KW Knowledge base

RMM (Remote Monitoring & Management)

The RMM module manages endpoints — Windows servers, workstations, Linux servers, macOS laptops — through a persistent agent installed on each machine. It can:

Mitch Wigham
Updated 24 June 2026 · 10 views

05 · RMM (Remote Monitoring & Management)

The RMM module manages endpoints — Windows servers, workstations, Linux servers, macOS laptops — through a persistent agent installed on each machine. It can:

  • Collect inventory (CPU, RAM, disk, OS, installed apps)
  • Monitor health (CPU / memory / disk pressure against thresholds, plus application/service health via Checkmk)
  • Push and run scripts
  • Open a live screen view (noVNC) and a browser SSH/PTY shell
  • Run remote commands through a polled command queue
  • Open a "Remote Connection" — a locked window with Screen, SSH, Commands and Files tabs
  • Install RustDesk for unattended access (optional, per installer)
  • Raise alerts when metric thresholds are breached

Where to find it

Sidebar → RMM or /rmm. Requires the rmm feature.

Layout

RMM is a single page with five tabs, selected via a ?tab= query param: Devices, Alerts, Scripts, Quick-support and Remote sessions.

+----------------------------------------------------------+
| [Devices] [Alerts] [Scripts] [Quick-support] [Sessions]  |
|----------------------------------------------------------|
|  Devices                          [+ Generate installer] |
|  LON-DC-01     Windows 2022  ✓ online   45d              |
|  LON-WS-04     Windows 11    ✓ online    2d              |
|  MCR-LAP-12    macOS 14      ⚠ offline   3h              |
|  ...                                                      |
+----------------------------------------------------------+

📷 Screenshot placeholder: screenshots/rmm-devices.png

Installing an agent

The platform produces installers — one-line install commands that download a plain-text agent runtime (agent.ps1 on Windows, agent.sh on Linux/macOS), wire it up as a scheduled task / systemd timer / launchd job, register with the platform on first run, and reconnect after reboot.

Installers (admin-managed)

  1. Go to Admin → Agent installers.
  2. Use the always-available Base installer (devices land in the Unassigned group), or click + New installer to pre-scope a customer / site.
  3. Copy the install command for the OS you need — there is one command per OS from a single installer token:
    • Windowsiwr -UseBasicParsing <url>/windows | iex
    • Linuxcurl -fsSL <url>/linux | sudo bash
    • macOScurl -fsSL <url>/macos | sudo bash
  4. Send the command to the customer, or run it on the target machine.

Once it runs, the device appears in the RMM device list — the agent registers and reports metrics on its first tick (it runs every 60s).

One-shot quick-support installers

For ad-hoc support, see Quick-support.

Device detail

The device header shows OS, status (ONLINE / OFFLINE / UNRESPONSIVE), OS version, IP, agent version and last seen. Below it are a RustDesk remote access panel and a Public status page panel. Open a device to see five tabs:

  • System — CPU / memory / disk / load gauges with sparklines (last 60 minutes of samples, auto-refreshed every 10s) plus CPU, memory, OS, network and per-disk info cards
  • Applications — inventoried installed-app list with versions, searchable server-side
  • Alerts — open alerts on this device, with a Resolve action
  • Patches — patch records, mark-applied action
  • Script Runs — history of scripts run on this device
+--------------------------------------------------+
| 🪟 LON-DC-01    Windows Server 2022  ● ONLINE     |
|         [🖥 Remote Connection] [Uninstall agent]  |
|--------------------------------------------------|
| CPU 12%   Mem 8.4/16 GB   Disk 102/240 GB        |
|--------------------------------------------------|
| [System] [Applications] [Alerts] [Patches] [Runs]|
+--------------------------------------------------+

📷 Screenshot placeholder: screenshots/rmm-device.png

The Remote Connection button (enabled only when the device is ONLINE) opens the locked remote window described below. The Uninstall agent button queues an agent uninstall.

