1E Architecture
A description of 1E Stacks and their 1E components, the 1E clients, and how they connect to provide 1E features.
1E deployment architecture
At the top-most level, 1E architecture consists of 1E Server components, grouped into Stacks, and clients that are deployed onto the devices that you want to manage.
1E Server Stacks
Every 1E system has a single Master Stack, which provides web services for 1E applications. Master Stack components are typically all installed on a single Master Server.
1E real-time features require Response Stacks, which are made up of one or more Response Servers. A DMZ Server is an example of a Response Server. Each Response Stack has at least one Background Channel for sharing resources and a single Core component that supports an associated set of up to five Switches. Switches are the primary mechanism for rapidly requesting and retrieving responses from the 1E Client. As each Switch can handle up to 50,000 devices there is a limit of 250,000 devices per Response Stack. Higher numbers can be achieved if you contact 1E for guidance. Switches may be local or remote to the other components in the Response Stack.
Databases for 1E, 1E Catalog, Content Distribution, and Experience Analytics are installed on SQL Server database instance(s) that may also be local or remote to their respective Master and Response servers. It is also possible for multiple Response Stacks to share the same Responses database.
Please refer to the:
Architectural requirements section for guidance on which architecture to choose
Communication Ports reference page for connection details between components and ports necessary for firewalls.
1E Single-Server system
In the most basic setup, there is a single server that hosts both a Master Stack and a Response Stack and this can be deployed by selecting the default settings in 1E Server Setup.
The following table shows the 1E platform components, including 1E Master and Response Stacks, and also shows the DMZ Server discussed in 1E architecture for Internet-facing devices.
Subsystem | Component | Web application | Master Stack | Response Stack | DMZ Server |
|---|---|---|---|---|---|
Master Server | 1E portal UI and applications | 1E | 1 | ||
Consumer API | Consumer | 1 | |||
Coordinator service | 1 | ||||
1E Master database | 1 (optionally Remote) | ||||
Experience Analytics | Experience Analytics API | Experience Analytics | 1 | ||
Experience Analytics database | 1 (optionally Remote) | ||||
Content Distribution | Content Distribution API | Content Distribution | 1 (optional) | ||
Content Distribution database | 1 (optionally Remote) | ||||
1E Catalog | 1E Catalog UI | CatalogWeb | 1 | ||
1E Catalog API | CatalogWeb | ||||
1E Catalog Update Service | |||||
1E Catalog database | 1 (optionally Remote) | ||||
SLA and Inventory | SLA Platform UI and SLA applications | Platform | 1 | ||
SLA Admin | Admin | 1 | |||
SLA Engine | 1 | ||||
SLA Integrate services:
| 1 | ||||
SLA Operations Provider API | CoreExternal | 1 | |||
SLA databases (Data, Integrate, Shared) | 1 (optionally remote) | ||||
Response Server | Core | Core | 1 | ||
Background Channel | Background | 1 | 1 | ||
Switch(es) (also includes a single Switch Host service) | up to 5 (optionally Remote) | up to 5 | |||
1E Responses database | 1 (optionally Remote) |
The picture shows a 1E Single-Server System with databases optionally installed locally or on remote SQL Server instance(s). Components colored green are optional in a 1E system.
The Response Stack can be installed on the same server as the Master Stack, and on remote servers.
The DMZ Server has only the 1E client-facing components of the Response Stack: the Background Channel and Switches.
Applications and Tools
1E applications and tools are consumers, and all consumers connect to the 1E Consumer API.
The following consumer applications run on the 1E platform and are installed using 1E Server Setup. Please also refer to the License requirements page.
Applications are categorized as follows:
Configuration - applications required to configure the 1E platform and required by all other applications
Client - applications that communicate with devices in real-time
Inventory – applications that use inventory features.
