• 26 Sep 2023
  • 7 Minutes to read
  • Dark
  • PDF


  • Dark
  • PDF

Article summary

The following figure shows the high-level logical architecture of the Liquit Workspace components, for both cloud and on-premise solutions.


Liquit as a Service (Cloud)

The most simple and easy solution for deploying a Liquit Workspace where Liquit hosts the environment and your users can connect to it and use cloud-based apps over the Internet.

The following conditions apply for hosted zones:

  • Inactive devices are removed after 120 Days
  • Events are removed after 30 Days
  • Removed packages are permanently deleted from the recycle bin after 30 Days
  • Inactive sessions are removed after 8 Hours
  • Completed tasks are removed after 30 Days

You can configure stricter settings within your environment (zone) by adding Scheduled Tasks.

Liquit as a Service uses multiple IP addresses for outgoing traffic. All the addresses that are used can be found under the DNS entry "". Most modern firewalls support DNS entries as source.

On premise

Deploy a Liquit Workspace environment within your existing server infrastructure, either in your own datacenter or within a cloud tenant in AWS, Azure or Google Cloud.

Liquit Workspace Server

Liquit Workspace Server manages devices that have the Liquit Universal Agent or Liquit Workspace Agent installed. It also authenticates users against an existing user directory service like Azure AD.

Multiple servers can host the same zones, to allow redundancy and spreading load across multiple servers.

The Liquit Web portal is hosted by the built-in Web Server component.

For more information, see Requirements, Installation or Configuration.


It's a standalone configuration utility which can be used to register the local device as a new server within an existing Liquit Workspace database and to change the Server.json file. For more information, see Serverutil.

Liquit Workspace Satellite Server

A satellite is a separate server component that can be installed within a remote site or branch location. It runs as a standalone from a Liquit Workspace environment, does not need direct access to the SQL database but it does need HTTP(S) access to a Liquit zone (the satellite server needs to be able to contact the zone and vice versa).
A single satellite can be used by multiple zones.

Scenarios in which a satellite might come in handy:

  • Content offloading for agents

By default, all agents will download content directly from the primary servers. When multiple devices are connecting from a remote branch location and try to download content (new distribution or application update), it could cause internet or WAN connections to be overwhelmed.
In this scenario, one or more Satellite Servers could be installed within a remote branch office. After which the agents can be configured to use the Content Access feature to locate them. This ensures that all content will be downloaded only once per Satellite Server over the internet or WAN connection. This is possible by using both on-demand and download stream sharing among devices that request the same content. So even when the Satellite Server is still in progress of retrieving the necessary content itself, it will already be able to push content to agents. Thus, ensuring that only 1 download stream exists over the internet or WAN connection.
The satellite also caches the content locally for later requests made by Agents.

  • Connector to local resources behind a firewall

By using a Satellite Server it's possible to create connectors that access RDP hosts or Printer servers that are otherwise not directly accessible by the Liquit Servers that host the zone. By having a Satellite Server installed within the same network as the target systems still allows you to import those resources for quick and easy setup within Liquit Workspace.

Client connectivity

Keep in mind that devices are still required to connect directly to the remote systems. A satellite server doesn't proxy connectivity for end user devices.

For more information, see Requirements, Installation or Configuration.

Liquit Universal Agent

Liquit Universal Agent is required to install and launch local applications on devices used to access the Liquit Workspace. Only a subset of the features supported by Liquit Workspace is available for devices that do not have the Agent installed.

Liquit Universal Agent is a replacement for the Liquit Workspace Agent which reached end of support. See Liquit Workspace Agent below for more details.

Server compatibility

Universal Agent is only compatible with Liquit Workspace Servers that run version 4.0 or later.

The Agent component is available for Windows and macOS platforms and allows managing both the OS and local applications. That means transparent and seamless application management for all applications across thousands of users demanding countless configurations. Your end-users still access their applications seamlessly and without disruption.

Main features:

  • Can be installed on modern macOS and Windows devices
  • Can install and launch native applications dmg, zip, tar, pkg, tar.gz and mpkg on macOS devices
  • Can install and launch native applications msi, msix, appx, exe on Windows devices
  • Apply cross platform filters and contexts

Upgrade from the Workspace Agent

The new Liquit Universal Agent installer supports upgrading from the Workspace Agent to the new Universal Agent. Please read the corresponding documentation on how to upgrade the Workspace Agent and how the behaviour can be modified so it suits your deployment method.

Offline Mode

Offline access to your applications allows you to use Liquit Workspace without having access to the Liquit environment. Offline support can be configured per application, so it can be available without Internet connection. See Agent Configuration about how to enable offline mode for devices.

In Offline Mode, the Liquit Launcher has limited functionality: the Side Menu and tabs (Workspace, Contacts, Catalog, Manage) are hidden, only the toolbar without the side menu toggler is displayed, the user is not allowed to change any personal settings and applications can only be installed and started.

For more information, see Requirements, Installation or Configuration.

Liquit Workspace Agent

End of support announcement

3.10 is the last version of Liquit Workspace Agent and it supports all actions and filters that have been introduced in Liquit 4.0. Other features like Device Registration and Agent settings are not supported. Liquit Workspace Agent will not be updated to support new actions and filters beyond this version.

Features that are not supported by the Liquit Workspace Agent:

For more information, see Requirements, Installation or Configuration.

Identity Sources

Users and groups are synchronized with an existing user directory service. Each Liquit Workspace Server will synchronize the identities to create a local Identity cache per server.

Liquit System

A Liquit System is the highest layer within the Liquit Workspace architecture. Based on how you want yhe system to be configured, it can comprise of Liquit Workspace Servers, MS-SQL Database servers, Liquit Satellite Servers, Storage, Azure blob and Load balancers.


In most use case scenarios, a Liquit zone has configurations made for one organization which owns one license. Sometimes, a zone can be configured for a certain task, like a production or development environment.
A zone can have one or more domains to which the Liquit System is listening; for example, if you need a different look and feel of the Liquit Workspace for each branch of your organization.
In case of a multiple zone setup, they all share the Liquit System resources (connectors, back-end components and identity sources) for cost reduction.


Every zone in Liquit Workspace needs its own license.

Primary vs non-primary zones

After you install the first Liquit Workspace Server required for a new Liquit System, the primary zone and local admin account are automatically created.
You can later add how many non-primary zones you like, all of them will be created on top of the primary one. There can be only one primary zone within a Liquit System, but you can choose which zone you want to be primary after you finish the configuration of your system.

A primary zone allows you to configure settings and tasks at system level (e.g. Email servers) whereas a non-primary zone allows you to configure settings and tasks only at zone level.

Zone permission vs system permission

For more details see Permissions.

Content Store

All content (icons, background images, setup files) that are uploaded to Liquit Workspace will be stored in the Content Store. Files that are uploaded to the Content Store will automatically make use of the built-in deduplication feature of Liquit Workspace. This feature works across zones for increased storage efficiency.

Local content will be replicated among all Liquit Workspace Servers within a database. This ensures high availability of all content.


Microsoft SQL or Azure SQL is used to host all data within your Liquit Workspace. The database is accessed by the Liquit Workspace Servers.


A load balancing solution is required to enable redundancy and for spreading load across multiple Liquit Workspace Servers.

Was this article helpful?