Crossing network boundaries and firewalls with remote agents

IBM® UrbanCode Deploy supports remote agents: cross-network deployments.

While there is at least a low-bandwidth WAN connection between the server and remote agents, the IBM UrbanCode Deploy server can send work to agents in other geographic locations. To aid performance and ease maintenance, IBM UrbanCode Deploy uses agent relays to communicate with remote agents. An agent relay requires that only a single system in the remote network contact the server. Other remote agents communicate with the server by using the agent relay. All agent-server communication from the remote network goes through the relay.

The following, a simple artifact move, illustrates the mechanics of remote communications:

  1. A remote agent starts and establishes a connection to the agent relay via JMS, which, in turn, alerts the IBM UrbanCode Deploy server via JMS that the remote agent is online.
  2. The server sends, say, an artifact download command to the relay via JMS, and the relay delivers the message to the remote agent (also via JMS).
  3. The server locates the artifacts, and then:
    • Uploads the artifacts to the relay over HTTP or HTTPS, which begins streaming them directly to the agent over the server-relay HTTP or HTTPS connection.
    • After the remote agent completes the work, it informs the server via JMS.
A diagram of how an agent relay allows agents to communicate with a server through a firewall

By default, agent relays open the connection to the IBM UrbanCode Deploy server. If your firewall requires it, you can reverse the connection of the JMS port, but you cannot reverse the HTTP connection from the relay to the server. Remote agents open connections to the agent relay.

In configurations with relay agents, agents local to the IBM UrbanCode Deploy server continue to use direct communications.


Feedback