Applications that are included in the 1E Platform license
Application | Purpose | Type |
|---|---|---|
View and export inventory, and manage associations. It uses the SLA databases. | Inventory, configuration | |
Configure and monitor platform features. It uses the 1E Master database. | Configuration | |
Ensure endpoint compliance to enterprise IT policies. It uses the 1E Master and Responses database. | Client | |
Investigate, remediate issues and manage operations across all your endpoints in real-time. It uses the Content Distribution Master and Responses database. | Client |
Applications that require a license
Application | Purpose | Type |
|---|---|---|
Manage software license compliance, License Demand Calculations, license entitlements, and for reclaiming unused software. It uses the SLA databases. | Inventory | |
Intelligently automate the migration of applications during a Configuration Manager OS deployment. It uses the SLA databases. | Inventory | |
Manage content distribution across your organization using a centralized dashboard. It uses the Content Distribution database. 1E Client requires 1E and Content Distribution features to be enabled on all clients. Content Distribution replaces the Nomad features of ActiveEfficiency Server, which is deprecated. Legacy Nomad clients continue to be supported by direct communication with the Content Distribution API, whereas Nomad 8.x clients communicate with the Content Distribution API via the proxy feature on Response Servers. 1E Server Setup Setup is used to install Content Distribution, and the Nomad app, and no longer installs ActiveEfficiency. Nomad uses Content Distribution for the following features:
| Client | |
Provides an overview of the last mile patching required on your environment. It uses the Master database, and gets its data directly from clients. | Client | |
Measure performance, stability and responsiveness for applications and devices to assess user experience across your enterprise. It uses the Tachyon Master and Tachyon Experience databases. | Client |
The following types of application require 1E Client (with Tachyon features enabled) to be deployed to all in-scope devices.
All Client applications
Inventory applications if you intend using the Tachyon connector to populate your inventory.
The AI Powered Auto-curation feature is optionally used by Inventory applications to provide automatic curation of new products. This avoids having to manually add products to the 1E Catalog, or wait for it be updated. This optional feature requires additional memory on the Tachyon Server (Master Stack). Please refer to AI Powered Auto-curation: Memory requirements for details.
Some benefits of using AI Powered Auto-curation are that you can:
Achieve significantly more normalized software from the first sync
Reduce the manual effort required to normalize software
Get an expanded SAM offering as more data is available for AppClarity
Get additional coverage for Application Migration
Identify more software to review for security threats.
1E Tools
The following are tools included in 1E 9.0 platform. These tools are not installed using 1E Setup. They have either their own installers or are included in download zips.
1E ConfigMgr UI Extensions - installed as part of the 1E Toolkit, this is a right-click extension for the Configuration Manager console that provides the option to browse and run an instruction on devices in a specified Collection, refer to Preparing for the ConfigMgr extensions for 1E Endpoint Troubleshooting for details.
1E Run Instruction command-line tool - installed as part of the 1E Toolkit, it is used for sending instructions to the 1E server from a script or from a command prompt.
1E product pack deployment tool - included in the 1E platform zip ProductPacks folder.
TIMS - used for the development of instructions using the 1E SDK, refer to About TIMS for details.
A typical 1E license allows the use of all these tools.
1E Multi-Stack system
The picture shows a 1E Multi-Stack System. Here the 1E Master Stack communicates with one or more 1E Response Stacks. A local Response Stack is not mandatory. Components colored green are optional in a 1E system.
As with a single-server system, the databases are optionally installed locally or on remote SQL Server instances(s).
1E components
Let's take a look at each of the 1E components in slightly more detail.
Component | Description | ||||
|---|---|---|---|---|---|
IIS Components | The following components are IIS Web Applications that reside on a single-server. Other configurations - such as Response Stack and DMZ Server - have a subset of these. Under the 1E website:
| ||||
Core | The Core is a 1E Response Stack component which provides internal API and data processing. Core does the following:
| ||||
Background Channel | The Background Channel is a 1E Response Stack component which provides a means for the 1E clients to retrieve large data items from 1E without loading the 1E Switch:
| ||||
Switch | The Switch is a 1E Response Stack component which provides the following:
The Switch Host service is responsible for starting local Switches. | ||||
1E Portal UI | 1E users browse to the portal to access 1E applications. Applications that are 1E built-in applications:
Applications that are optional:
| ||||
1E Consumer API | The 1E Consumer API provides the following:
| ||||
1E Coordinator | The Coordinator service is the coordinating service used by 1E components. It has two modules, Workflow and Instrumentation. The Workflow module provides the following:
The Instrumentation module processes instrumentation data from the following components:
And responds to requests for instrumentation data from the Consumer API. Supports the two-factor authentication feature, with email. | ||||
