Two static IPs Custom domain Embeddable console

Remote access that survives real networks.

Keep tunnels alive behind firewalls, allowlist predictable egress, and serve installs, updates, and an embedable console from a single hostname on your domain.

Start for free Install the daemon

Works behind NAT and strict firewalls Optional single-hostname allowlisting CLI + API first

Fleet

Stable

Device Endpoints Status

field-device-123

agent · Docker

shell.endpoint https.endpoint

Healthy

edge-gateway-02

agent · systemd

embed.console audit.stream

Healthy

Why CommandPlane

Predictable egress plus a console you can embed, served from one hostname when your network team insists.

Features

Everything operators need

Less ceremony. More control. Built for production networks.

Developer-first

One script to install. Manage with CLI or API. Embed where your team already works.

Predictable endpoints

Two IPs to allowlist. No surprise egress. No “what changed?” tickets.

White-label ready

Bring your domain, colors, and logo. Serve the console, install script, and updates from one hostname and embed it in minutes.

Runs anywhere

Tiny daemon for ARM, x86, on-prem, and hybrid clouds.

How it works

Three steps

Onboard a device, claim endpoints, and ship the console.

Enroll the device

Run the signed install script. The daemon can be allowlisted by IPs or a single hostname on your domain.

Claim your endpoints

Shell and web endpoints arrive with TLS-secured connections, roles, and reviewable activity—anchored to predictable egress.

Embed the console

Iframe a white-labeled operator console into your app and stream device controls where you need them.

Security

Guardrails, not speed bumps

Purpose-built controls for regulated environments and real operators.

TLS-secured connections

Device identity is established during enrollment and verified on every connection. Credentials can be rotated or revoked without touching firewall rules.

Least privilege

Scoped endpoints, granular roles, and audits tied to predictable allowlisting.

Production ready

<2s auto-reconnect, HA gateways, and regional failover keep fleets online.

Get started

Try it in 60 seconds

Install with your signed link, confirm the agent, and embed the console—no inbound ports required.

Create organization

# 1) Install + register via your signed link
curl -fsSL https://commandplane.com/i/<install-token> | sh

# 2) Verify the agent is running
sudo systemctl status commandplane-agent

# 3) Stream logs or run manually without systemd
sudo journalctl -u commandplane-agent -f
# ./commandplane-agent --config ./config.json

Outbound-only networking Predictable allowlisting Iframe-ready console