Agent-based, zero-trust architecture. The agent connects outbound — no open ports, no VPN, no firewall changes.
Please select what you use
↓ pick one, then keep scrolling
scroll to open a secure tunnel ↓
The control plane — authenticates, routes & audits every session
prod-server-01
Linux / x86
10.0.4.21
dev-laptop
macOS / ARM
10.0.4.36
bare-metal-02
Linux / ARM
10.0.4.44
Encrypted session: client → controller → machine
The WebXTerm portal is the control plane — it handles identity, routing, monitoring, and audit without ever storing your credentials.
Auth Service
JWT-based authentication with bcrypt. Enterprise: OIDC/OAuth2 via Keycloak, Microsoft, GitHub, Okta.
Session Router
Routes encrypted terminal sessions between users and agents over persistent gRPC tunnels.
Audit Logger
Immutable log of every login, session, and command. Full trail for compliance and forensics.
Machine Registry
Tracks agent heartbeats, CPU/memory/disk stats, connection status, and machine metadata.
The vsay-agent is a small binary that runs as a system service on any machine. It initiates an outbound gRPC connection to the WebXTerm portal — meaning zero firewall changes and zero open ports on your end.
TLS Encryption
All data in transit is encrypted via TLS.
mTLS (Enterprise)
Certificate-based mutual authentication.
RBAC
Per-user, per-machine access policies.
Audit Trail
Every session and command is recorded.
SSO / OIDC
Enterprise: Keycloak, Microsoft, GitHub, Okta.
No Inbound Ports
Agent connects outbound — zero firewall changes.
Deploy the agent on any machine — cloud, bare-metal, or laptop.
Linux
macOS
Windows
Install the agent on any machine and see it appear in your portal instantly. No firewall rules, no VPN setup, no certificates to manage.