Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Solution Framework
  3. Provisioning

Category filter

Enterprise Architecture for High-Availability Device Management

Jump To

1. Edge Traffic and Load Distribution Layer

This layer handles initial request ingestion, ensuring high availability and optimized resource utilization across the platform.

  • SSL/TLS Termination: Handled explicitly at the edge layer.
  • Compute Preservation: Application servers receive already-decrypted traffic, reserving CPU cycles strictly for orchestration and policy evaluation.
  • Load Balancing: Utilizes enterprise-grade load balancing technology to distribute traffic, preventing any single node from becoming a connection bottleneck.
  • Architectural Flexibility: The underlying load balancing technology is abstracted to allow for future infrastructure adaptations.

2. MQTT Communication Layer: Real-Time Control Plane

Provides an always-on, bidirectional communication channel with managed endpoints to facilitate near real-time command execution.

Cluster Design & Protocol

Deployment Model: High-availability, multi-server configuration that scales dynamically based on customer size and operational demands.

Protocol: MQTT over TLS utilizing Port 8883.

Operational Logic

  • Zero-Polling Latency: Persistent socket connections eliminate traditional polling delays.
  • Instant Push: Commands (e.g., remote wipe, OS updates, compliance enforcement, configuration changes) are pushed instantly to targeted devices.
  • Surge Absorption: The architecture is purpose-built to absorb burst traffic during large-scale administrative actions while maintaining complete delivery integrity.

3. Application and Orchestration Layer

Responsible for processing device telemetry, administrative actions, and policy decisions while strictly maintaining operational isolation between workloads.

Core Components & Traffic Segmentation

  • Compute Nodes: Hexnode enterprise application nodes deployed in a clustered, high-availability configuration.
  • Console Traffic: Technician console activity routes over HTTPS (Port 443).
  • Device Traffic: Device-driven telemetry and command execution routes over MQTT (Port 8883).

Isolation Strategy

Administrative console traffic is logically isolated from device-originated workflows. This ensures console responsiveness is never degraded during high-processing backend events, such as:

  • Inventory refresh cycles
  • Compliance scans
  • Bulk command execution

Data Correlation Sources

The orchestration engine correlates data from multiple streams:

  1. MQTT telemetry streams.
  2. Declarative Device Management signals.
  3. Push notification services (WNS and APNS).

4. Data Architecture and Storage Model

Engineered for low-latency reads, sustained high-volume write throughput, and logical tenant separation at scale.

Storage Infrastructure

  • Primary Data Store: Clustered PostgreSQL deployment configured for high availability (operates in a clustered configuration rather than a sharded model).
  • Object and Log Storage: Amazon S3-based infrastructure utilized for extensive log data and object storage requirements.

Read Optimization

  • Replication: Read replicas are deployed to enhance query performance and support heavy technician-facing operations.
  • Performance Strategy: High query speeds are achieved through advanced indexing strategies, read replication, and intelligent workload distribution rather than dataset sharding.

5. Network Distribution Layer: DAFS Overlay

The Distributed Apps and Files Servers (DAFS) operate as an overlay delivery mechanism designed to drastically reduce WAN congestion during large-scale software distribution and OS deployments.

Capability Description
Regional Nodes Lightweight virtual machines deployed based on customer topology and regional traffic distribution.
Caching Model Software binaries are cached regionally to minimize repeated WAN transfers.
Delivery Path Endpoints retrieve payloads from the nearest available node over LAN where possible.
Network Impact Transforms global rollout traffic into localized network events, vastly improving deployment efficiency.

6. Security and Data Isolation Model

Secures data in transit and at rest while enforcing strict access boundaries across the platform.

Tenant Isolation

  • Logical Separation: Complete logical separation of compute and database resources per customer environment.
  • Zero Cross-Talk: No cross-tenant data paths are permitted anywhere within the architecture.

Encryption Standards

  • At Rest: Database-level encryption is enabled; object storage encryption is enforced natively within the storage infrastructure.
  • In Transit:
    • MQTT communication secured over TLS (Port 8883).
    • HTTPS management traffic secured over TLS (Port 443).
    • TLS 1.2 is enforced as the strict baseline transport encryption standard.

Access Control

  • RBAC Boundaries: Strict role-based access boundaries exist between the UEM administrative portal and the underlying infrastructure/orchestration layers.
  • Least Privilege: Administrative UEM privileges do not grant infrastructure-level access by default.

7. Target Performance Objectives

Performance naturally scales horizontally based on deployment topology and specific customer workload characteristics.

Metric Target Standard
Command Latency Near real-time delivery via persistent MQTT connections.
Inventory Search Optimized sub-second response via read replication and indexing strategies.
Concurrent Administrators Highly scalable via the clustered deployment architecture.
Availability High-availability (HA) configuration across load balancing, application, and database layers.
Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Solution Framework