Access and Availability
The On-Prem Management Console is part of RealVNC Connect On-Prem and is intended for customers running offline (on-premise) deployments.
The On-Prem Management Console is available with the Enterprise subscription only.
Access to the On-Prem Management Console, including testing and adoption, is coordinated through your Account Manager.
If you do not see the installer available in your RealVNC Connect Portal, please contact your Account Manager for assistance.
Introduction
The RealVNC Connect On-Prem Management Console is a core component of RealVNC Connect On-Prem. The On-Prem Management Console gives customers a browser-based console for centrally managing their on-premises (offline licensed) deployment of RealVNC Connect.
As a self-hosted solution, the Management Console requires no internet access to setup or run, ensuring your network remains locked down and data stays on it.
Team admins can see important account-level information, such as capacity of licensed devices, and user numbers, as well as connection logs for auditing purposes.
The On-Prem Management Console also presents tools for deployment, with a dedicated panel for licensing and download packages.
The On-Prem Management Console runs in-browser after the management client has been installed on a central server location within the network. RealVNC Server is installed on remote devices, as usual, but the management client handles licensing of these, allowing for a centralized view of deployment and usage. Connections are still made through RealVNC Viewer installed locally on devices.
Before you begin
Before installing the On-Prem Management Console, ensure that:
- Your organization has an Enterprise subscription
- Access has been confirmed by your Account Manager
- You have a supported environment available for installation
System Requirements
On-Prem Management Console has the following system requirements.
Operating System
On-Prem Management Console is designed to run on Windows Server 2022 and later.
Software
- .NET Framework 4.7.2 or later installed
- Postgres 17
(installed automatically by the On-Prem Management Console installer) - Java Runtime JRE
(installed automatically by the On-Prem Management Console installer)
Hardware
| Requirement Type | CPU | RAM | Disk |
|---|---|---|---|
| Minimum (Dev/Test) | 1–2 cores | 4 GB | 20 GB |
| Baseline Production | 2 cores | 8 GB | 50–100 GB |
| Recommended Production | 4–8 cores | 16–32 GB | 50–100 GB |
Installation
To install the On-Prem Management Console, first download the MSI installer from within the RealVNC Connect Portal. If you do not have access to this resource, the installer can be provided manually.
The On-Prem Management Console requires SSL certificates to encrypt the traffic between the On-Prem Management Console and RealVNC Servers and RealVNC Viewers, as well provide a secure browsing experience through HTTPS access to the web application.
There are two ways for SSL certificates to be provided for the Management Console, you can generate and provide your own certificates. If you will be providing your own certificates please ensure these are available prior to starting the installation.
Details of the certificate requirements can be found here.
Alternatively, the On-Prem Management Console installer can generate SSL certificates to encrypt traffic. This can be triggered during installation. If you choose the installer generated certificates you will be required to register the certificates as a trusted certificate authority post-installation - see our guide on how to do this here.
We recommend generating and providing SSL certificates for your On-Prem Management Console from a trusted certificate authority/third party as this is a more secure approach. For testing or small scale deployments utilising the Installer generated certificates is acceptable.
Once the MSI installer has been downloaded and the certificates are available (if you will be providing your own), installation can be completed.
Please ensure you have created a DNS entry for the domain you will be using for your On-Prem Management Console installation, so that the installer can launch the registration process at the end and RealVNC Viewer and RealVNC Server can reach the console URL.
Step 1: Providing the Domain URL
In the first screen of the Installer, please enter the URL that you want the On-Prem Management Console to be served at. Please note, this should match the domain name specified within your SSL certificate if you are providing your own SSL certificate.
Once you have provided this, select Continue.
Step 2: Configuring the SSL Certificates
In the second screen of the Installer you will be asked how the SSL certificate will be configured for secure connections. If you are providing your own certitifcate, simply select Continue.
Once you have provided this, enter the password specified when the SSL certificate was created.
Then please provide the file/folder location of the trusted CA bundle you wish to use with this deployment.In the second screen of the Installer you will be asked how the SSL certificate will be configured for secure connections.
If you require Installer generated certificates, select the "Generate new SSL certificates" radio button. This will make the Organization Name field editable, in this field enter the name of the organisation you want to be set as the issuer reference on the generated SSL Certificate. Once you have entered an Organization name, select Continue.Step 3: Configure HTTP Usage
After configuring the SSL certificates for the Management Console, you’ll be asked whether you want your deployment to use HTTP endpoints.
Enabling HTTP endpoints allows the Management Console’s SSL certificate to be downloaded from an unencrypted endpoint and used in On‑Prem Zone deployments without requiring you to manually supply the certificate.
Please note: HTTP is not encrypted, this increases exposure to cyberattacks. We advise that you only enable HTTP endpoints if you are confident in the security of your internal network.
Once you have made your selection, select Continue
Step 4: Selecting the port values
In the fourth screen of the Installer, you will be able to update the ports the Management Console uses. If you have selected to use the HTTP endpoints in your deployment you will have the option to update the ports for both the HTTPS and the HTTP ports. If you are not using the HTTP endpoint you will only be show the HTTPS port value for update. These will be set to default values of:
HTTPS - 443
HTTP - 80
If you will be using the default values, select continue.
