One script to install. Manage with CLI or API. Embed where your team already works.
Remote access that survives real networks.
Keep tunnels alive behind firewalls, allowlist predictable egress, and serve installs, updates, and an embedable console from a single hostname on your domain.
agent · Docker
agent · systemd
Predictable egress plus a console you can embed, served from one hostname when your network team insists.
Everything operators need
Less ceremony. More control. Built for production networks.
Two IPs to allowlist. No surprise egress. No “what changed?” tickets.
Bring your domain, colors, and logo. Serve the console, install script, and updates from one hostname and embed it in minutes.
Tiny daemon for ARM, x86, on-prem, and hybrid clouds.
Three steps
Onboard a device, claim endpoints, and ship the console.
Run the signed install script. The daemon can be allowlisted by IPs or a single hostname on your domain.
Shell and web endpoints arrive with TLS-secured connections, roles, and reviewable activity—anchored to predictable egress.
Iframe a white-labeled operator console into your app and stream device controls where you need them.
Guardrails, not speed bumps
Purpose-built controls for regulated environments and real operators.
Device identity is established during enrollment and verified on every connection. Credentials can be rotated or revoked without touching firewall rules.
Scoped endpoints, granular roles, and audits tied to predictable allowlisting.
<2s auto-reconnect, HA gateways, and regional failover keep fleets online.
Try it in 60 seconds
Install with your signed link, confirm the agent, and embed the console—no inbound ports required.
# 1) Install + register via your signed link
curl -fsSL https://commandplane.com/i/<install-token> | sh
# 2) Verify the agent is running
sudo systemctl status commandplane-agent
# 3) Stream logs or run manually without systemd
sudo journalctl -u commandplane-agent -f
# ./commandplane-agent --config ./config.json