Deployment Manager - 1.0
Linking Deployment Manager to Agents
This page describes how Deployment Manager and Agent servers communicate in a secure way.
Background
Some deployment technologies have no security at all. Some require machines to be on the same Active Directory domain, or on the same LAN. Others require you to set up usernames and passwords, and to store them in configuration files.
When designing Deployment Manager, we wanted to make it easy to have secure deployments out of the box, without expecting machines to be on the same domain. A common example is when the Deployment Manager server is running in your local LAN, close to your developers, while your production servers are running in the cloud or at a remote data center.
We achieve this security using public-key cryptography.
Deployment Manager/Agent communication
The Agent service listens on TCP port 10301 by default, though this can be changed during the installation. Deployment Manager sends commands to it in the form of HTTP requests. These requests are encrypted using a pair of X509 certificates. This establishes a trust relationship between the two machines:
- Your Deployment Manager server will only issue commands to the Agents that it trusts
- Your Agents only accept commands from a Deployment Manager they trust.
When you install the Agent service, you add a key for the Deployment Manager servers it should trust. When you register a machine in Deployment Manager, you'll add the Agent key.
In the diagram below, you can see the Deployment Manager web interface where machines are registered, and the Agent administration application:
Since this is all based on public-key cryptography, it creates a highly secure way for the two machines to communicate without exchanging passwords, and works much like an SSH connection in the UNIX world. If necessary you can further restrict access using IPSec or VPN's, though this usually isn't necessary.
Agent permissions
The Agent service by default runs as Local System. This is because during installation of your applications you usually need to perform tasks that require a high-degree of access to the machine.
For the sake of security, however, it's better to create a custom Windows user that has only the permissions you know you'll need. You can then configure the Deployment Manager Agent windows service to run under that account.
Was this article helpful?
Installing and upgradingall SQL products
- Compatibility of Red Gate tools in 64-bit environments
- Application has encountered an error and needs to close
- Error message after installing SQL Toolbelt - The description for Event ID ( 1 ) in Source ( nview_info ) cannot be found.
- Changing the temporary directory used by the installer
- Toolbelt Installer "hanging" while "scanning volumes"
- Login failing with "trusted SQL Server connection" error when using RunAs
all products
- Some Red Gate products identified as containing a trojan by Anti-Virus software
- Activation may fail with Unknown Error -1
- Product uses web help although a CHM file is available locally
- Argument exception resulting from missing environment variable
- Check for updates may fail when used through proxies
- 'Unidentified Publisher' error when repairing or uninstalling
- Licensing activates product as standard edition
- Moving Red Gate software products to another machine
- Red Gate tools log locations
- The application UI opening slowly when there is no internet access
all SQL products
all products
- Red Gate product acknowledgements
- Activating your products
- Activating your products
- Red Gate bundle history
- Check for updates
- Troubleshooting Check for Updates errors
- Current versions
- Deactivating your products
- Installing Red Gate products from the .msi file
- Requesting additional activations
- Serial numbers for bundles
- Reactivating using a different serial number
- Extending your trial
- Finding your serial numbers
- Moving a serial number from one computer to another
- No response received for manual activation
- Licensing and activation resources
- Licensing and activation resources
- Troubleshooting licensing and activation errors
- Licensing and activation FAQs
- Red Gate tools log file locations
- Download old versions of products
- Download product prerequisites & utilities
- Support & upgrades
- Upgrading your software
- Upgrading FAQs
