Meshcentral High Level Architecture
Download 0.87 Mb. View original pdf
|
- Navigate this page:
- 3. Mesh Agent
| 2. Introduction The mesh project allows users the ability to remotely manage and control PC’s and devices from any network using a single website with no changes to the local network infrastructure. Just install the mesh agent and the computer will show upon the Meshcentral website and is immediately manageable. To make this solution work, let’s start by splitting the design into its components and seethe high level network data flow between them. First, we have the mesh agent. The agent runs on each managed computer and has data flows to other agents, the mesh central server, and possibly applications that make use of its services. It also stores local data into a local database. As a result, the high level diagram of the mesh agent looks something like this High Level Architecture MeshCentral.com 2 Note that the agent can logically be split into two components, the peer-to-peer portion and the management portion. In this diagram, the arrows point in the direction of connection initiation, but traffic in all cases is two way. Both portions of the agent are tightly bound, but provide different features. We will comeback to the agent in a later section. The server can also be split into different components and again, we have network protocols used for communication between these components. The light level design of the server looks something like this High Level Architecture MeshCentral.com 3 Here, all of the server’s components may run on the same computer or different computers. Since network protocols and not internal API’s link the components. How the server is deployed depends on scalability tradeoffs. Most of the data between server components is transferred thru the database or Microsoft Message Queuing, with the exception of the AJAX server that occasionally needs to route connection traffic directly. In the following sections, we will look at both the mesh agent and meshcentral server in more detail. The goal will be overall understanding of the mesh components and their interaction and how security is maintained. 3. Mesh Agent The mesh agent is truly the core of the entire solution, its unique design allows for many interesting usages and benefits. The mesh agent is entirely build with raw C code with the exception of a few C+ modules that are specific to Windows. So far, the mesh agent has been ported to Windows, Mac OS X, Linux, MeeGo, Android operating systems. When applicable, the agent runs both 32 and 64 bits and on x, ARM and MIPS processors. The mesh agent links against two major libraries OpenSSL and SQLite. Both are widely supported on many platforms. OpenSSL offers all of the cryptographic methods used by the mesh agent, and SQLite the disk storage primitives. Sometimes other libraries are also linked to support specific OS specific features like remote desktop. In general, we opt to statically link all required libraries to the mesh agent. This makes the agent significantly larger, in fact overtimes larger (k to 2 megabytes, but we gain in having each agent able to run on a wider array of computers and possibly some security gains. When compiled, each agent is tagged with an architecture ID, aversion number and signed using a developer certificate. All this information is used to perform remote updates of the agent (both peer-to-peer and server-to-node). High Level Architecture MeshCentral.com 4 If we look at the network, the Mesh agent opens up 4 sockets for incoming local traffic. These are port TCP 16991, TCP 16990, UDP 16990 and UDP 1900. Upon installation of the mesh agent, the proper firewall rules will be added to the Microsoft Windows firewall automatically. Let’s look at what each of these inbound ports is used for Download 0.87 Mb. Share with your friends:
|