Latest Posts

Thycotic Distibuted Engine

 Distributed Engine supports Active Directory Synchronization, Authentication, Heartbeat, Password Changing, Discovery, and SSH Proxying. Distributed Engine has three components – Engines, Sites, and Site Connectors:

  • An engine is a Windows service that does the actual work, such as password changing, heartbeat, Discovery, and more. Each engine belongs to a site.

  • site can be thought of as a bucket of work items for a particular network area. Each engine is assigned to a single site, but each site can include multiple engines, significantly increasing throughput.

  • site connector is a Windows service that holds the work items for a number of sites. The site connector can be either RabbitMQ or MemoryMQ (a built-in service developed by Thycotic). Each site can only be assigned to a single site connector, but you can have multiple site connectors running on separate machines, each storing work items for multiple sites. Those sites, in turn, distribute the work items among multiple engines. The ability to add new Site Connectors, Sites, and Engines as needed makes Distributed Engine a highly-scalable solution.

Note: For the highest scalability and reliability, Thycotic recommends using RabbitMQ. MemoryMQ is an easier but less capable alternative for customers who do not need many engines or sites.

Distributed Engine Major Components



The major components diagram above shows the ports that are used for connecting to the site connector for both retrieval of new work and placement of task results (site connector port). There is an additional port the engine uses during initial configuration and at a regular interval to retrieve the most up-to-date configuration information (callback port) this port is on the Secret Server instance rather than on the site connector. 

Engine Workflow

The following list demonstrates the operations that occur in a typical engine workflow: 
1  The engine starts up. 

2  Connect to Secret Server using the engine callback port. 
  • Secret Server verifies that the engine is authorized. 
  • Engine requests configuration & site information from Secret Server in regular intervals. 
3  The engine connects to the site connector via the site connector port and looks for work in its site bucket. 

4  The engine picks up as many work items as it can at one time and works on them. 

5  When a work item is complete, the engine sends the result of the work item back to Secret Server byway of the Site Connector.

Installing & Configuring Site Connectors

No comments