- 21 Oct 2024
- 7 Minutes to read
- Print
- DarkLight
- PDF
Architecture
- Updated on 21 Oct 2024
- 7 Minutes to read
- Print
- DarkLight
- PDF
The following figure shows the high-level logical architecture of the Liquit Workspace components, for both cloud and on-premise solutions.
Liquit as a Service (Cloud)
The most simple and easy solution for deploying a Liquit Workspace where Liquit hosts the system and your users can connect to it and use cloud-based apps over the Internet.
The following conditions apply for hosted zones:
- Inactive devices are removed after 120 Days
- Events are removed after 30 Days
- Removed packages are permanently deleted from the recycle bin after 30 Days
- Inactive sessions are removed after 8 Hours
- Completed tasks are removed after 30 Days
You can configure stricter settings within your system (zone) by adding Scheduled Tasks.
Liquit as a Service uses multiple IP addresses for outgoing traffic. All the addresses that are used can be found under the DNS entry "traffic.liquit.cloud". Most modern firewalls support DNS entries as the source.
On premise
Deploy a Liquit System within your existing server infrastructure, either in your own data centre or within a cloud tenant in AWS, Azure or Google Cloud.
Liquit Workspace Server
Liquit Workspace Server manages devices that have the Liquit Universal Agent or Liquit Workspace Agent installed. It also authenticates users against an existing user directory service like Azure AD.
Multiple servers can host the same zones, to allow redundancy and spreading load across multiple servers.
The Liquit Web Portal is hosted by the built-in Web Server component.
For more information, see Requirements, Installation or Configuration.
Serverutil
It's a standalone configuration utility which can be used to register the local device as a new server within an existing Liquit Workspace database and to change the Server.json
file. For more information, see Serverutil.
Liquit Workspace Satellite Server
A satellite is a separate server component that can be installed within a remote site or branch location. It runs as a standalone from a Liquit System, does not need direct access to the SQL database but it does need HTTP(S) access to a Liquit zone (the satellite server needs to be able to contact the zone and vice versa).
A single satellite can be used by multiple zones.
Scenarios in which a satellite might come in handy:
- Content offloading for Agents
By default, all Agents will download content directly from the primary servers. When multiple devices are connecting from a remote branch location and try to download content (new distribution or application update), it could cause internet or WAN connections to be overwhelmed.
In this scenario, one or more Liquit Workspace Satellite Servers could be installed within a remote branch office. After which the Agents can be configured to use the Content Access feature to locate them. This ensures that all content will be downloaded only once per Liquit Workspace Satellite Server over the internet or WAN connection. This is possible by using both on-demand and download stream sharing among devices that request the same content. So even when the Liquit Workspace Satellite Server is still in the process of retrieving the necessary content itself, it will already be able to push content to Agents. Thus, ensuring that only 1 download stream exists over the internet or WAN connection.
The satellite also caches the content locally for later requests made by Agents.
- Connector to local resources behind a firewall
By using a Liquit Workspace Satellite Server it's possible to create connectors that access RDP hosts or Printer servers that are otherwise not directly accessible by the Liquit Workspace Servers that host the zone. By having a Liquit Workspace Satellite Server installed within the same network as the target systems still allows you to import those resources for quick and easy setup within Liquit Workspace.
Keep in mind that devices are still required to connect directly to the remote systems. A Liquit Workspace Satellite Server doesn't proxy connectivity for end-user devices.
For more information, see Requirements, Installation or Configuration.
Liquit Universal Agent
Liquit Universal Agent is required to install and launch local applications on devices used to access the Liquit Workspace. Only a subset of the features supported by Liquit Workspace is available for devices that do not have the Agent installed.
Liquit Universal Agent is a replacement for the Liquit Workspace Agent which reached the end of support. See Liquit Workspace Agent below for more details.
Liquit Universal Agent is only compatible with Liquit Workspace Servers that run version 4.0 or later.
