Remote MCP Servers
Remote MCP servers provide tools and capabilities over HTTP, enabling access to hosted services and shared infrastructure.
📊 DIAGRAM: remote-mcp-architecture.mmd
Remote MCP server architecture
Overview
Remote MCP servers enable:
- Shared tool infrastructure
- Hosted security services
- Team collaboration
- Cloud-based capabilities
- Enterprise integrations
Connection Types
HTTP/SSE (Server-Sent Events)
Standard remote connection:
{ "mcp": { "servers": { "remote-tools": { "url": "https://mcp.example.com/sse" } } }}WebSocket
For bidirectional communication:
{ "mcp": { "servers": { "ws-tools": { "url": "wss://mcp.example.com/ws" } } }}Authentication
API Key
{ "mcp": { "servers": { "remote-tools": { "url": "https://mcp.example.com/sse", "headers": { "Authorization": "Bearer {env:MCP_API_KEY}" } } } }}OAuth 2.0
{ "mcp": { "servers": { "oauth-tools": { "url": "https://mcp.example.com/sse", "oauth": { "clientId": "{env:OAUTH_CLIENT_ID}", "clientSecret": "{env:OAUTH_CLIENT_SECRET}", "tokenUrl": "https://auth.example.com/token" } } } }}Custom Headers
{ "mcp": { "servers": { "custom-auth": { "url": "https://mcp.example.com/sse", "headers": { "X-API-Key": "{env:API_KEY}", "X-Tenant-ID": "my-tenant" } } } }}Popular Remote Servers
Cloudflare MCP
{ "mcp": { "servers": { "cloudflare": { "url": "https://mcp.cloudflare.com/sse", "headers": { "Authorization": "Bearer {env:CF_API_TOKEN}" } } } }}GitHub MCP
{ "mcp": { "servers": { "github": { "url": "https://mcp.github.com/sse", "oauth": { "clientId": "{env:GH_CLIENT_ID}", "scope": "repo,read:user" } } } }}Custom Enterprise
{ "mcp": { "servers": { "enterprise-tools": { "url": "https://mcp.internal.company.com/sse", "headers": { "Authorization": "Bearer {env:ENTERPRISE_TOKEN}" } } } }}Connection Options
Timeout
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "timeout": 60000 } } }}Retry Configuration
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "retry": { "enabled": true, "maxRetries": 3, "backoff": "exponential" } } } }}Keepalive
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "keepalive": { "enabled": true, "interval": 30000 } } } }}Proxy Configuration
HTTP Proxy
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "proxy": "http://proxy.company.com:8080" } } }}SOCKS Proxy
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "proxy": "socks5://localhost:1080" } } }}No Proxy
{ "mcp": { "servers": { "internal": { "url": "https://mcp.internal.company.com/sse", "noProxy": true } } }}SSL/TLS
Custom CA Certificate
{ "mcp": { "servers": { "remote": { "url": "https://mcp.example.com/sse", "ca": "/path/to/ca-cert.pem" } } }}Client Certificate
{ "mcp": { "servers": { "mtls": { "url": "https://mcp.example.com/sse", "cert": "/path/to/client-cert.pem", "key": "/path/to/client-key.pem" } } }}Skip Verification (Development Only)
{ "mcp": { "servers": { "dev": { "url": "https://localhost:8443/sse", "insecure": true } } }}Danger
Never use insecure connections in production. This bypasses SSL certificate verification.
Load Balancing
Multiple Endpoints
{ "mcp": { "servers": { "ha-tools": { "urls": [ "https://mcp1.example.com/sse", "https://mcp2.example.com/sse", "https://mcp3.example.com/sse" ], "loadBalance": "round-robin" } } }}Failover
{ "mcp": { "servers": { "failover-tools": { "urls": [ "https://mcp-primary.example.com/sse", "https://mcp-secondary.example.com/sse" ], "loadBalance": "failover" } } }}Health Monitoring
Connection Status
> Show MCP server statusOutput:
Remote MCP Servers:- cloudflare: connected (latency: 45ms)- github: connected (latency: 120ms)- enterprise: disconnected (retrying...)Latency Check
> Check latency to remote MCP serversAutomatic Reconnection
Cyberstrike automatically reconnects on connection loss with exponential backoff.
Security Considerations
Token Security
- Store tokens in environment variables
- Use short-lived tokens when possible
- Implement token rotation
- Monitor token usage
Network Security
- Use HTTPS only
- Verify SSL certificates
- Use VPN for internal servers
- Implement IP allowlisting
Data Privacy
- Review data sent to remote servers
- Understand data retention policies
- Use local servers for sensitive data
- Implement data masking if needed
Troubleshooting
Connection Refused
Error: Connection refused: https://mcp.example.comCheck:
- Server is running
- URL is correct
- Firewall allows connection
Authentication Failed
Error: 401 UnauthorizedVerify:
- API key is correct
- Token hasn’t expired
- Headers are properly formatted
Timeout
Error: Connection timeoutSolutions:
- Increase timeout value
- Check network connectivity
- Verify server is responsive
SSL Error
Error: SSL certificate problemCheck:
- Certificate is valid
- CA is trusted
- System time is correct
Tip
Use local servers for latency-sensitive operations and remote servers for shared capabilities.
Related Documentation
- MCP Overview - MCP basics
- Local Servers - Local MCP
- OAuth Configuration - OAuth setup