Desktop Central Architecture

ManageEngine Desktop Central is a Web-based Windows software application for desktop administration. This application enables administrators to manage computers effectively, from a central point. It comprises features like Software Deployment, Patch Management, Service-pack Installation, Asset Management, Remote Control, Configurations, System Tools, Active Directory Reports and User Logon Reports.


The LAN architecture of Desktop Central comprises the following components:

  • Server
  • Agent
  • Patch Database
  • Web Console
  • Active Directory


This section includes detailed information about the components of the Desktop Central architecture. Refer to Figure 1: LAN Architecture of Desktop Central.


The Desktop Central server is located in the customer's site. For example, the customer's head office. This server enables the completion of various desktop-management tasks to help administrators manage computers in the company's network effectively. Some of the tasks include the following:

  • Installing the agent in computers in the customer's network
  • Deploying configurations
  • Scanning for inventory and patches
  • Generating reports. For example, reports related to Active Directory infrastructure components

It is recommended that the Desktop Central server is not switched off. It should be switched on constantly to complete various desktop-management tasks on a daily basis. All the desktop-management tasks can be completed using Desktop Central's Web-based administration console.

Desktop Central LAN Architecture

Figure 1: LAN Architecture of Desktop Central


The Desktop Central agent is a lightweight software application that is installed in computers which are managed using Desktop Central. It is installed automatically in the computers in a LAN. It helps to complete various tasks that are initiated in the Desktop Central server. For example, if you want to uninstall a software application from a computer in your network, you can make the required settings for this task in the Desktop Central server. The agent replicates these settings and ensures that the task is completed effectively.

The agent also updates the Desktop Central server with the status of configurations that are deployed. It checks the Desktop Central server periodically for instructions related to tasks and completes the same. The agent contacts the server when the following actions take place:

User-specific Configurations

  • Users log on
  • 90-minute refresh interval

Computer-specific Configurations

  • Computers are started
  • 90-minute refresh interval

Patch Database

The patch database is a portal on the ManageEngine Web site. It hosts the latest vulnerability database that is published after patches have been tested. The Desktop Central server synchronizes this information periodically and scans the computers in the network to determine which patches are missing. The patches that are missing are installed in the computers that are missing them.

The communication between the Desktop Central server and the patch database takes place either through a proxy server or through a direct connection to the Internet. The required patches are downloaded from the respective vendors' Web sites and stored in the Desktop Central server before deploying them to computers in the network. The agents copy the required patch binaries from the Desktop Central server.

Web Console

The Web console of Desktop Central provides a central point from where an administrator can manage all the tasks that are related to desktop management. This console can be accessed from anywhere. For example, it can be accessed through a LAN, WAN and from home using the Internet or a VPN. Separate client installations are not required to access the Web console.

Active Directory

In an Active Directory-based domain setup, the Desktop Central server gathers data from the Active Directory to generate the reports for the following:

  • Sites
  • Domains
  • Organizational Units (OUs)
  • Groups
  • Computers

This enables administrators to access all the information that is stored by the Active Directory.