For large organisations, maintaining security while enabling remote work is a significant challenge. With TeamViewer Hybrid Conditional Access, your organization no longer must choose between control and connectivity. This hybrid solution gives you full sovereignty over session data by deploying routers on-premises, while still benefiting from seamless global remote access.
This article applies to TeamViewer Tensor customers who purchased the Conditional Access add-on.
How Hybrid Conditional Access elevates your security
Hybrid Conditional Access is specifically designed for sectors with stringent data protection regulations, like healthcare, government, finance, and research. It empowers your organization to:
- Ensure data sovereignty by keeping all session data on-premises
- Enable secure global access without exposing sensitive information to external risks
- Maintain compliance with legal and industry-specific security requirements
- Customize security controls to suit your infrastructure and policies
This provides enhanced control and assurance when supporting remote work, third-party access, and multi-site operations, without compromising on data governance.
How Conditional Access Hybrid works
Conditional Access Hybrid combines cloud-based connectivity with on-premises control. Here’s how it works:
- Initial connection setup is made via the TeamViewer cloud.
- All sensitive session data, however, remains within your organization's network, thanks to on-site routers (CAHRs).
- You manage access rights, availability, and session parameters internally using industry-standard containers.
- The system integrates smoothly with your existing IT infrastructure for full visibility and control.
Technical requirements for Hybrid Conditional Access
Hardware requirements
Software and deployment
- Linux OS with Docker support
- CA Hybrid Router (CAHR) deployment in Docker containers
- Static IPv4 address required, Dualstack IPv6 optional
- Self-diagnostics via Router1.teamviewer.com/selftest
Network configuration
Open these ports for connectivity:
- TeamViewer Router communication: TCP 5936, TCP 80/443, UDP 5938/3478
- DNS/NTP: TCP/UDP 53 (DNS), TCP/UDP 123 (NTP)
- ICMP for diagnostics
- Optional ports: Zabbix (10050/10051), Connection reports (TCP 8443)
Note: Ensure routers are deployed in different locations for redundancy.
How to get Hybrid Conditional Access
Getting started with Hybrid Conditional Access requires a professional services setup and dedicated resources.
- Purchase Hybrid Conditional Access routers (CAHRs) via your TeamViewer account.
- A Professional Services Package is mandatory for the initial deployment.
- Ongoing maintenance, logging, certificate updates, and emergency support must be managed internally.
If you are interested in Hybrid Conditional Access, please visit our website or contact your TeamViewer account manager.