Remote Connection window

Click Remote Connection on an ONLINE device. The portal opens a locked popup window (no menubar/toolbar) with four tabs:

  • Screen — a noVNC viewer. Clicking Start screen share opens a remote-session row, mints relay tokens, and dispatches a screen-bridge command to the agent. The agent's bridge (screen-bridge.py / screen-bridge.ps1) pipes a local VNC server (127.0.0.1:5900) through the relay-service WebSocket. The device must have a VNC server running (x11vnc / TigerVNC on Linux, built-in Screen Sharing on macOS, TightVNC on Windows) — there is no built-in framebuffer capture.
  • SSH — a live interactive PTY shell (Linux/macOS only), piped over the relay via ssh-bridge.py. No sshd or SSH client is needed on either end. For Windows, use the Commands tab.
  • Commands — a polling-based command runner. Commands are written to a queue (RmmRemoteCommand); the agent picks them up on its next tick and posts stdout/stderr + exit code back. Output is capped at ~1 MB per command.
  • Files — currently a pointer to running file-transfer commands through the Commands tab; native drag-and-drop transfer is not yet implemented.

The window blocks soft-navigation so the operator cannot accidentally browse away. Demo devices short-circuit: no relay is dialled and the session is marked ended with an explanatory note.

Relay traffic flows through the relay-service (default wss://relay.portal.kwgroup.org.uk, overridable via RELAY_PUBLIC_URL). Remote sessions are recorded as RmmRemoteSession rows with a SYSTEM event trail; elevation use is flagged on the session.

Running scripts

The Scripts tab in RMM holds the script library. Each script has a name, optional description, an OS type (WINDOWS / LINUX / MACOS / ALL) and a body. Run a script against a device and it is enqueued as a remote command; the run shows in the device's Script Runs tab and output is mirrored back when the agent reports.

Scripts run as SYSTEM (Windows, via the scheduled task) or root (Linux/macOS, via systemd/launchd). Output is capped at ~1 MB per run.

Script scheduling and per-run parameters are not yet implemented — a script is run on demand against a chosen device.

Alerts

The Alerts tab shows the open alert queue; alerts can be acknowledged or resolved. Alerts come from:

  • Metric thresholds — when an agent metric push has CPU, memory or disk at or above the configured warn / danger percentage, an alert is raised (WARNING / CRITICAL). When the metric drops back into the safe band the open alert auto-resolves. Thresholds are a single per-org set, configured under Admin → RMM → Metric thresholds.
  • Synthetic monitors — HTTP / Ping / SSL probes raise an alert once their consecutive-failure count crosses the monitor's threshold, and resolve it when the probe recovers.

There is no per-customer auto-ticket, notification routing, or script-triggered auto-remediation on RMM alerts in the current build.

Quick-support

A quick-support session is a temporary RMM session — used for one-off calls without installing a permanent agent.

→ Full guide: Quick-support & remote

Remote sessions

/remote-sessions lists all currently-active and recent sessions (persistent agents and quick-support), with Connect buttons to jump straight back in.

Checkmk integration

If your tenancy has the Checkmk integration enabled, Checkmk hosts can be mapped to RMM devices (matched by hostname, or mapped by hand). The sync pulls host state and per-host service OK/WARN/CRIT/UNKNOWN counts. Mapping and sync are managed under Admin → Checkmk — there is no per-device service tree or re-discover control on the RMM device page.

The Checkmk web UI itself is publicly reachable at https://portal.kwgroup.org.uk/checkmk/ (the public URL is also noted under Admin → Integrations → Checkmk). Login is with Checkmk's own cmkadmin user — the platform does not wrap the Checkmk UI in portal auth.

Permissions

All RMM endpoints require a valid authenticated session. The RMM service does not gate individual RMM actions (devices, scripts, installers, remote sessions) by role — any authenticated operator can use them. The one exception is manual device creation (POST /devices), which is admin-only; the supported way to add a device is the installer flow. The admin RMM pages live under /admin and follow the portal's admin-area access control.

Common workflows

Install on a customer's Windows server

  1. Admin → Agent installers → + New installer. Set customer = Acme.
  2. Copy the Windows install command.
  3. On the server, run it in an elevated PowerShell — the agent registers itself and appears under RMM.
  4. The device inherits the customer / site from the installer.

Investigate a slow server

  1. Open device → System tab → check the CPU / memory / disk gauges and sparklines.
  2. Switch to Applications → check what's installed.
  3. Run a diagnostic script from the Scripts tab against the device.
  4. If needed, open Remote Connection → Commands or SSH.

Pull a log file off a device

  1. Open device → Remote Connection → Commands (or SSH).
  2. Run a command to read or upload the file (see the Files tab notes for examples). Native file-browse/download is not yet implemented.

See also

Still need help?

Log a support ticket and the team will pick it up from this page.