Meshcentral.com allows users to perform remote desktop, file transfers and much more over the Internet. Currently, all that traffic has to be relayed between the mesh agents and the user's browser by the server and that's a lot of traffic. It's also not efficient, especially for remote desktop sessions. In some cases, you really have to do it... if someone is behind an HTTP proxy or is using a normal browser you have to do the relay on the server.
In some cases, I use mesh tools like the C# Mesh KVM viewer tool or Manageability Commander to manage computers on the mesh. When a tool is used, I wanted to explore the possibilities of opening a secure direct peer-to-peer communication channel between the tool and the target mesh agent when it's possible. the VoIP world has been doing it for a long time, I would explore this landscape.
Well, in the upcoming version of the Mesh agent, I added STUN support for detection of the agent's NAT situation. The STUN implementation came from a co-worker at Intel (Thanks Bryan!). I modified and added it into the agent, completing the first step. I then added a bunch for logic in the mesh server, mesh agent and tools stack to detect and open a UDP tunnel between the tool and the agent. Last night, I got it to work for the first time over the Internet!
I got it pretty reliable and added MTU (Maximum Transfer Unit) detection, so I know the maximum size UDP packet I can send and receive between the tool and the agent. Version 1.63 of the mesh agent will have this support, sadly, it will not be useful yet because I need to add some type of TCP-over-UDP crypto channel support in the agent before I can start using it for real world usages.
Just to preview what users can look forwad to: Imagine many computers on a remote network, you can now remote desktop and transfer files directly to the remote comptuers without any router configuration or added relays. For people with Intel AMT computers on the remote network, you will be able to perform Hardware KVM to Intel AMT computers over this direct channel by bounding traffic on a nearby node on the same network. Should make for a much faster management experience. Of course, this is down the road when I get everything finished off.