...
First of all, to enable EdgeView on an EVE device to allow users remote access into it, this the session needs to be allowed and enabled on the controller side. EdgeView configuration is part of the EVE device configuration. The EdgeView configuration also defines access policies for this particular session. See EdgeView Policies for details.
A JWT token is generated when the EdgeView session is enabled for the EVE device. The token is signed by the controller and verified by the EVE device when it receives the EdgeView configuration from the controller. The token is the has an expiration time which is defined by the controller for this session. When the token expires, the EdgeView session, which connects to the dispatcher, will be torn down.
The remote user needs to acquire the same JWT token in order to establish the an EdgeView session into the device or applications for troubleshooting or management.
Both the device and the user's laptop connect to the dispatcher defined in the JWT token through HTTPs, in which the packets are encrypted. All the messages inside the EdgeView session is either authenticated or encrypted by a random 'nonce' when the JWT token is created in the controller. Thus even if the dispatcher server is compromised, the EdgeView messages can not be modified or viewed.
...