Content Distribution | Content Distribution replaces the related features of ActiveEfficiency Server, which is deprecated. Legacy clients continue to be supported by direct communication with the Content Distribution API, whereas Content Distribution 8.x clients communicate with the Content Distribution API via the proxy feature on Response Servers. 1E Setup is used to install Content Distribution and the Content Distribution app, and no longer installs ActiveEfficiency. Content Distribution includes the following features:
| ||||
1E Catalog UI | The website is used to view and interact with the 1E Catalog. 1E Setup supports the installation of 1E Catalog on the 1E Master Stack server. For customers that want to continue using an existing installation of 1E Catalog 2.0 then 1E Setup supports using a remote Catalog server as a custom setup option. Please contact 1E for details on how to use custom setup options. | ||||
Catalog Update Service | Service is used to connect to the 1E Cloud Catalog in order to download the latest catalog entries. | ||||
Catalog API | Consumer API is used to manage and update the 1E Catalog. | ||||
SLA Admin | Internal API used to manage SLA components. | ||||
SLA Platform UI | The website is used to view and interact with the Inventory. | ||||
SLA Engine | The Engine service is the coordinating service used by SLA components. This includes processing of Management Groups. | ||||
SLA Integrate Services | The SLA Integrate Agent sevice performs Connector functions by connecting to data sources and importing data into repositories. The SLA Integrate Manager service manages Agent operations including repository action schedules. | ||||
SLA Inventory | The inventory repositories. Each instance of a repository is stored in SLA-Data database, and is based on a template defined in the SLA-Data database. | ||||
SLA Operations Provider API | Consumer API and functions used by SLA clients, including Application Migration task sequence steps and AppClarity Software Reclaimer. | ||||
MDX (BI) | Internal API used by Patch Success application. Business Intelligence is an optional component installed by 1E Setup on the Master Stack, and requires SQL Server Analysis Services (SSAS). Business Intelligence is a prerequisite for the Patch Success application to support efficient presentation of visualizations on a large scale. | ||||
Consumer applications | The following Consumer applications are licensed:
The following Consumer applications are included with 1E platform:
Other consumers are 1E Configuration Manager Console extensions and other toolkit features. | ||||
SQL Server (Database Engine and Analysis Services) | 1E has two databases:
Experience Analytics has one database:
1E Catalog has one database:
SLA has three databases:
SLA BI has two databases:
Content Distribution has one database:
| ||||
1E Client | 1E Client includes clients for 1E, Content Distribution, PXE Everywhere Agent, Shopping/WSA, and WakeUp. All the above are supported on Windows devices, client features (excluding Experience Analytics and User Interaction) are also available on non-Windows devices. 1E clients communicate with the 1E Switches and the Background Channel to provide responses to instructions (questions and actions) and subscribe to policy events for Experience Analytics and Endpoint Automation. Content Distribution clients use 1E Switches and the Background Channel as a proxy for communicating with the Content Distribution. |
1E architecture for Internet-facing devices
Enabling 1E to support devices that are external to your company network is done by slightly extending the default single-server architecture.
To enable external 1E client devices to interact with 1E, the DMZ requires at least one Background Channel and at least one Switch.
The Responses Stack handles communications between Master Stack and the platform clients. The Background Channel and Switch components handle the direct communication with the platform clients, the Core processes the information in both directions between the Master Stack and the Switches.
First, you need a working 1E system on the internal network, with a Response Stack that will provide the Core for the DMZ Server. The picture shows a Response Stack and Master Stack on the same server, located on the internal network. This serves clients when they are connected to the internal network.
Then configure the internal firewall to allow two-way communication between each of the following:
The Core on the Internal Response Stack and the Switch(es) in the DMZ
The Coordinator on the internal Response Stack and the Switch(es) in the DMZ
The Consumer API on the internal Master Stack and the Background Channel in the DMZ.
Configure the external firewall to allow incoming connections for:
The external platform clients and the Background Channel in the DMZ
The external platform clients and the Switch(es) in the DMZ.
After you have provisioned a server in the DMZ, you need to make the following changes to the existing 1E system:
Run 1E Setup on the 1E Response Stack to tell it about the DMZ Server, which will do the following:
Prepare the Master database with relevant details of the DMZ Background Channel and Switch(es)
Raise the security level of the Core and Switch communications
Produce a configuration file for the DMZ Server.
Run 1E Setup on the DMZ Server using the pre-prepared configuration file, to complete the installation of DMZ Background Channel and Switch(es).
Detailed steps for the above process can be found on the Implementing a 1E DMZ Server page.
Tip
The DMZ picture shows a dual firewall design, but a single firewall is also supported.
In the picture, components colored green are optional in a 1E system.