If any applications already in use by your organisation is using either of these ports, then you will need to update these to available ports.
If you need to update the ports select the "Change port values" radio button, this will make the port fields editable and you will be able to change the values to available ports.
If you are not using the HTTP endpoint then you will only have the option to update the HTTPS port in this screen:
Once you have edited the values, select Continue.
Step 5: Set PostgreSQL Administrator Credentials
The Management Console uses a Postgres database to store data used during the running of the application.
Postgres will be installed as part of this process, but in order to interact with this database you must set an administrator username and password that will be used by the Management Console when interacting with Postgres.
The Postgres username must be 1-63 characters, start with letter/underscore, contain only letters, digits, underscores, and hyphens.
Please, retain the username and password for this admin user in a safe location as you will need to provide these admin user credentials of you reinstall the On-Prem Management Console.
Step 6: Installing the files
Once you have set your credentials the installation will commence, this will install the Management Console, the PostgresSQL database and Java.
This process can taka e few minutes to complete.
Should the installation fail for any reason the installed components will be rolled back.
The installation process will automatically create an inbound firewall rule for the On-Prem Management Console called "RealVNC On-Prem Management Console".
The On-Prem Management Console should launch automatically post-installation, if the Management Console fails to launch you can copy the URL from the final screen in the Installer and paste this into your browser.
Once the dependencies have been installed, the core installation process is now completed and you can move on to First-time configuration.
On-Prem Zone Installer
If your On-Prem Management Console deployment includes the use of the optional On-Prem Zone component, please read the On-Prem Zone Install & Configuration guide to get started.
First-time configuration
Once installed, you must then configure the On-Prem Management Console in order to begin using the product.
If your web browser did not open automatically after the On-Prem Management Console installation completed, you will need to open it and navigate to the Registration page manually, for example https://console.com/register
Step 1: Importing the license key
Please enter the license key provided to you by your RealVNC contact, or retrieved from the RealVNC Connect Portal.
Step 2: Setting up an administrator account
- A new administrator account will be automatically generated for you, including a one-time auto generated password.
- Please remember these credentials and then enter them when prompted:
-
You will then be asked to change this temporary password with
a secure
password
of your choice:
This account can then be used to create other users, but before other user accounts are created, this account will be the primary access method for the On-Prem Management Console web application, so please ensure these credentials remain accessible and stored securely.
When the SSL certificate being used by the Management Console are Installer generated, the SSL certificate will need to be registered as a trusted Certificate Authority (CA) in order for users to access the Management Console.
If the Management Console has been deployed to use HTTP, then to register the Certificate you will need to navigate to the certificate set up URL in a HTTP protocol, this will be the domain URL of the management console and /certificate-setup, e.g. http://managementconsole.com/certificate-setup, here you will be able to download the certificate and provided with instructions on how to register the certificate with the OS or browser.
When the SSL certificate being used by the Management Console are Installer generated, the SSL certificate will need to be registered as a trusted Certificate Authority (CA) in order for users to access the Management Console.
If the Management Console has been deployed using only HTTPS then to register the Certificate the certificate will need to be downloaded from the Deployment page on the Management Console on the device that the Management Console was installed onto.
How to register the certificate will vary based on the Operating System (OS) or Browser you need to register the certificate with. Instructions for registering the SSL certificate can be found here - https://help.realvnc.com/hc/en-us/articles/36088208963357
Using the On-Prem Management Console
Dashboard
Within the On-Prem Management Console, Administrators have access to a Dashboard that displays information relating to the number of licensed devices, status of these devices, statistics about Operating System and Session usage as well as a reminder of the License type and expiry period.
Device Management
Administrators can undertake a variety of Device Management activities designed to ensure they can securely and effectively control the devices within the deployed environment.
Search Devices
Within the Devices section of the On-Prem Management Console, Administrators can search for existing Devices. This is entering the search variable, either Device Name, Server Version, Operating System or Last Seen date, and then choosing your filter method.
Remove Devices
Within the Devices section of the On-Prem Management Console, Administrators can remove an existing device, which will make that license available for re-distribution. To do this, click the ellipsis icon next to the device you wish to delete.
Once you click ‘Remove Device’ you will be presented with a pop-up where you can press ‘Confirm and delete’, which will action your removal request:
User Management
Within the On-Prem Management Console, Administrators can perform a variety of User Management activities designed to ensure they can securely and effectively control access to the deployed environment.
There are two User Role types available:
Administrators: these users can access the On-Prem Management Console, as well as the RealVNC Viewers. Within the On-Premise Management Console, they can undertake all the activities described in this guide. This user type should be used for any user who needs to administer access to the deployed environment.
Users: these users cannot access the On-Prem Management Console, but they can access the RealVNC Viewers. This user type should be used for any user who needs to remotely access/control machines that are managed by the On-Prem Management Console, but who do not need to administer access to the deployed environment.
