Desktop Central Architecture

ManageEngine Desktop Central is a Web-based Windows software application for desktop administration. This application enables administrators to manage computers effectively, from a central point. It comprises features like Software Deployment, Patch Management, Service-pack Installation, Asset Management, Remote Control, Configurations, System Tools, Active Directory Reports and User Logon Reports.

Desktop Central supports the managing of computers in a distributed setup like branch or remote offices (WAN) and for mobile users, for example sales persons who are constantly on the move.

Figure 1: WAN Architecture of Desktop Central

Advantages

The advantages of using the WAN architecture of Desktop Central include the following:

• Affordable, simple and quick solution for desktop management requirements
• Utilizes low bandwidth
• Enables network-neutral desktop management
• Utilizes the same infrastructure for VPN connections. No separate VPN infrastructure is required
• Ensures that communication between the server and agents is secured
• Manages computers centrally using a single Web console

Architecture

The WAN architecture of Desktop Central comprises the following components:

• Server
• Distribution Server
• Agent
• Web Console

Components

This section includes detailed information about the components of the Desktop Central architecture. Refer to Figure 1: WAN Architecture of Desktop Central.

Server

Desktop Central Server has to be installed in your LAN (say, the head office) and has to be configured as an EDGE device. This means that the designated port (default being 8020 and is configurable) should be accessible through Internet. You need to adopt necessary security standards to harden the OS where the Desktop Central Server is installed.  Agents from all the remote locations report to this Desktop Central Server.

The Server acts as a container to store the configuration details and, upon request, provide the instructions to the agents. It is advised to keep the Desktop Central server always running to carry out the day-to-day Desktop Management activities.

Distribution Server

Desktop Central Distribution Server is light-weight software that is installed in one of the computers in the Branch Offices. This agent will communicate with the Desktop Central Server to pull the information for all the computers in that branch. The agents that reside in the branch office computers will contact the Distribution Server to get the information available to them and process the requests.

• Low bandwidth utilization as only one agent will contact the Server periodically
• Pulls the configuration details, software packages, patches to be installed, etc., from the Desktop Central Server and makes it available for the rest of the computers in the branch.
• Supports secured mode of communication (SSL/HTTPS) with the Server.
• Distribution Server installation is one-time and subsequent upgrades will be automatically performed.

Agent

The Desktop Central agent is a lightweight software application that is installed in computers which are managed using Desktop Central. This agent helps to complete various tasks that are initiated in the Desktop Central server. For example, if you want to change the wallpaper in the computers in a branch office, you can make the required settings for this task in the Desktop Central server. The agent replicates these settings and ensures that the task is completed effectively.

Agents can be installed either manually or using a logon script in all the branch-office computers that are being managed using Desktop Central. This task is a one-time task. Upgradation of agents is done automatically. Desktop Central offers two options to help administrators manage computers across a WAN. The option that you choose depends on the number of computers you are going to manage at your remote office. The options available, enable you to use either of the following:

• Distribution servers and WAN agents: It is recommended that you use this option if you are managing more than 10 computers in a remote office.
• WAN agents only: It is recommended that you use this option if you are managing less than 10 computers in a remote office.

Web Console

The Web console of Desktop Central provides a central point from where an administrator can manage all the tasks that are related to desktop management. This console can be accessed from anywhere. For example, it can be accessed through a LAN, WAN and from home using the Internet or a VPN. Separate client installations are not required to access the Web console.

Ports

The Desktop Central server uses different ports to communicate with the agents to enable them to complete tasks related to desktop management.

Ports to be Opened on the Agent:

To enable remote installation of the Agent, you should open these ports.

• 135 : Used to enable remote administration.
• 139 & 445 : Used to enable sharing of files and printers.

Ports to be Opened on the Server:

• 8020: Used for agent-server communication and to access the Web console
• 8022 : Used for initiating Chat and establishing connections using System Manager
• 8383: Used for secured communication between the agent and the Desktop Central server
• 8443: Used for the Remote Control feature with secured communication
• 8444: Used for the Remote Control feature
• 8031: Used to transfer files in a secure mode while accessing a remote computer using Remote Control
• 8032: Used to transfer files while accessing a remote computer using Remote Control
• 8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another

Ports Used for Mobile Device Management:

The below mentioned ports are used for managing iOS devices using Desktop Central.

• 2195: Should be opened on the Desktop Central server to reach APNs.
• 5223: Used by APNs to reach the mobile device.