Native GUI access¶
Native GUI access is operator interaction with a device's own web dashboard, tunneled through the platform. There is no VPN, no bastion, and no exposed port: the device's GUI is reachable only through the reverse channel the device already holds, gated by RG permissions, with every access recorded in the audit trail. It is a first-class access mode, not a fallback.
The device's own dashboard, tunneled¶
Many devices ship a web management interface that exposes controls their API does not. Native GUI access delivers that exact interface to an authorized operator over the device's existing reverse channel. The device's GUI typically listens only on its loopback interface; the platform maps it to a cluster-side endpoint and serves it to the operator through the cluster, so the operator drives the real dashboard without the device being reachable from the internet. Nothing about the device is exposed inbound to make this work — the same outbound-only channel that carries adapter traffic carries the GUI session. The operator sees the vendor's screens; the platform provides reach, access control, and audit around them.
No VPN, no bastion, no exposed port¶
Conventional ways to reach a remote web GUI all add standing exposure: a VPN into the device's network, a bastion host, or a forwarded port. Each creates credentials to manage and inbound surface to defend, and each grants more than "this one operator, this one device, right now." RG grants exactly that. Because access rides the device's outbound channel and is mediated by the cluster, there is no listening port to expose, no network to join, and no jump host to harden. The reduction in surface is the point: the device keeps zero inbound exposure while its dashboard remains usable by the people RG authorizes.
Gated by RG permissions and audited¶
Native GUI access is an authorized action, not an open door. Whether a given user may open a device's dashboard is decided by RG's two-tier RBAC against the same permission model that governs every other operation, resolved per request. Each native-GUI session is written to the audit trail with actor, target device, outcome, and source, so who reached which dashboard and when is always answerable after the fact. This closes the accountability gap that raw VPN or bastion access leaves open, where a device's own login is often shared and its use invisible. With RG, access is scoped per user and per device, and every session is on the record.
When native GUI access is used¶
Native GUI access is the right mode whenever the device shadow and adapter don't — or shouldn't — cover something. Partially integrated devices expose some settings through their API and the rest only through their dashboard; the adapter handles the former and native GUI covers the latter. Vendor-specific corners — diagnostics, one-off wizards, model-specific screens — live only in the GUI. Legacy hardware may have no usable API at all, making the tunneled dashboard the primary way to operate it. In every case it is a deliberate, permissioned, audited access mode standing alongside adapter-driven control, not an apology for missing integration.