Communication Between SDC Services
Admin Console
The Admin Console communicates with the server via HTTP using the configured port on the SDC server. All communication is initiated by the client; the server never initiates new connections to the client. The Admin Console does allow proxy configuration as needed to talk to the SDC server. There is no issue having an Admin Console run from another network area behind a firewall, as long as the Admin Console can establish directly or via proxy an HTTP connection back to the server.
Signing Agent
The Signing Agent communicates with the server via HTTP using the IP address and port as configured within the Signing Agent. The Signing Agent can be configured to connect to more than one server. All communication is initiated by the agent; the server never initiates new connections to the agent. The Signing Agent can run from another network segment as long as a direct HTTP connection can be established back to the SDC server.
End Users
Users have two main paths of communication with the server. First, the user accesses the web portal to retrieve packages. Second, the user’s installer and/or Eclipse installation will contact the SDC server for updates. In both cases, proxies can be configured allowing installation and usage from remote network segments behind their own firewall. Additionally, the web portal can be fronted by an Apache reverse proxy configuration allowing HTTPS access via the web. At the time of the 2013 SR1 release, network connections within the installer and Eclipse update feature use the HTTP protocol and port configured on the server.
In the default configuration, when users run online installers or are applying updates within the product, all software is directly downloaded from the SDC server using the configured port. The SDC server does allow configuration of mirrors for the software packs and libraries installed, allowing for download of the actual software to come from regional mirrors, if desired. When mirroring of software is enabled, the check for update service continues to use the SDC server’s main port as part of an efficient and minimal exchange of information.