Many large software vendors have a application distribution architecture. We’ve worked for many of these vendors and believe we can take the best practices while leaving behind the worst.
Most of these vendors rely on a proprietary TCP/IP socket architecture between each agent and either the back end server to send and receive management messages which internally typically take the form of XML. These vendors typically also rely on local file shares to store and download the actual application, patch and images. Unfortunately, these designs either become unresponsive or fail as more and more agents are added to the environment. These vendors then end up compensating for scale by adding more and more proxy servers and file servers that add ever increasing levels of complexity and load to the customer’s environment. While most companies employ experts in SQL, Networking and Windows CIFS/SMB, they can’t find experts to employ who know how to diagnose and repair problems with the actual communication that takes place between the agent and the server. Companies have to rely on the vendor themselves to diagnosis and maintain their ever more complex management system. When one of these proxy or backend servers crash, agents can’t get their management commands and in some cases cause the entire network to crash.
We believe we have a better, different approach. Since all of these vendors eventually end up relying on a file server share to actually store their large application, patch and image files, we believe we can also rely on these same network shares to also store our management policies, tasks and even commands. We call these type of shares “distribution points” since we are distributing polices, tasks and commands to the agents. A distribution point is typically Read-Only to each agent which is accessed using a single special Active Directory network user. Our agent software is smart enough to look for only the policies and tasks that belong to each computer or logged in user. We then have each managed computer store its inventory, server requests and result messages on a Read/Write collection point. Each Collection Point is typically Read/Write to each agent again by the same Active Directory network user used to access the Distribution Point. This approach has several advantages:
- You won’t have to rely on proprietary socket connection that only the vendor can diagnose when something goes wrong.
- You won’t have to create and maintain front end proxy servers to off load the back end server.
- Since the backend server simply gets its messages from a message queue stored on the file server, the server no longer has to be up 100% of the time.
- Access to the network shares are protected by industry standard Microsoft ACLs and are only accessible by an Active Directory special network user through the server side or agent side service.
- Since the backend server doesn’t need to talk to the agents in real time, the server can easily be moved to the cloud and can access the local (to the agent) file shares through DFS.
- Agents no longer rely on the back end communication to be able to scale. They simply rely on their local file share for updated commands and to send results back to the server.
- Remote satellite offices can get their management commands either through a local file share over a DFS link or they can access the main regional office network shares directly.
- On site Active Directory and file share experts can diagnose and repair most communication problems since the underlying technology is simply agents being able to access network shares.
- We support multiple distribution point and collection point network shares to preserve the ability to fail over or load balance.