DoXM was created by Translucency Software with the goal of making IT support tools that adhere to the following ideals:
The DoXM client has two parts: the service and the remote control. The service is responsible for maintaining a persistent connection to the server and executing remote commands. The remote control is launched as needed for remote control sessions.
Both applications make outgoing websocket connections over secure SSL/TLS protocol. Because the connections are outgoing, you don't need to open any ports in your firewall, and the service won't accept any incoming connections.
The DoXM service will register with your DoXM organization ID, which is generated when you create your account or join an existing organization. On the first connection, the service generates a separate unique ID and sends it to the server. Upon each subsequent connection, the server must send back that ID before anything else, or else the service will uninstall itself immediately. This is an additional layer of security that ensures the service is communicating with the original server.
Users and computers are grouped into an organization, and they can't interact with resources outside their organization. Access can be further restricted with permission groups. Microsoft's Identity framework is used for all login and authentication to verify users.
Remote control sessions first exchange information over a secure websocket connection, then attempt to make a direct peer-to-peer connection using a TURN server that we host. If the peer-to-peer connection fails, the TURN server relays the video stream between the remote computer and the viewer's browser. Connections to the TURN server are also secure. Peer-to-peer connections are inherently secure via WebRTC, which has built-in end-to-end encryption.