KACE Engineers may need to access your KACE appliance remotely to access your web admin, server console, SMTP server, database, and log files to resolve technical issues based on your appliance settings.
Tether is an SSH connection back to a server in the KACE DMZ using an expiring SSL key that we provide. Each key can only be used once and will expire in a predetermined timeframe, with a maximum of 12 weeks.
The connection can only be opened from your appliance, by you by entering the key matching your appliance serial number that was provided when the tether request was initiated. The server it connects to is running FreeBSD with no services other than an inward facing apache. It allows us to use SSH to it from our internal network, and then port forwards 80/443 and SSH to your appliance as long as the tether is connected, and has proven invaluable in speeding up our support of configuration issues.
You can terminate the connection at any time by disabling tether. Again, it is an outbound SSH connection from your appliance - we have no way of connecting in to your appliance unless it is connecting outbound on SSH (port 22) to tether.kace.com. If you want to prevent it, but leave the port enabled on the appliance, you can block the SSH port (22) on the outbound firewall.
Upon applying the tether, a user account kace_support is created with administrative privileges. Depending on the version of the SMA, the kace_support user may either have a password determined by you, or [preferably] a random password generated by the tether key (Use option to allow KACE to set password). With newer versions, the option to set the password has been removed and a random password will be generated for use with only with the tether in which it is issued.
You need to be signed in and under a current maintenance contract to view premium knowledge articles.