Introduction

The RealVNC Connect On-Prem Management Console is a core component of RealVNC Connect On-Prem. The On-Prem Management Console gives customers a browser-based console for centrally managing their on-premises (offline licensed) deployment of RealVNC Connect.

As a self-hosted solution, the Management Console requires no internet access to setup or run, ensuring your network remains locked down and data stays on it.

Team admins can see important account-level information, such as capacity of licensed devices, and user numbers, as well as connection logs for auditing purposes.

The On-Prem Management Console also presents tools for deployment, with a dedicated panel for licensing and download packages.

The On-Prem Management Console runs in-browser after the management client has been installed on a central server location within the network. RealVNC Server is installed on remote devices, as usual, but the management client handles licensing of these, allowing for a centralized view of deployment and usage. Connections are still made through RealVNC Viewer installed locally on devices.

Installation

To install the On-Prem Management Console, first download the MSI installer from within the RealVNC Connect Portal. If you do not have access to this resource, the installer can be provided manually.

The On-Prem Management Console is designed to run on Windows Server 2022, and in order to function correctly, there must be a network route supporting HTTPS traffic between the RealVNC Servers and RealVNC Viewers that you wish to use in this deployment.

As part of the installation, you must provide your own certificates that are used to encrypt the traffic between the On-Prem Management Console and RealVNC Servers and RealVNC Viewers, as well provide a secure browsing experience through HTTPS access to the web application.

Details of the certificate requirements can be found here.

Once the MSI installer has been downloaded and the certificates are available, installation can be completed.

Step 1: Providing SSL certificate details

In the first screen of the Installer, please enter the URL that you want the On-Prem Management Console to be served at. Please note, this should match the domain name specified within your SSL certificate.

Once you have provided this, select continue.

In the second screen of the Installer, please provide the file/folder location of the certificates you wish to use with this deployment. 

Once you have provided this, enter the password specified when the SSL certificate was created.

Step 2: Set PostgresSQL Administrator Credentials

The Management Console uses a Postgres database to store data used during the running of the application. 

Postgres will be installed as part of this process, but in order to interact with this database you must set an administrator username and password that will be used by the Management Console when interacting with Postgres.

Please, retain the username and password for this admin user in a safe location as you will need to provide these admin user credentials of you reinstall the On-Prem Management Console.

Step 3: Installing the files

Once you have set your credentials the installation will commence, this will install the Management Console, the PostgresSQL database and Java.

This process can taka e few minutes to complete.

Should the installation fail for any reason the installed components will be rolled back.

The installation process will automatically create an inbound firewall rule for the On-Prem Management Console called "RealVNC On-Prem Management Console".

Once the dependencies have been installed, the core installation process is now completed and you can move on to First-time configuration.

On-Prem Zone Installer

If your On-Prem Management Console deployment includes the use of the optional On-Prem Zone component, please read the On-Prem Zone Install & Configuration guide to get started.

First-time configuration

Once installed, you must then configure the On-Prem Management Console in order to begin using the product.

Step 1: Importing the license key

Please enter the license key provided to you by your RealVNC contact, or retrieved from the RealVNC Connect Portal.

Step 2: Setting up an administrator account

1. A new administrator account will be automatically generated for you, including a one-time auto generated password.





2. Please remember these credentials and then enter them when prompted:





3. You will then be asked to change this temporary password with a secure password of your choice:

   

This account can then be used to create other users, but before other user accounts are created, this account will be the primary access method for the On-Prem Management Console web application, so please ensure these credentials remain accessible and stored securely.

Using the On-Prem Management Console

Dashboard

Within the On-Prem Management Console, Administrators have access to a Dashboard that displays information relating to the number of licensed devices, status of these devices, statistics about Operating System and Session usage as well as a reminder of the License type and expiry period.

Device Management

Administrators can undertake a variety of Device Management activities designed to ensure they can securely and effectively control the devices within the deployed environment.

Search Devices

Within the Devices section of the On-Prem Management Console, Administrators can search for existing Devices. This is entering the search variable, either Device Name, Server Version, Operating System or Last Seen date, and then choosing your filter method.

Remove Devices

Within the Devices section of the On-Prem Management Console, Administrators can remove an existing device, which will make that license available for re-distribution. To do this, click the ellipsis   icon next to the device you wish to delete.

Once you click ‘Remove Device’ you will be presented with a pop-up where you can press ‘Confirm and delete’, which will action your removal request:

User Management

Within the On-Prem Management Console, Administrators can perform a variety of User Management activities designed to ensure they can securely and effectively control access to the deployed environment.