The Agent component is available for Windows and macOS platforms and allows managing both the OS and local applications. That means transparent and seamless application management for all applications across thousands of users demanding countless configurations. Your end-users still access their applications seamlessly and without disruption.
Main features:
- Can be installed on modern macOS and Windows devices
- Can install and launch native applications dmg, zip, tar, pkg, tar.gz and mpkg on macOS devices
- Can install and launch native applications msi, msix, appx, and exe on Windows devices
- Apply cross-platform filters and contexts
Upgrade from the Liquit Workspace Agent
The new Liquit Universal Agent installer supports upgrading from the Liquit Workspace Agent. Please read the corresponding documentation on how to upgrade the Workspace Agent and how the behaviour can be modified so it suits your deployment method.
Offline Mode
Offline access to your applications allows you to use Liquit Workspace without having access to the Liquit System. Offline support can be configured per application, so it can be available without an Internet connection. See Agent Configuration for instructions on how to enable offline mode for devices.
In Offline Mode, the Liquit Launcher has limited functionality: the Side Menu and tabs (Workspace, Contacts, Catalog, Manage) are hidden, only the toolbar without the side menu toggler is displayed, the user is not allowed to change any personal settings and applications can only be installed and started.
For more information, see Requirements, Installation or Configuration.
Liquit Workspace Agent
3.10 is the last version of Liquit Workspace Agent and it supports all actions and filters that have been introduced in Liquit 4.0. Other features like Device Registration and Agent settings are not supported. Liquit Workspace Agent will not be updated to support new actions and filters beyond this version.
Features that are not supported by the Liquit Workspace Agent:
- Download resume support for content
- Intelligent content distribution
- macOS support
- Certificate based device registration
- Certificate-based device authentication
- Zone configured Agent settings
For more information, see Requirements, Installation or Configuration.
Identity Sources
Users and groups are synchronized with an existing user directory service. Each Liquit Workspace Server will synchronize the identities to create a local Identity cache per server. For more information, see Identity Sources.
Liquit System
A Liquit System is the highest layer within the Liquit Workspace architecture. Based on how you want the system to be configured, it can comprise of Liquit Workspace Servers, MS-SQL Database servers, Liquit Workspace Satellite Servers, Storage, Azure blob and Load balancers.
Zone
In most use case scenarios, a Liquit zone has configurations made for one organization which owns one license. Sometimes, a zone can be configured for a certain task, like a production or development system.
A zone can have one or more domains to which the Liquit System is listening; for example, if you need a different look and feel of the Liquit Workspace for each branch of your organization.
In case of a multiple zone setup, they all share the Liquit System resources (connectors, back-end components and identity sources) for cost reduction.
Every zone in Liquit Workspace needs its own license.
Primary vs non-primary zones
After you install the first Liquit Workspace Server required for a new Liquit System, the primary zone and local admin account are automatically created.
You can later add how many non-primary zones you like, all of them will be created on top of the primary one. There can be only one primary zone within a Liquit System, but you can choose which zone you want to be primary after you finish the configuration of your system.
A primary zone allows you to configure settings and tasks at the system level (e.g. Email servers) whereas a non-primary zone allows you to configure settings and tasks only at the zone level.
Zone permission vs system permission
For more details see Permissions.
Content Store
All content (icons, background images, setup files) that are uploaded to Liquit Workspace will be stored in the Content Store. Files that are uploaded to the Content Store will automatically make use of the built-in deduplication feature of Liquit Workspace. This feature works across zones for increased storage efficiency.
Local content will be replicated among all Liquit Workspace Servers within a database. This ensures the high availability of all content.
Database
Microsoft SQL or Azure SQL is used to host all data within your Liquit Workspace. The database is accessed by the Liquit Workspace Servers. See Requirements for which types of databases are supported.
Load-balancing
A load balancing solution is required to enable redundancy and for spreading the load across multiple Liquit Workspace Servers. For more information, see Load balancing.