Creating a remote management plan

You can create a remote management plan, and then assign it to a workload to configure the remote desktop and assistance functionality on the managed workload.

The availability of the remote management plan's settings depends on the license that is assigned to the workload.

Prerequisites

  • 2FA is enabled for your user account.
  • If the managed device is joined to Entra ID (formerly Azure AD), and you want to connect to it by using the NEAR protocol, see this KB article.

To create a remote management plan

From Remote management plans

  1. In the Cyber Protect console, go to Management > Remote management plans.

  2. Create a remote management plan by using one of the two options.

    • If there are no remote management plans in the list, click Create.

    • If there are remote management plans in the list, click Create plan.

  3. To change the default name of the plan, click the pencil icon, enter the name of the plan, and then click Proceed.

  4. Click Connection protocols, and enable the protocols that you want to be available in this remote management plan for remote connections - NEAR, RDP, or Apple Screen Sharing.

  5. [Optional] For the NEAR protocol, in the Security settings section, select or clear the checkboxes to enable or disable the corresponding settings, and then click Done.

    Setting Description Available for
    Lock the workload when the user disconnects from the console session If you select this setting, the remote workload will be locked when you disconnect from the console session. Windows, macOS
    Allow only one user at a time to connect using NEAR or to transfer files If you select this setting, connections using NEAR and file transfers will not be possible while there is an active remote connection to the workload. Windows, macOS, Linux
    Allow the workload's administrator to connect to any non-admin user session

    If you select this setting, the administrator will be allowed to connect to any standard user session on the workload.

    If both Allow the workload's administrator to connect to any non-admin user session and Allow system session creation are clear, you will only be able to connect to active administrator sessions on the remote macOS workloads.

    		 Windows, macOS
    Allow system session creation

    If you select this setting, when establishing remote connections, the administrator will connect in a new session, instead of one of the existing active sessions.

    		 macOS
    Allow clipboard synchronization If you select this setting, you will be able to transfer data between your clipboard and the clipboard of the remote workload. For example, you will be able to copy some text from a file on the remote workload and paste it in a file on your workload, and the opposite. Windows, macOS, Linux

  6. [Optional] For the NEAR protocol, in the Remote session intelligence section, select or clear the checkboxes to enable or disable the corresponding settings, and then click Done.

    Setting Description Available for
    Remote session summaries

    If you select this setting, starting a remote session automatically starts a recording. Thus, the troubleshooting actions that were taken during the remote session are captured and used by AI to generate a session summary.

    The user of the remote workload is notified about the recording and can stop it at any time.

    The maximum recording duration is 1 hour.

    		 Windows, macOS, Linux
    In-session assistance and recommendations by Acronis AI If you select this setting, AI-generated troubleshooting recommendations are available during remote sessions, based on alert details, helpdesk chat context, EDR incident attack summaries, or user prompts. Windows, macOS

  7. Click Security settings, select or clear the checkboxes to enable or disable the corresponding setting, and then click Done.

    Setting Description
    Show if the workload is controlled remotely If you select this setting, a notification will be displayed on the desktop of the remote workload when there is an active remote desktop connection to the workload.
    Ask for the user's permission to take screenshots of the workload If you select this setting, the user of the remote workload will be notified when the administrator requests screenshot transmission from the workload.

  8. Click Workload management, select the features that you want to be available on the remote workloads, and then click Done.

    Setting Description Available on
    File transfer Enables the file transfers between local and remote workloads. Windows, macOS, Linux
    Screenshot transmission Enables the transmission of screenshots of the desktop of the remote workload to the Cyber Protect console. Windows, macOS, Linux
    Geolocation tracking Enables tracking the workload location when location services are enabled in the operating system settings of the workload.

    Windows, macOS, Linux
    Chat Enables live chat between a technician who is logged in to the Cyber Protect console and a user who is logged in to the remote workload. Windows, macOS

  9. Click Display settings, select or clear the checkboxes to enable or disable the corresponding setting, and then click Done.

    The Display settings are only available for connections via NEAR.

    Setting Description Available on
    Use Desktop Deduplication for desktop capturing Desktop duplication is one of the screen capture methods on Windows. In some environments, it might be unstable. If you do not use Desktop deduplication, you will use the basic method (BitBlt) instead- it is much slower, but more stable. Windows
    Use OpenCL acceleration

    OpenCL acceleration can speed up the Adaptive codec, which is responsible for the Balanced quality mode, by running some computations on the graphics processing unit (GPU). This requires an installation of an OpenCL driver on the remote Linux.

    Adaptive Codec is using OpenCL on macOS and Windows, if it is available in your graphics drivers.

    		 Linux
    Use hardware H.264 encoding

    NEAR supports three quality modes: Smooth, Balanced, and Sharp.

    Smooth mode uses hardware H.264 encoding to encode the desktop picture.

    Balanced mode uses Adaptive codec, which provides full picture quality in 32 bit, compared to the 'video' mode used by H.264. The picture quality is automatically adjusted according to your current network conditions and retains the current framerate.

    Sharp mode uses Adaptive codec, which provides full picture quality in 32 bit, compared to the 'video' mode used by H.264. The picture quality is always full, but it might be with reduced frames per seconds, if your network or processor/video card are overloaded.

    Windows, macOS

  10. Click Toolbox, select or clear the checkboxes to enable or disable the corresponding setting, and then click Done.

    Setting Description Available on
    Show last logged-in users If you select this setting, the information about the users who last logged in to the workloads will be visible in the workload's details.
    For more information about the last logged-in users, see Viewing the last logged-in user.