There are two User Role types available:

• Administrators: these users can access the On-Prem Management Console, as well as the RealVNC Viewers. Within the On-Premise Management Console, they can undertake all the activities described in this guide. This user type should be used for any user who needs to administer access to the deployed environment.

• Users: these users cannot access the On-Prem Management Console, but they can access the RealVNC Viewers. This user type should be used for any user who needs to remotely access/control machines that are managed by the On-Prem Management Console, but who do not need to administer access to the deployed environment.

Search Users

Within the Users section of the On-Prem Management Console, Administrators can search for existing users. This is done by entering the search variable, either Username, First Name, Last Name or Role, and then choosing your filter method:

Create Users

Within the Users section of the On-Prem Management Console, Administrators can create new users. This is done by pressing the ‘Add a new user’  button:

This will launch a pop-up that will allow you to add users, please enter the details requested:

Adding users in bulk

Administrators can also add users in bulk, using a .csv file upload.

From the Add user view, click on the "Upload .csv" button:

Upload a correctly formatted .csv file (a template can be downloaded from this screen) by clicking on the "Select file" button, and then click "Create Users".

Changing a user's password

Within the Users section of the On-Prem Management Console, Administrators can also change the password of existing user. To do this, click the ellipsis next to the user you wish to change:

This will open up a pop-up that allows you to enter or generate a new temporary password, which will invalidate the users existing password:

Please provide this new password to the user in a secure manner. 

This user will then be required to create a new user when they next log in (either to the On-Prem Management Console or the RealVNC Viewer).

Deleting a User

Within the Users section of the On-Prem Management Console, Administrators can also delete an existing user. To do this, click the ellipsis next to the user you wish to change and then Delete User:

You will then be presented with a pop-up where you will be asked to confirm you wish to under this action. Click "Confirm and delete" to delete the user's account:

Audit

Administrators can use the built-in auditing capability to understand and monitor access and activity within the deployed environment.

Searching Audit

Within the Audit section of the On-Prem Management Console, Administrators can search for existing audit records. This is done by entering the search variable, either Device Name, Username, Event Type or Timestamp and then choosing your filter method:

View Audit Detail

Within the Audit section of the On-Prem Management Console, Administrators can view detailed audit data. Once they have found the audit record in question, clicking on the ‘Eye’ Icon will open a pop-up which will provide the full details of the audit record:

Deployment

Within the On-Prem Management Console, Administrators can use the deployment page to understand how to install and integrate RealVNC Viewers and RealVNC Servers into their deployed environment.

This is done by ensuring that each RealVNC Viewer and RealVNC Server have their respective parameters set correctly. Instructions are provided for Manual as well Distributed deployment for Windows, macOS & Linux operating systems:

Since these detailed instructions are included within the On-Prem Management Console, they will not be repeated here, but below is a brief description of the relevant parameters and how they are used:

• Join Token - This is used when first configuring a RealVNC Server to join a deployed environment. The Join Token can be found and edited within the Deployment section of the On-Prem Management Console.

• OPCHOST- This parameter is used to instruct a RealVNC Server or a RealVNC Viewer where to ‘find’ the On-Prem Management Console. This will be the URL that the On-Prem Management Console is accessed at and can be found also within the Deployment section.

• OPCCERTS - This is used to instruct a RealVNC Server or a RealVNC Viewer where to ‘find’ the certificates needed to secure connect to the On-Prem Management Console. This file location must be accessible at all times to the relevant RealVNC Viewer or RealVNC Server.

• ENABLEOPC - This is used to instruct a RealVNC Server or a RealVNC Viewer that they are in a deployed environment and that they must communicate with the On-Prem Management Console.

On-Prem Zone

If your On-Prem Management Console deployment includes the use of the optional On-Prem Zone component, please ensure that when configuring Viewers & Servers, you replace the OPCHOST & OPCCERTS variables with those of the relevant Zone you wish the device to be registered too.

Usage

Within the On-Prem Management Console, Administrators can export Usage data to be provided to RealVNC as part of the renewal process. This data is encrypted to ensure the accuracy and confidentiality of any data. It doesn’t track activity or usage within any sessions, just high-level overview usage data to enable RealVNC to ensure that the right package can be provided at renewal and to prevent against license abuse.

To provide this export, please click ‘Create Export File’ and send this on to RealVNC as requested.

License

Within the On-Prem Management Console, Administrators can update their license as part of the renewal process. Any new license, either to extend the licensed time period or to change the number of provisioned licenses, can be imported by clicking ‘Import new license key’:

From here, you will be able to enter in the On-Prem Management Console license, which can either be retrieved from the RealVNC Connect Portal (https://manage.realvnc.com) or manually provided for customers who don’t have access to this tool. The new license key can be entered into the text box: