MangoApps enterprise appliance configuration & upgrade

Industry research shows that there is an inverse co-relation between a successful software implementation and time it takes to complete it. The longer an implementation takes, less likely it will ever complete (over 80% of the implementations that take over 6 months never complete). In addition, software that is not easy to upgrade never gets upgraded. So, from the very beginning, we wanted to make sure MangoApps on-premise solution was easy to deploy, upgrade & support and used the tools and best practices we follow as part of our cloud deployments.

MangoApps on-premise solution uses state-of-the art configuration management architecture (built upon the popular Puppet configuration management and automation toolset) to deploy, configure, manager and upgrade MangoApps on-premise solution with very little human involvement. The basic system is divided into two main components: The Configuration Master and the Configuration Agents.

Configuration Master knows about services all the nodes that are under its control, how they should be configured and services they should run. Configuration agents get all their instructions from the Configuration master. Agents periodically (configured at every 10 minutes) contact the configuration master to check for updates and have the capability to retrieve and apply those updates automatically.

Configuration Master

The Configuration Master has centralized control over the Configuration Agent population. The Configuration Master controls:

  • Configuration Agent MangoApps Version Upgrade

  • Configuration Agent MangoApps Service Configuration Changes

  • Configuration Agent Operating System dependencies & security patches

  • System Process Logging

Configuration Agents

Each agent creates a 256-bit SSL tunnel using OpenVPN to the Configuration Master. This connection is used for initial deployment of the operating system and MangoApps Software, configuring the particular details for each customer’s specialized deployment, and pushing MangoApps version updates to agents.

Your deployment will consist of one or more Configuration Agents that will be individually maintained by the Configuration Master. As administrator of your Configuration Agent, you can choose to disable the OpenVPN connection to the Configuration Master after your initial deployment. As new versions of MangoApps become available, you will be notified and can choose to re-establish the connection from your Agent to the Master in order to receive the update. Alternately, you can choose to receive software updates on physical media to be deployed to the Agent under your control.

Users within your organization will seamlessly connect to your running agent to log in, communicate and contribute to your MangoApps community. All proprietary user information and confidential communication data stays protected within your Agent.

Configuration Master / Agent Interaction

To best understand the operations that are automatically occurring between the Configuration Master and your Configuration Agent it’s helpful to see the interaction between the two machines.

Configuration Master/Agent Security and error handling:

The interaction between configuration master and configuration agent is secured at two levels.

  • VPN: Configuration master can only be accessed over a secure VPN connection requiring all nodes to establish a VPN tunnel

  • Node Certificate: Each configuration agent is assigned a secure certificate that it uses to validate itself to the configuration master

  • Error handling is built into each agent. Each agent stores a local copy of the configuration and only applies them when complete instruction set has been retrieved eliminating misconfiguration because of loss of connectivity etc.

  • Web based configuration master dashboard keeps track of master/agent interactions and any anomalies that may have occurred between them.

Some frequently asked questions:

Can we dynamically increase or decrease the number of nodes in the system?

Yes. Mango Configuration management system is capable of easily defining network topology and what each node does within this topology making is easy to scale and manage the system both horizontally and vertically.

Can we control when the VPN link is up and when it is not?

Yes. Although we recommend that you keep the VPN link from the app servers up for easy upgrade and debugging, you can control the VPN between the nodes within your premises and MangoApps configuration master.

Do we have control over when we receive updates?

Yes. Although, we recommend you keep your installation up to date using our auto update feature, you can control when a new release gets deployed to your on-premise or private cloud environment. Please see https://www.mangoapps.com/releases/ for additional details.

Can we install the configuration master within our premises?

Yes. For large deployments (>10,000 user seats) , this is available as an add-on option. Please speak with your account manager.

What kind of system administration resources are needed to manage MangoApps on-premise deployments?

Once you are up and running, a few hours a week should be enough to keep things running smoothly.

Can we use our own load balancer or do we have to use the load balancer that comes with MangoApps stack?

Yes. You can use your existing load balancer. Out-of-the box MangoApps does not come with any load balancer.

Last updated