Architecture

The following figure shows the high-level logical architecture of the Liquit Workspace components, for both cloud and on-premise solutions.

Liquit as a Service (Cloud)

The most simple and easy solution for deploying a Liquit Workspace where Liquit hosts the environment and your users can connect to it and use cloud-based apps over the Internet.

The following conditions apply for hosted zones:

• Inactive devices are removed after 120 Days
• Events are removed after 30 Days
• Removed packages are permanently deleted from the recycle bin after 30 Days
• Inactive sessions are removed after 8 Hours
• Completed tasks are removed after 30 Days

You can configure stricter settings within your environment (zone) by adding Scheduled Tasks.

Liquit as a Service uses multiple IP addresses for outgoing traffic. All the addresses that are used can be found under the DNS entry "traffic.liquit.cloud". Most modern firewalls support DNS entries as source.

On premise

Deploy a Liquit Workspace environment within your existing server infrastructure, either in your own datacenter or within a cloud tenant in AWS, Azure or Google Cloud.

Liquit Workspace Server

Liquit Workspace Server manages devices that have the Liquit Universal Agent or Liquit Workspace Agent installed. It also authenticates users against an existing user directory service like Azure AD.

Multiple servers can host the same zones, to allow redundancy and spreading load across multiple servers.

Liquit Workspace Satellite

A satellite is a separate server component that can be installed within a remote site or branch location. It runs as a standalone from a Liquit Workspace environment, does not need direct access to the SQL database but it does need HTTP(S) access to a Liquit zone (the satellite server needs to be able to contact the zone and vice versa).
A single satellite can be used by multiple zones.

Scenarios in which a satellite might come in handy:

• Content offloading for agents

By default, all agents will download content directly from the primary servers. When multiple devices are connecting from a remote branch location and try to download content (new distribution or application update), it could cause internet or WAN connections to be overwhelmed.
In this scenario, one or more Satellite Servers could be installed within a remote branch office. After which the agents can be configured to use the Content Access feature to locate them. This ensures that all content will be downloaded only once per Satellite Server over the internet or WAN connection. This is possible by using both on-demand and download stream sharing among devices that request the same content. So even when the Satellite Server is still in progress of retrieving the necessary content itself, it will already be able to push content to agents. Thus, ensuring that only 1 download stream exists over the internet or WAN connection.
The satellite also caches the content locally for later requests made by Agents.

• Connector to local resources behind a firewall

By using a Satellite Server it's possible to create connectors that access RDP hosts or Printer servers that are otherwise not directly accessible by the Liquit Servers that host the zone. By having a Satellite Server installed within the same network as the target systems still allows you to import those resources for quick and easy setup within Liquit Workspace.

Liquit Universal Agent

Liquit Universal Agent is required to install and launch local applications on devices used to access the Liquit Workspace. Only a subset of the features supported by Liquit Workspace is available for devices that do not have the Agent installed.

Liquit Universal Agent is a replacement for the Liquit Workspace Agent which reached end of support. See Liquit Workspace Agent for more details.

The Agent component is available for Windows and macOS platforms and allows managing both the OS and local applications. That means transparent and seamless application management for all applications across thousands of users demanding countless configurations. Your end-users still access their applications seamlessly and without disruption.

Main features:

• Can be installed on modern macOS and Windows devices
• Can install and launch native applications dmg, zip, tar, pkg, tar.gz and mpkg on macOS devices
• Can install and launch native applications msi, msix, appx, exe on Windows devices
• Apply cross platform filters and contexts

Configuration

Liquit Universal Agent uses the Agent.json configuration file which is compatible with all platforms.

Upgrade from the Workspace Agent

The new Liquit Universal Agent installer supports upgrading from the Workspace Agent to the new Universal Agent. Please read the corresponding documentation on how to upgrade the Workspace Agent and how the behaviour can be modified so it suits your deployment method.

Offline Mode

Offline access to your applications allows you to use Liquit Workspace without having access to the Liquit environment. Offline support can be configured per application, so it can be available without Internet connection. See Agent Configuration about how to enable offline mode for devices.

In Offline Mode, the Liquit Launcher has limited functionality: the Side Menu and tabs (Workspace, Contacts, Catalog, Manage) are hidden, only the toolbar without the side menu toggler is displayed, the user is not allowed to change any personal settings and applications can only be installed and started.

Liquit Workspace Agent

Features that are not supported by the Liquit Workspace Agent:

• Download resume support for content
• Intelligent content distribution
• macOS support
• Certificate based device registration
• Certificate based device authentication
• Zone configured Agent settings

Identity Sources

Users and groups are synchronized with an existing user directory service. Each Liquit Workspace Server will synchronize the identities to create a local Identity cache per server.

Liquit System

A Liquit System is the highest layer within the Liquit Workspace architecture. Both Servers and Zones are part of a single system.

Zone

Zones are separate management environments that allow you to host multiple tenants within a single Liquit System. There-by sharing all Liquit Workspace Servers and back-end components for cost reduction.

Content Store

All content (icons, background images, setup files) that are uploaded to Liquit Workspace will be stored in the Content Store. Files that are uploaded to the Content Store will automatically make use of the built-in deduplication feature of Liquit Workspace. This feature works across zones for increased storage efficiency.

Local content will be replicated among all Liquit Workspace Server instances within a database. This ensures high availability of all content.

Database

Microsoft SQL or Azure SQL is used to host all data within your Liquit Workspace. The database is accessed by the Liquit Workspace Servers.

Load-balancing

A load balancing solution is required to enable redundancy and for spreading load across multiple Liquit Workspace Server instances.