Distributed Engines Operations

Secret Server Operations

Secret Server is a message-based system where components can publish or consume messages. The transport of these messages is via a bus:

  • Azure Service Bus for Secret Server Cloud

  • RabbitMQ for Secret Server On-Premises

Message Processing

  • Messages are published to a queue and consumers of those queues will remove the message and process the work associated with the message.

  • Messages have internal (non-configurable) priorities, for instance, Directory Services authentication has a higher priority than HB.

  • Messages can fall into one of three categories:

    1. One-way workflow: Single message, for instance, change DE logging levels.

    2. Two-way workflow asynchronous: First message performs HB, second message HB response.

    3. Two-way workflow synchronous: First message DE requests a status update of a proxied session, SS engine worker sends a relatively immediate second message response.

    Code Functionality

    • The code limits the amount of messages it can consume in a single sitting before attempting to consume additional messages.

    • No message routing to specific DEs is implemented.

    • No equal distribution of various workloads to individual DEs is attempted.

    Primary Architectural Goal

    • High availability and allowing multiple endpoints to process workloads.

    Distributed Engine Configuration

    • Via site and engine settings, a DE can be configured to consume all message types or a subset of the message types.

    • A DE can only consume messages from a single site.

    Summary

    • DE message consumption is a non-deterministic algorithm; the bus manages which consumer will consume a message.

    • There is no round-robin distribution.

    • There is no mechanism in place for the SSH/RDP proxy workflow to choose a specific DE for a business user.