Search Users
Within the Users section of the On-Prem Management Console, Administrators can search for existing users. This is done by entering the search variable, either Username, First Name, Last Name or Role, and then choosing your filter method:
Create Users
Within the Users section of the On-Prem Management Console, Administrators can create new users. This is done by pressing the ‘Add a new user’ button:
This will launch a pop-up that will allow you to add users, please enter the details requested:
NOTE
The password you enter here will be a temporary password, this can either be entered or auto-generated. Please provide this password (via a secure method) to the new user, who will then be forced to create a new user on first login (either to the On-Prem Management Console or the RealVNC Viewer).
Adding users in bulk
Administrators can also add users in bulk, using a .csv file upload.
From the Add user view, click on the "Upload .csv" button:
Upload a correctly formatted .csv file (a template can be downloaded from this screen) by clicking on the "Select file" button, and then click "Create Users".
Changing a user's password
Within the Users section of the On-Prem Management Console, Administrators can also change the password of existing user. To do this, click the ellipsis next to the user you wish to change:
This will open up a pop-up that allows you to enter or generate a new temporary password, which will invalidate the users existing password:
Please provide this new password to the user in a secure manner.
This user will then be required to create a new user when they next log in (either to the On-Prem Management Console or the RealVNC Viewer).
Deleting a User
Within the Users section of the On-Prem Management Console, Administrators can also delete an existing user. To do this, click the ellipsis next to the user you wish to change and then Delete User:
You will then be presented with a pop-up where you will be asked to confirm you wish to under this action. Click "Confirm and delete" to delete the user's account:
Audit
Administrators can use the built-in auditing capability to understand and monitor access and activity within the deployed environment.
Searching Audit
Within the Audit section of the On-Prem Management Console, Administrators can search for existing audit records. This is done by entering the search variable, either Device Name, Username, Event Type or Timestamp and then choosing your filter method:
View Audit Detail
Within the Audit section of the On-Prem Management Console, Administrators can view detailed audit data. Once they have found the audit record in question, clicking on the ‘Eye’ Icon will open a pop-up which will provide the full details of the audit record:
Deployment
Within the On-Prem Management Console, Administrators can use the deployment page to understand how to install and integrate RealVNC Viewers and RealVNC Servers into their deployed environment.
This is done by ensuring that each RealVNC Viewer and RealVNC Server have their respective parameters set correctly. Instructions are provided for Manual as well Distributed deployment for Windows, macOS & Linux operating systems:
To get the full features of the On-Prem Management Console, you will need to install compatible Viewer and Server applications.
The compatible versions are:
- RealVNC Viewer 7.15.0 and later
- RealVNC Connect Viewer 8.3.0 and later
- RealVNC Server 7.15.0 and later
Since these detailed instructions are included within the On-Prem Management Console, they will not be repeated here, but below is a brief description of the relevant parameters and how they are used:
Join Token - This is used when first configuring a RealVNC Server to join a deployed environment. The Join Token can be found and edited within the Deployment section of the On-Prem Management Console.
OPCHOST- This parameter is used to instruct a RealVNC Server or a RealVNC Viewer where to ‘find’ the On-Prem Management Console. This will be the URL that the On-Prem Management Console is accessed at and can be found also within the Deployment section. Please note that this parameter is case sensitive and must exactly match the domain name in your SSL certificate.
OPCCERTS - This is used to instruct a RealVNC Server or a RealVNC Viewer where to ‘find’ the certificates needed to secure connect to the On-Prem Management Console. This file location must be accessible at all times to the relevant RealVNCViewer or RealVNCServer.
This setting must point to the .pem root or intermediate certificate, and not the .p12 file.
For more information on the certificate requirements please refer to On-Prem Management Console - Certificate Requirements.ENABLEOPC - This is used to instruct a RealVNC Server or a RealVNC Viewer that they are in a deployed environment and that they must communicate with the On-Prem Management Console.
On-Prem Zone
If your On-Prem Management Console deployment includes the use of the optional On-Prem Zone component, please ensure that when configuring Viewers & Servers, you replace the OPCHOST & OPCCERTS variables with those of the relevant Zone you wish the device to be registered too.
Usage
Within the On-Prem Management Console, Administrators can export Usage data to be provided to RealVNC as part of the renewal process. This data is encrypted to ensure the accuracy and confidentiality of any data. It doesn’t track activity or usage within any sessions, just high-level overview usage data to enable RealVNC to ensure that the right package can be provided at renewal and to prevent against license abuse.
To provide this export, please click ‘Create Export File’ and send this on to RealVNC as requested.
License
Within the On-Prem Management Console, Administrators can update their license as part of the renewal process. Any new license, either to extend the licensed time period or to change the number of provisioned licenses, can be imported by clicking ‘Import new license key’:
From here, you will be able to enter in the On-Prem Management Console license, which can either be retrieved from the RealVNC Connect Portal (https://manage.realvnc.com) or manually provided for customers who don’t have access to this tool. The new license key can be entered into the text box:
Comments
Article is closed for comments.