Hey Varun,
Rich is correct-- the connection is made direct, rcviewer to rchost. However, before the connection is permitted, the rchost must validate the rcviewer's credentials.
By default, RC is set to centrally managed mode:
Under centralized management, the rchost is validating your DSM security profile's credentials. That is 1- Your user's ability to access the RC features in security profiles itself, and 2- your RC permissions to access the target machine. RC works in a most-permissive model, so as long as the computer is in a group where you have RC permissions, the connection will work.
The rchost performs this check by sending a message up the infrastructure:
rchost (agent) --> rcserver (SS) --> rcmanager (DM)
rchost (agent) <-- rcserver (SS) <-- rcmanager (DM)
Note1: If the centralized security mode is set to false, then the rchost validates your permissions locally. In this case it authenticates without DSM permissions, using the locally available authorities, the same as if you were to login to the target's desktop.
Under centralized authentication mode, there's a few additional options, as seen in the screenshot above:
Authenticate via server. Default is true. This means the rchost will message rcserver at the SS, as I explained above. If set to false, the rchost will message the DM directly, going around the SS and eliminating an extra step in communications, if your rchost is able to communicate directly with the DM.
Enable fail safe. In the event the rchost can't contact the SS or DM, it will fall back to local security mode. This is a good failsafe in case there are any communication issues or otherwise happening with the SS or DM, so RC can still work.
Enable security cache. This allows the rchost to store recently authorized connections. So if you are connecting back in a short interval, and you were previously authorized, the rchost will bypass the check and bring you straight in.
So, Rich is correct the rcviewer talks directly to the rchost, but the authentication process, by default out of the box settings, leverages the scalability servers for authentication.
Regards,
Brian