App Tunnels

App Tunnels are a convenient way to use SimpleHelp sessions to send data between third party applications between your technician machine and a range of remote services. This guide explains how to set App Tunnels up.

How App Tunnels Work

When a technician connects to a remote machine from the Technician Console, SimpleHelp sets up a communication channel to receive data from the remote host and send data to it. This channel is always encrypted, secure and compressed, and is able to work around firewalls and networking restrictions because the SimpleHelp server is publicly available.

App Tunnels allow the technician to use these secure communication channels for other applications. Once an App Tunnel is set up, a technician can use software on their machine to connect to another service on the remote network, with all data securely sent over the SimpleHelp sessions.

Creating an App Tunnel

App Tunnels are configured in the Access tab of the Technician Console. Select a remote access service from the machine list and switch to the App Tunnel section:

App Tunnels Screenshot

Here, you will see a list of App Tunnels that are associated with this remote access service. In the following example we have two App Tunnels defined:

App Tunnels Example Screenshot

  • A Remote Desktop (RDP) App Tunnel will connect the local technician machine to a machine on the remote network, accessing port 3389. In this particular example the RDP session will be established to the server that the remote access service is running on (localhost to the service).

  • A Secure Shell (SSH) App Tunnel will connect to an SSH server on the remote network, on port 22. In this example the SSH connection will be established from the remote access service to another server (

New App Tunnels

You can create a new App Tunnel by pressing Create a Tunnel where you can pick a preconfigured service to connect to, or can configure a new service. The technician console will select a local port on the technician machine, and route this to the service's port on the remote side.

For example, Secure Shell utilises port 22. When a tunnel is started, the technician console will connect a local random port to port 22 on the remote target machine. Each App Tunnel configuration specifies the name of the app tunnel, and the port that this tunnel should connect to on the remote network. Note that the App Tunnel does not need to be used to connect to the service running on the remote machine that is hosting SimpleHelp's Remote Access Service. For example, an App Tunnel that connects to port 3389 on the remote network can be set to connect from the remote access service host to a Remote Desktop server running on another host on the remote network.

New App Tunnel Screenshot

Additional Configuration

Once an App Tunnel has been created you can expose additional configuration options by pressing the Edit button:

Additional Configuration Screenshot

Each App Tunnel Configuration can expose multiple remote services. In the example above only localhost is configured, but additional remote services can be added by pressing New Connection.

By default, each App Tunnel Configuration is specific to the technician who created it. However, technicians can share their configurations by choosing to make the configuration visible to other technicians. You can enable App Tunnel sharing by checking Make this configuration visible to other technicians.

Optionally, SimpleHelp can automatically launch a third party application when an App Tunnel is connected. In the example above we have configured the Remote Desktop client to automatically connect to the server exposed by the App Tunnel. In order to use an App Tunnel, remote clients must connect to the local machine (localhost) on the port exposed when the session is created ${PORT}. These can be passed into the target application. For example, the command:

mstsc.exe /v:localhost:${PORT}

will start a Remote Desktop session, connecting to the local port that the App Tunnel binds to. SimpleHelp can substitute in ${PORT} or ${HOSTNAME}.


A configured App Tunnel can be connected by pressing the Connect button. Each App Tunnel can be connected to multiple times.

Connecting Screenshot

SimpleHelp will list the port available for each connected App Tunnel. When you connect to the port on your local machine all your data will be proxied through the SimpleHelp session to the remote service.

Once connected, the technician can:

  • End Session - terminate the running App Tunnel session. Note that App Tunnel sessions will run even if the application that is using them is terminated.
  • Reconnect - if the App Tunnel is disconnected, it can easily be reconnected.
  • Launch Application - launch the App Tunnel application.