Endpoints may be onboarded to CoIP Platform without being placed into an Application. This can be done either to onboard an endpoint for secure access, or as an intermediate step before moving the endpoint to its destined Application.
About built-in secure access
CoIP Platform supports a range of built-in secure access types allows authorized users to instantly connect to onboarded desktops or VMs. Once authenticated through CoIP Launcher in a web browser, users are presented with a list of remote desktops they are authorized to access.
The remote connections are made using the CoIP Overlay, and through the ZNS data services layer. As a result, there is no need to open the firewall or physical network to remote desktop traffic.
When combined with Application Chambers, you can even close the port on the endpoint to the secure access traffic. For example, you can close all inbound ports on a machine (including 3389), yet still allow RDP access.
The built-in secure access methods support access to Linux, Windows, or Mac targets.
Types of built-in secure access
CoIP Platform supports the following built-in secure access methods:
VNC (Linux, Mac targets)
RDP (Windows targets)
NoMachine NX (licensed separately)
Secure Shell (ssh access, with sftp/scp/ssh tunnels blocked)
Onboarding a built-in secure access target
In order to onboard a server or VM as a built-in secure access target, you must download and install the zLink agent to that server. You may download the zLink agent from the zCenter services portal by navigating to Onboarding and Management > Manage Servers and selecting the Register Server button.
Select the target architecture and installation method, and click “Generate Package” to continue.
A URL-downloadable package is only available for 20 minutes; after this time, the URL will expire and must be re-generated.
You may reuse the package downloaded from the zCenter services portal to install it on other machines as needed. However, Zentera releases new features, the zLink agent version available on the portal will be updated; consider always downloading from the portal before installation as a best practice.
Once you have downloaded the package, run the installer on the server to be onboarded. The zLink installer will require root privilege.
Verifying the installation
Once the installation process completes, you will see the server show up in the Onboarding and Management > Manage Servers overview. Servers with the built-in secure access functions enabled are listed as "Access Desktop" or "Access Server" under Server Function. A green status indicator indicates that the zLink agent is running and has an established control channel to the zCenter orchestrator.
Selecting a built-in secure access method
See Built-In Secure Access Policies for information on creating and managing Access Policies for built-in secure access methods.
Offboarding a built-in secure access target
You may offboard a built-in target machine at any time by unregistering the server in zCenter, or by running the uninstaller bundled with the zLink download package.
You may also temporarily offboard a remote desktop target by stopping the zLink service on the target machine.