Traditional Endpoint Provisioning Architecture

Most traditional endpoint management products follow a client-server model wherein the Server has a front-end to manage and track all operations/tasks performed and back-end database to store the logs and history.

All endpoints have a agent which can talk to the server. The server creates tasks and sends it to the agents.Agents decode the message sent by the server and perform the necessary task.If the task was successful or not , agent reports back to the server indicating the success or failure of the task.
This data is captured in the database for future audits and analysis purpose.

Consider that the server has created a task to install "Adobe Acrobat Reader" on all the endpoints.
This task is then sent to all the agents in encoded format. Once the agents decode the message they realize that "Adobe Acrobat Reader" is to be installed.

Intelligence should be built into the agent to detect its underlying operating system , hardware architecture and other details. The agent will then gather these details and analyze what type of executable is needed. Executable would defer with type of OS (Windows ,Unix , Linux) , Type of architecture (32-bit or 64-bit) , Type of device (Mobile , Desktops/Laptops , Tablets).

Note we have a agent software (just like any other software) installed on the endpoints by the server.
Once the agent calculates which type of executable/software it would need , it will send a request to the server for the same.

Software download now begins on the endpoint. Here we can have two approaches : Push the software from server to agent (Push Model Provisioning) OR let the agent pull the binary from the server. ( Pull Model Provisioning ). PUSH model means the server will copy the software on each endpoint whereas PULL is just the opposite way , each agent will start to download the software from the server. We will discuss these in detail later.

Once the agent has downloaded the software it will install it (silently or in non-interactive mode so that we don't need any manual intervention). Depending on the success or failure the task status is reported back to the server.

This entire process is like a MASTER - SLAVE mechanism where the slaves (endpoints/agents) just serve and do what the master (server) says.


Post a Comment