How Desktop Central Works?

ManageEngine Desktop Central is a Web-Based windows desktop administration software that helps administrators to effectively manage the desktops from a central point. It provides Configurations, Inventory Management, Patch Management, Service Pack Installation, Software Installation, Desktop Sharing, System Tools, Active Directory Reports and User Logon Report.

  1. Desktop Central LAN Architecture

  2. Desktop Central WAN Architecture

  3. Desktop Central Mobile Device Management Architecture

Desktop Central LAN Architecture

The figure below depicts the Desktop Central Architecture. The details of the individual components are given below:

 

Desktop Central Architecture

Fig: Desktop Central Architecture for LAN

 

 

Server Component

Desktop Central Server is located at the enterprise (customer site) is responsible for performing various Desktop Management activities. It pushes the Desktop Central agent to the client machines, deploys configurations, initiates scanning for Inventory and Patch Management, and generates reports of the Active Directory Infrastructure Components to effectively manage the desktops in the enterprise network. It is advised to keep the Desktop Central server always running to carry out the day-to-day Desktop Management activities. All these actions can be initiated from a web-based administration console in a few simple clicks.

Agent Component

Desktop Central Agent is light-weight software that gets installed in the client systems that are being managed using Desktop Central. It acts as a worker to carry out the operations as instructed by the Desktop Central Server. It is also responsible for updating the Desktop Central Server with the status of the deployed configurations. The
agent periodically pulls the instructions from the Desktop Central Server and executes the tasks. The agent contacts the server at the following intervals:

  1. For user-specific configurations - during user logon and every 90 minutes thereafter till the user logs out of the computer.
  2. For computer-specific configurations - during system startup and every 90 minutes thereafter till the system is shutdown.

Patch Database

The Patch Database is a portal in the ManageEngine site, which hosts the latest vulnerability database that has been published after a thorough testing. The Desktop Central Server periodically synchronizes this information and scans the systems in the enterprise site to determine the missing patches. Subsequently, the patches are installed to fix the vulnerabilities.

The communication between the Desktop Central Server and the Patch Database is through the Proxy Server or a direct connection to internet. The required patches will be downloaded from Microsoft website and stored locally in the Desktop Central Server before deploying the patches to the client computers. Hence, each client computer (agent) will take the patch binaries from the Desktop Central Server.

Web Console

  1. Provides a central control point for all the desktop management functions.
  2. Can be accessed from anywhere: LAN, Remote Offices, and Home through Internet/VPN.
  3. No separate client installations are required.

Active Directory

For Active Directory based Domain setup, the Desktop Central Server queries the Active Directory to generate out-of-the-box reports for Sites, Domains, Organization Units, Groups, Computers, etc., which gives you a complete visibility into the Active Directory.

Port Details

Ports to be opened on the Agent

To enable remote installation of the Agent, you should open these ports, these ports may not be required post agent installation.

  1. 135 : Used to enable remote administration.

  2. 139 & 445 : Used to enable sharing of files and printers.

Ports to be opened on the Server

  1. 8020: Used for agent-server communication and to access the Web console

  2. 8383: Used for secured communication between the agent and the Desktop Central server

  3. 8443: Used for the Remote Control feature with secured communication

  4. 8444: Used for the Remote Control feature

  5. 8031: Used to transfer files in a secure mode while accessing a remote computer using Remote Control

  6. 8032: Used to transfer files while accessing a remote computer using Remote Control

  7. 8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another

Desktop Central WAN Architecture

Desktop Central supports managing Computers in a distributed setup like branch/remote offices and for mobile users (eg. Sales Persons). The figure below depicts the Desktop Central Architecture for managing computers in WAN. The details of the individual components are given below:       Managing Computers across WAN

Fig: Desktop Central WAN Architecture

Advantages

  1. Simple, fast, and an affordable solution for your desktop management needs.

  2. Low bandwidth utilization

  3. Network-neutral desktop management.

  4. No separate VPN infrastructure is required.

  5. Secured communication between the Server and the Agent.

  6. Centralized management of computers from a single console.

Server Component

Desktop Central Server has to be installed in your LAN (say, the head office) and has to be configured as an EDGE device. This means that the designated port (default being 8020 and is configurable) should be accessible through Internet. You need to adopt necessary security standards to harden the OS where the Desktop Central Server is installed.  Agents from all the remote locations report to this Desktop Central Server.

