Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Chapter 6 Distributed Environment

In large networks, SSH Tectia Manager scalability can be improved by adding Distribution Servers. If every host connects directly to the Management Server, it creates a large load both in number of network connections and bandwidth required to distribute the installation packages. Distribution Servers can be used to share the load by grouping the hosts to distribution groups served by Distribution Servers. The Distribution Servers both concentrate the network connections and cache the installation packages, easing the load on the Management Server.

Also note that the Management Server requires one file descriptor per Management Agent or Distribution Server connecting directly to it. In large environments, it is advisable to use several Distribution Servers to keep the ulimit for file descriptors on reasonable level.

Example scenario

Figure 6.1. Example scenario

The hierarchy is managed using distribution groups. By default, every host resides in the top-level group and is served directly by the Management Server. From here, the administator may create a number of distribution groups, assign one or two Distribution Servers to each group, and assign hosts to groups. The hosts in each group will, after deploying the hierarchy, disconnect and then contact the Distribution Servers of the group. The Distribution Servers will contact the Distribution Servers at the next level, or the Management Server for the groups directly under the top level.

Each Distribution Server has a hard limit of 10000 connected hosts. In practice, the amount of hosts per Distribution Server should be kept lower. The architecture supports at most five levels, i.e. there can be at most five Distribution Servers in the hierarchy between a host and the Management Server.

All operations except software installation will work identically for hosts connected directly to the Management Server and for hosts connected through Distribution Servers. The hosts will register themselves to the Management Server as usual. The only difference is that the management protocol is routed through the Distribution Servers using their built-in protocol concentrator functionality.

Software installation will work normally when using distribution groups, except that the installation packages will be transferred from Management Server to each downstream Distribution Server only once. This will significantly lessen the bandwidth load the Management Server causes during installation operations, as directly connected hosts would transfer each installation package separately straight from the Management Server.

If both Distribution Servers of a group are unreachable for some reason, the hosts in the group will try to connect directly to the Management Server.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more