    Windows, macOS, Linux
    Remote command-line interface

    This setting enables the remote access to the command-line interface of the managed device.

    		 Windows, macOS

  11. [Optional] To add workloads to the plan:

    1. Click Add workloads.
    2. Select the workloads, and then click Add.
    3. If there are compatibility issues that you want to resolve, follow the procedure as described in Resolving compatibility issues.
  12. Click Create.

From All devices

  1. In the Cyber Protect console, go to Devices > All devices.

  2. Click the workload to which you want to apply a remote management plan.

  3. Click Protect, and then click Add plan.

  4. Click Create plan, and select Remote management.

  5. To change the default name of the plan, click the pencil icon, enter the name of the plan, and then click Proceed.

  6. Click Connection protocols, and enable the protocols that you want to be available in this remote management plan for remote connections - NEAR, RDP, or Apple Screen Sharing.

  7. [Optional] For the NEAR protocol, in the Security settings section, select or clear the checkboxes to enable or disable the corresponding settings, and then click Done.

    Setting Description Available for
    Lock the workload when the user disconnects from the console session If you select this setting, the remote workload will be locked when you disconnect from the console session. Windows, macOS
    Allow only one user at a time to connect using NEAR or to transfer files If you select this setting, connections using NEAR and file transfers will not be possible while there is an active remote connection to the workload. Windows, macOS, Linux
    Allow the workload's administrator to connect to any non-admin user session

    If you select this setting, the administrator will be allowed to connect to any standard user session on the workload.

    If both Allow the workload's administrator to connect to any non-admin user session and Allow system session creation are clear, you will only be able to connect to active administrator sessions on the remote macOS workloads.

    		 Windows, macOS
    Allow system session creation

    If you select this setting, when establishing remote connections, the administrator will connect in a new session, instead of one of the existing active sessions.

    		 macOS
    Allow clipboard synchronization If you select this setting, you will be able to transfer data between your clipboard and the clipboard of the remote workload. For example, you will be able to copy some text from a file on the remote workload and paste it in a file on your workload, and the opposite. Windows, macOS, Linux

  8. [Optional] In the Remote session intelligence section, select or clear the checkboxes to enable or disable the corresponding settings, and then click Done.

    By using these AI features, you agree to Acronis's Terms of Use.

    Setting Description Available for
    Remote session summaries If you select this setting, the troubleshooting actions taken during remote sessions are captured and used by AI to generate a session summary. The maximum recording duration is 1 hour. Windows, macOS, Linux
    In-session assistance and recommendations by Acronis AI If you select this setting, AI-generated troubleshooting recommendations are available during remote sessions, based on alert details, helpdesk chat context, EDR incident attack summaries, or user prompts. Windows, macOS, Linux

  9. Click Security settings, select or clear the checkboxes to enable or disable the corresponding setting, and then click Done.

    Setting Description
    Show if the workload is controlled remotely If you select this setting, a notification will be displayed on the desktop of the remote workload when there is an active remote desktop connection to the workload.
    Ask for the user's permission to take screenshots of the workload If you select this setting, the user of the remote workload will be notified when the administrator requests screenshot transmission from the workload.

  10. Click Workload management, select the features that you want to be available on the remote workloads, and then click Done.

    Setting Description Available on
    File transfer Enables the file transfers between local and remote workloads. Windows, macOS, Linux
    Screenshot transmission Enables the transmission of screenshots of the desktop of the remote workload to the Cyber Protect console. Windows, macOS, Linux
    Geolocation tracking Enables tracking the workload location when location services are enabled in the operating system settings of the workload.

    Windows, macOS, Linux

    Chat Enables live chat between a technician who is logged in to the Cyber Protect console and a user who is logged in to the remote workload. Windows, macOS

  11. Click Display settings, select or clear the checkboxes to enable or disable the corresponding setting, and then click Done.

    The Display settings are only available for connections via NEAR.

    Setting Description Available on
    Use Desktop Deduplication for desktop capturing Desktop duplication is one of the screen capture methods on Windows. In some environments, it might be unstable. If you do not use Desktop deduplication, you will use the basic method (BitBlt) instead- it is much slower, but more stable. Windows
    Use OpenCL acceleration

    OpenCL acceleration can speed up the Adaptive codec, which is responsible for the Balanced quality mode, by running some computations on the graphics processing unit (GPU). This requires an installation of an OpenCL driver on the remote Linux.

    The Adaptive Codec is using OpenCL on macOS and Windows, if it is available in your graphics drivers.

    		 Linux
    Use hardware H.264 encoding

    NEAR supports three quality modes: Smooth, Balanced, and Sharp.

    Smooth mode uses hardware H.264 encoding to encode the desktop picture.

    Balanced mode uses Adaptive codec, which provides full picture quality in 32 bit, compared to the 'video' mode used by H.264. The picture quality is automatically adjusted according to your current network conditions and retains the current framerate.

    Sharp mode uses Adaptive codec, which provides full picture quality in 32 bit, compared to the 'video' mode used by H.264. The picture quality is always full, but it might be with reduced frames per seconds, if your network or processor/video card are overloaded.

    		 Windows, macOS

  12. Click Toolbox, select or clear the checkboxes to enable or disable the corresponding setting, and then click Done.

    Setting Description Available on
    Show last logged-in users If you select this setting, the information about the users who last logged in to the workloads will be visible in the workload's details.
    For more information about the last logged-in users, see Viewing the last logged-in user.

    Windows, macOS, Linux
    Remote command-line interface

    This setting enables the remote access to the command-line interface of the managed device.

    		 Windows, macOS
  13. Click Create.