description
type	Installation type of software msi：Installable softwar. exe：Installable software. zip：Unzip to install software。 manual：Installation manually
source	Softwaer download address
arguments	Arguments need by installation of msi or exe with silent installation
destination	Program installation directory
program	Specific software address。
md5	Md5 of the program，Mainly used to verify whether the installation was successful

• If you choose manual installation, keep the source and other fields empty, and do not verify the MD5 value. You need to manually login to the Apple host (application publishing machine) to install the software.

4.4 Script execut with main.py

• main.py is the main program with python
• The remoteapp program Tinker on JumpServer will be executed by calling 'Python main.py base64_json_data'.
• Base64_json_data is a string of JSON data after base64, containing authentication information such as assets and accounts. The data format is as follows, and adjustments should be made according to API changes：

{
  "app_name": "mysql_workbench8",
  "protocol": "mysql",
  "user": {
    "id": "2647CA35-5CAD-4DDF-8A88-6BD88F39BB30",
    "name": "Administrator",
    "username": "admin"
  },
  "asset": {
    "asset_id": "46EE5F50-F1C1-468C-97EE-560E3436754C",
    "asset_name": "test_mysql",
    "address": "192.168.1.1",
    "protocols": [
      {
        "id": 2,
        "name": "mysql",
        "port": 3306
      }
    ]
  },
  "account": {
    "account_id": "9D5585DE-5132-458C-AABE-89A83C112A83",
    "username": "root",
    "secret": "test"
  },
  "platform": {
    "charset": "UTF-8"
  }
}