ManageEngine Desktop Central is a Web-Based windows desktop administration software that helps administrators to effectively manage the desktops from a central point. It provides Configurations, Inventory Management, Patch Management, Service Pack Installation, Software Installation, Desktop Sharing, System Tools, Active Directory Reports and User Logon Report.
The figure below depicts the Desktop Central Architecture. The details of the individual components are given below:
Fig: Desktop Central Architecture for LAN
Desktop Central Server is located at the enterprise (customer site) is responsible for performing various Desktop Management activities. It pushes the Desktop Central agent to the client machines, deploys configurations, initiates scanning for Inventory and Patch Management, and generates reports of the Active Directory Infrastructure Components to effectively manage the desktops in the enterprise network. It is advised to keep the Desktop Central server always running to carry out the day-to-day Desktop Management activities. All these actions can be initiated from a web-based administration console in a few simple clicks.
Desktop Central Agent is light-weight software that gets installed in
the client systems that are being managed using Desktop Central. It acts
as a worker to carry out the operations as instructed by the Desktop Central
Server. It is also responsible for updating the Desktop Central Server
with the status of the deployed configurations. The
agent periodically pulls the instructions from the Desktop Central Server
and executes the tasks. The agent contacts the server at the following
intervals:
The Patch Database is a portal in the ManageEngine site, which hosts the latest vulnerability database that has been published after a thorough testing. The Desktop Central Server periodically synchronizes this information and scans the systems in the enterprise site to determine the missing patches. Subsequently, the patches are installed to fix the vulnerabilities.
The communication between the Desktop Central Server and the Patch Database is through the Proxy Server or a direct connection to internet. The required patches will be downloaded from Microsoft website and stored locally in the Desktop Central Server before deploying the patches to the client computers. Hence, each client computer (agent) will take the patch binaries from the Desktop Central Server.
For Active Directory based Domain setup, the Desktop Central Server queries the Active Directory to generate out-of-the-box reports for Sites, Domains, Organization Units, Groups, Computers, etc., which gives you a complete visibility into the Active Directory.
To enable remote installation of the Agent, you should open these ports, these ports may not be required post agent installation.
135 : Used to enable remote administration.
139 & 445 : Used to enable sharing of files and printers.
8020: Used for agent-server communication and to access the Web console
8383: Used for secured communication between the agent and the Desktop Central server
8443: Used for the Remote Control feature with secured communication
8444: Used for the Remote Control feature
8031: Used to transfer files in a secure mode while accessing a remote computer using Remote Control
8032: Used to transfer files while accessing a remote computer using Remote Control
8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another
Fig: Desktop Central WAN Architecture
Simple, fast, and an affordable solution for your desktop management needs.
Low bandwidth utilization
Network-neutral desktop management.
No separate VPN infrastructure is required.
Secured communication between the Server and the Agent.
Centralized management of computers from a single console.
Desktop Central Server has to be installed in your LAN (say, the head office) and has to be configured as an EDGE device. This means that the designated port (default being 8020 and is configurable) should be accessible through Internet. You need to adopt necessary security standards to harden the OS where the Desktop Central Server is installed. Agents from all the remote locations report to this Desktop Central Server.
The Server acts as a container to store the configuration details and, upon request, provide the instructions to the agents. It is advised to keep the Desktop Central server always running to carry out the day-to-day Desktop Management activities.
Desktop Central Distribution Server is light-weight software that is installed in one of the computers in the Branch Offices. This agent will communicate with the Desktop Central Server to pull the information for all the computers in that branch. The agents that reside in the branch office computers will contact the Distribution Server to get the information available to them and process the requests.
Low bandwidth utilization as only one agent will contact the Server periodically
Pulls the configuration details, software packages, patches to be installed, etc., from the Desktop Central Server and makes it available for the rest of the computers in the branch.
Supports secured mode of communication (SSL/HTTPS) with the Server.
Distribution Server installation is one-time and subsequent upgrades will be automatically performed.
Desktop Central Agent is light-weight software that is installed in the client systems that are being managed using Desktop Central. It acts as a worker to carry out the operations as instructed by the Desktop Central Server.
Unobtrusive light-weight component.
Can either be installed manually or through the logon script in all the computers that are being managed using Desktop Central. However, for computers in the local LAN, the agents will be automatically installed.
Agent installation is one-time and subsequent upgrades will be automatically performed.
For computers in the same LAN as that of the Desktop Central Server, the agent will periodically connect to the Server to PULL the configurations available for them, deploys them and updates the status back to the Server.
For computers in Branch Offices, the agent will contact the Master Agent to PULL the configurations available for them, deploys them and updates the status back to the Server.
Provides a central control point for all the desktop management functions.
Can be accessed from anywhere: LAN, Remote Offices, and Home through Internet/VPN.
No separate client installations are required.
To enable remote installation of the Agent, you should open these ports, these ports may not be required post agent installation.
135 : Used to enable remote administration.
139 & 445 : Used to enable sharing of files and printers.
8020: Used for agent-server communication and to access the Web console
8383: Used for secured communication between the agent and the Desktop Central server
8443: Used for the Remote Control feature with secured communication
8444: Used for the Remote Control feature
8031: Used to transfer files in a secure mode while accessing a remote computer using Remote Control
8032: Used to transfer files while accessing a remote computer using Remote Control
8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another.
8021: Used for communication between the agents in Remote Offices and the Distribution Server
8384: Used for secured communication
between the agents in Remote Offices and the Distribution Server