LAN Architecture

ManageEngine Application Control Plus is an enterprise application control software that helps to create application allowlists and blocklists by specifying a set of rules. Inbuilt with the ability to exercise its functionalities at various levels of flexibility, Application Control Plus can fit the unique requirements of any kind of enterprise

The following guide will help you understand the process of application control with the help of an architecture diagram.


Components Required

IT administrators or network security teams need the following components to perform application control in their enterprise:

  1.  Application Control Plus Server
  2. Agents
  3. Web console
  4. Active Directory

Application Control Server

The Application Control server is located in the customer's site. Example, in an enterprise. This server facilitates the deployment of the application control policies defined to create the allowlists and the blocklists. Once the server assigns a policy to a computer, it is interpreted even if the the system goes offline. All the application control tasks can be completed using Application Control Plus's web based administrative console.

  • Port
  • Purpose
  • Type
  • Connection
  • 8020
  • For communication between the agent and the Application Control Plus server
  • HTTP
  • In bound to server
  • 8383
  • For communication between the agent and the Application Control Plus server
  • In bound to server
  • 8027
  • Agent Server communication
  • TCP
  • In bound to server

Note: Ports 135,139 and 445 should also be kept open and inbound on both agent and server (and distribution server, if applicable) for pushing agent installation.


Application Control Plus agent is a lightweight software application that is installed in computers which are managed using Application Control Plus. It is installed automatically in the computers in a LAN. It helps to complete various tasks that are initiated in the Application Control Plus server. For example, if you want to blocklist/allowlist an application to a computer group in your network, you can make the required settings for this task in the Application Control Plus server. The agent replicates these settings and ensures that the task is completed effectively.

The agent also updates the Application Control Plus server with the details of all the running applications in the computers in the form of reports and audits. The agent contacts the server during every 90 minute refresh interval.

Web console

The Web console of Application Control Plus provides a central point from where an administrator can control all the applications running in the managed systems. This console can be accessed from anywhere. For example, it can be accessed through a LAN, WAN and from home using the Internet or a VPN. Separate client installations are not required to access the Web console.

Active Directory

In an Active Directory-based domain setup, the Application Control Plus server gathers data from the Active Directory to generate the reports for the following:

  • Sites
  • Domains
  • Organizational Units (OUs)
  • Groups
  • Computers

This enables administrators to access all the information that is stored by the Active Directory.