Overview
As part of Exacq’s Remote Connectivity solution, it utilizes the Fast Reverse Proxy Client, known as frpc.exe. This service plays a key role in the remote connectivity solution, enabling users to securely access their NVRs from virtually anywhere. FRPC has been a trusted component in Exacq for some time, having previously been integrated into the Web Service and Web Relay Service.
One of the most significant advantages of using frpc.exe is that it simplifies the remote connectivity process. This solution effectively eliminates the need for complicated firewall configurations, allowing users to avoid the risks associated with exposing their NVRs directly to inbound internet traffic.
Connections and Configuration
Remote Connectivity connects to two endpoints hosted in the Exacq Cloud. Specifically, it connects to the Exacq Switchboard endpoint at switchboard-prod.exacqiq.com:443. This establishes an initial secure connection, then frpc.exe connects to the Exacq FRPS endpoint at frp-service-prod.exacqiq.com:443. Additional security measures have been added to the Exacq-signed version of frpc.exe to only allow it to connect to Exacq Cloud endpoints. Further enhancements to security could be implemented by restricting the NVR to only be able to reach these two endpoints by firewall or similar network security tool.
Locally on the NVR, frpc.exe communicates with the Exacq service on port 8443, specifically connecting to nvrsdkpi. Additional security measures have been added to the Exacq-signed version of frpc.exe to only allow it to connect to the local instance of nvrsdkpi.
Remote Connectivity is an optional feature and can be deselected during the installation of Exacq which will prevent frpc.exe from being installed. Additionally, Remote Connectivity is not enabled by default so frpc.exe will not be active. Remote Connectivity must be manually activated on a per server basis.
Diagram of connections between the NVR, the Exacq Cloud, and Mobile Clients
Security Considerations
All traffic transmitted through frpc.exe is secured using HTTPS, which safeguards data as it moves between the NVR, cloud, and mobile client hosts.
While frpc.exe is designed with security in mind, users should be aware that some antivirus and security software may identify it as a potential threat given the reverse proxy behavior. We have worked with multiple security software vendors to address these false positives. This could lead to blocking, removal, or other negative issues with Remote Connectivity. It is advisable for users to check their security settings to ensure that frpc.exe is allowed to install and run without interference.
Exacq ensures that the version of frpc.exe used is restricted to Exacq cloud endpoints, tested, and digitally signed, providing an added layer of security for users.
Additional Resources
For further details and guidance, users can refer to the related Remote Connectivity knowledge base article available at https://support.exacq.com/#/knowledge-base/article/21507.
Additionally, for those interested in the open-source code of the Fast Reverse Proxy, the official GitHub repository can be found at https://github.com/fatedier/frp.
<br>