Agent security and communication#
Agents use SSL-secured WebSocket, HTTP, and HTTPS protocols to communicate with the server.
Agents do the actual work of deployment, which removes the task from the server. Agents are an important part of scalability in HCL™ Launch.
Web agents use WebSocket connections and HTTP(S) for agent-server communication. Web agents were introduced with version 7.0.0.
Although an agent is typically considered as a single process, technically an agent consists of a worker process and a monitor process. The worker process is a multithreaded process that runs the deployment work after it receives commands from the server. Work commands come from plug-in steps, which provide integration with many third-party tools. The monitor is a service that manages the worker process: starting and stopping, handling restarts, upgrades, and security, for example. After an agent is installed, it can be managed from the HCL Launch web application.
All processes, including packaging, configuration, and deploying, that the HCL Launch server requests run on hardware that is assigned to agents. For added security, agents do not listen to ports, but open direct connections to the server instead. After an installed agent starts, the agent opens a socket connection to the HCL Launch server based on the installation information.
Agents on networks other than the one where the server is located might need to open a firewall to establish connection. After communication is established, the agent will be visible in the HCL Launch web application where it can be configured. Active agents, regardless of operating system, can be upgraded with the web application.
Web agents use WebSocket connects for tacking agent status and notifications, and HTTP for everything else.
The following diagram shows the main default ports that are involved in communication between agents, agent relays, and the server.
Stateless server-agent communication provides significant benefits to performance, security, availability, and disaster recovery. Because each agent request is self-contained, a transaction consists of an independent message, which can be synchronized to auxiliary storage as it occurs. Either endpoint, server or agent, can be stopped and restarted without repercussion, other than lost time. If communications fail midtransaction, no messages are lost. After they are reconnected, the server and agent automatically determine which messages got through and what work was completed. After an outage, the system synchronizes the endpoints and recovers affected processes. The results of work that an agent completes during the outage are communicated to the server.
- Web agent configuration
Web agents use WebSocket and HTTP connections for communication. Web agents do not use JMS.
Parent topic: Agents and agent relay configuration