Distributed Engine Operations
Secret Server Operations
Secret Server is a message-based system where components can publish or consume messages. The transport of these messages is via a bus:
-
Azure Service Bus for Secret Server Cloud
-
RabbitMQ for Secret Server On-Premises
Message Processing
-
Messages are published to a queue and consumers of those queues will remove the message and process the work associated with the message.
-
Messages have internal (non-configurable) priorities, for instance, Directory Services authentication has a higher priority than HB.
-
Messages can fall into one of three categories:
-
One-way workflow: Single message, for instance, change DE logging levels.
-
Two-way workflow asynchronous: First message performs HB, second message HB response.
-
Two-way workflow synchronous: First message DE requests a status update of a proxied session, SS engine worker sends a relatively immediate second message response.
Code Functionality
-
The code limits the amount of messages it can consume in a single sitting before attempting to consume additional messages.
-
No message routing to specific DEs is implemented.
-
No equal distribution of various workloads to individual DEs is attempted.
Primary Architectural Goal
-
High availability and allowing multiple endpoints to process workloads.
Distributed Engine Configuration
-
Via site and engine settings, a DE can be configured to consume all message types or a subset of the message types.
-
A DE can only consume messages from a single site.
Summary
-
DE message consumption is a non-deterministic algorithm; the bus manages which consumer will consume a message.
-
There is no round-robin distribution.
-
There is no mechanism in place for the SSH/RDP proxy workflow to choose a specific DE for a business user.
-
