Agent security and communication
Agents use SSL-secured WebSocket, and HTTPS protocols to communicate with the server.
Agent overview
Agents do the actual work of deployment, which removes the task from the server. Agents are an important part of scalability in IBM® UrbanCode® Deploy.
Web agents use WebSocket connections and HTTPS for agent-server communication. Web agents were introduced with version 7.0.0.
Although an agent is typically considered as a single process, technically an agent consists of a worker process and a monitor process. The worker process is a multithreaded process that runs the deployment work after it receives commands from the server. Work commands come from plug-in steps, which provide integration with many third-party tools. The monitor is a service that manages the worker process: starting and stopping, handling restarts, upgrades, and security, for example. After an agent is installed, it can be managed from the IBM UrbanCode Deploy web application.
Agent security
All processes, including packaging, configuration, and deploying, that the IBM UrbanCode Deploy server requests run on hardware that is assigned to agents. For added security, agents do not listen to ports, but open direct connections to the server instead. After an installed agent starts, the agent opens a socket connection to the IBM UrbanCode Deploy server based on the installation information.
Agents on networks other than the one where the server is located might need to open a firewall to establish connection. After communication is established, the agent will be visible in the IBM UrbanCode Deploy web application where it can be configured. Active agents, regardless of operating system, can be upgraded with the web application.
Agent communication
Web agents uses WebSocket connections for tracking agent status and notifications, and HTTP for everything else.
For more information about firewall configuration and port usage, see System requirements and performance considerations and Firewall and communication configuration.
Stateless server-agent communication provides significant benefits to performance, security, availability, and disaster recovery. Because each agent request is self-contained, a transaction consists of an independent message, which can be synchronized to auxiliary storage as it occurs. Either endpoint, server or agent, can be stopped and restarted without repercussion, other than lost time. If communications fail midtransaction, no messages are lost. After they are reconnected, the server and agent automatically determine which messages got through and what work was completed. After an outage, the system synchronizes the endpoints and recovers affected processes. The results of work that an agent completes during the outage are communicated to the server.