 

The Server acts as a container to store the configuration details and, upon request, provide the instructions to the agents. It is advised to keep the Desktop Central server always running to carry out the day-to-day Desktop Management activities.

Distribution Server Component

Desktop Central Distribution Server is light-weight software that is installed in one of the computers in the Branch Offices. This agent will communicate with the Desktop Central Server to pull the information for all the computers in that branch. The agents that reside in the branch office computers will contact the Distribution Server to get the information available to them and process the requests.

  1. Low bandwidth utilization as only one agent will contact the Server periodically

  2. Pulls the configuration details, software packages, patches to be installed, etc., from the Desktop Central Server and makes it available for the rest of the computers in the branch.

  3. Supports secured mode of communication (SSL/HTTPS) with the Server.

  4. Distribution Server installation is one-time and subsequent upgrades will be automatically performed.

Agent Component

Desktop Central Agent is light-weight software that is installed in the client systems that are being managed using Desktop Central. It acts as a worker to carry out the operations as instructed by the Desktop Central Server.

  1. Unobtrusive light-weight component.

  2. Can either be installed manually or through the logon script in all the computers that are being managed using Desktop Central. However, for computers in the local LAN, the agents will be automatically installed.

  3. Agent installation is one-time and subsequent upgrades will be automatically performed.

  4. For computers in the same LAN as that of the Desktop Central Server, the agent will periodically connect to the Server to PULL the configurations available for them, deploys them and updates the status back to the Server.

  5. For computers in Branch Offices, the agent will contact the Master Agent to PULL the configurations available for them, deploys them and updates the status back to the Server.

Web Console

  1. Provides a central control point for all the desktop management functions.

  2. Can be accessed from anywhere: LAN, Remote Offices, and Home through Internet/VPN.

  3. No separate client installations are required.

Port Details

Ports to be Opened on the Agent

To enable remote installation of the Agent, you should open these ports, these ports may not be required post agent installation.

  1. 135 : Used to enable remote administration.

  2. 139 & 445 : Used to enable sharing of files and printers.

Ports to be Opened on the Server

  1. 8020: Used for agent-server communication and to access the Web console

  2. 8383: Used for secured communication between the agent and the Desktop Central server

  3. 8443: Used for the Remote Control feature with secured communication

  4. 8444: Used for the Remote Control feature

  5. 8031: Used to transfer files in a secure mode while accessing a remote computer using Remote Control

  6. 8032: Used to transfer files while accessing a remote computer using Remote Control

  7. 8027: Used to complete on-demand tasks like inventory scanning, patch scanning, remote control, remote shutdown and moving agents from one remote office to another.

Ports to be Opened on the Distribution Server

  1. 8021: Used for communication between the agents in Remote Offices and the Distribution Server

  2. 8384: Used for secured communication between the agents in Remote Offices and the Distribution Server

Desktop Central Mobile Device Management Architecture

Desktop Central MDM simplifies the work of administrators by using a single console to manage desktops, laptops, servers, and mobile devices. Desktop Central MDM can be used to deploy configuration settings, security commands and retrieve asset data over-the-air (OTA).

 

Fig : Desktop Central - MDM Architecture

All Communications from Desktop Central to the mobile device will be routed through intermediate services such as APNs for iOS devices and GCM for android devices. A live TCP connection is maintained for intermediate service.  APNs & GCM  acts an intermediate wake up service to wake up the device whenever an action is triggered to be performed  from the Desktop Central. Managed mobile device communicates with Desktop Central to receive the instructions and report back the status and data. For the above setup to work, the following should be done

Assuming users' mobility, Desktop Central Server should be reachable via public IP address. If you are installing Desktop Central Server in the LAN, add an entry in your external router to route the requests to your public IP to the internal IP of the computer where Desktop Central Server is installed. If all the devices managed are within the LAN, this requirement is not needed.

Port Details

Ports that needs to be opened at Desktop Central Server

Ports that needs to be opened for managing iOS devices

Ports that needs to be opened for managing Android devices

Copyright © 2005-2014, ZOHO Corp. All Rights Reserved.
ManageEngine