Pulled based Device Checkin using the Stratodesk Announce feature

Pull Based checkins are an efficient way to manage networking resources and to traverse firewalls

Announce is the name of the procedure used by NoTouch OS client devices to contact NoTouch Center. Announce tells the management console about existence and runtime state of the client, and can lead to the client getting a new configuration or a firmware update.

Description


The client device connects the NoTouch Center server host by making an HTTPS connection to the stored server host name or IP address and port number (by default, the host name is "tcmgr" The system will try to connect via HTTPS/443 identifying itself and transmitting a few runtime information bits. NoTouch Center checks if there is something to do for this client, such as fetching a new configuration or a new firmware image, and sets the reply status accordingly. The client reacts accordingly and, if told to do so, contacts NoTouch Center again with a more specific request. You can configure the actual URL that NoTouch Center will hand out to its clients - please see here: URL Prefix

This protocol has been designed to work with only one-way TCP connection initiation, originating at the client, targeting NoTouch Center; in a world full of firewalls, gateways, network address translations, etc, it is much easier to have clients connect to a server than the other way round. That means, client will contact NTC periodically, NTC will tell them what to do, and this works fine. The frequency of this periodic connect can be adjusted by setting the announce interval parameter in the client's base settings; default is 60 minutes, which is reasonable for a working setup and does not impose too much traffic on your network, even in large installations. On the other hand, this means any parameter change you do in NoTouch Center may need up to one hour until it is transmitted out to the client(s).

You can use the hotkey combination  ctrl+alt+n to announce changes.

Firewall configuration


NoTouch Center uses HTTPS/443 port. please make sure that this is available from endpoint to management server.

Have clients announce now


If you want to see parameter changes out on the client immediately and it is possible to connect to the clients (speaking of networking and firewalling), you can make the clients announce instantly. The following easy steps assume that you are logged in to NoTouch Center and have a browser window showing NoTouch Center on the monitor in front of you. Have a look at the screenshot for further reference.

  1. "Right click" the client or group you want to "announce" in the tree view on the left
  2. Click on "Actions" on the fly out menu
  3. Choose "Announce" from the possible tasks

Announce

To prevent thousands of devices doing the announce at the exact same moment, clients will wait a random amount of time (at most half a minute), until the announce will actually be done.

Announce status on the client


The client will fetch a new configuration immediately after announce. This may or may not have visible consequences. NoTouch OS shows information about both received client actions (such as "search") and the pull-based announce. It displays date and time of last action, status and external information.

On a machine running NoTouch, open the local configuration, log in, and click on "Information". Scroll down until you see the "NoTouch Center" section like here:

Last_announce1

This screenshot shows us that the client connected to https://192.168.145.28:443/. Unless otherwise specified, the system tries to connect with HTTPS even if a plain HTTP URL is sent. This ensures compatibility for existing customers but also allows for maximum available security without breaking anything. To influence what URL will be sent by NoTouch Center, please see URL Prefix.

You can also get some of this information by using the Ctrl-Alt-s hotkey, also known as Sysadmin's best friend.

Troubleshooting


The clients don't get the configuration - what could be wrong? First of all:

If you are really sure that everything should work, here are things to consider:

  • The "announce" command packets are not getting through from NoTouch Center to the client. Then it is most likely a firewall problem. Client and Server announcements utilize port 443
  • The "announce now" command packets are going through, but the client announces to the wrong URL. This sometimes happens when you do not set the tcmgr hostname DNS "A Record" or after an IP address change. This could also happen if you change the default value for "announce URL" in the NoTouch Center configuration to an incorrect value or use NoTouch Center on a system with multiple IP addresses.
  • Announce is ok, the Announce URL on the client is ok, but the client can't get through to the server. Again, you might have a firewall problem. See above for protocol and port information.
  • If you are working with "Work from Home" or remotely NAT'd devices, you may want to consider using Stratodesk Cloud Xtension

Note: As stated above, inability to send "announce now" packets to the client does not make the system unusable. In fact, it is designed to work without that as NoTouch clients will announce anyway

  • at reboot, and
  • periodically ("management announce interval" parameter)

It is your decision if it is worth making sure "announce now" works in your firewalled environment or not. In any case you must make sure however that the actual announce (clients connecting to TCP 443 at NoTouch Center) works.