In very large environments, having every host connect to the Management Server directly would create a large load both in the number of network connections and bandwidth required to distribute the installation packages. To improve the scalability, the SSH Tectia Manager architecture allows grouping the hosts to distribution groups served by Distribution Servers. The Distribution Servers both concentrate the network connections and cache the installation packages, easing the load on the Management Server.

Figure 6.14. Example scenario

The hierarchy is managed using distribution groups. By default, every host resides in the top-level group and is served directly by the Management Server. In addition, the administator may create a number of distribution groups, assign one or two Distribution Servers to each group, and assign hosts to the groups. After deploying the hierarchy, the hosts in each group will disconnect from the Management Server and then contact the Distribution Servers of the group.

SSH Tectia Manager allows Distribution Servers on max. 5 levels, so that the Management Server is the top level, and there can be at most five Distribution Servers in the hierarchy between a host and the Management Server.

Each Distribution Server has a hard limit of 10.000 connected hosts. In practice, the amount of hosts per Distribution Server should be kept lower.

All operations, except software installation, will work identically for hosts connected directly to the Management Server and for hosts connected through the Distribution Servers. The hosts will register themselves to the Management Server as usual. The only difference is that the management protocol is routed through the Distribution Servers using their built-in protocol concentrator functionality.

Software installation will work normally when using distribution groups, except that the installation packages will be transferred from the Management Server to each downstream Distribution Server only once. This will significantly lessen the bandwidth load of the Management Server during installation operations compared to directly connected hosts which would each fetch the installation package straight from the Management Server.