The ability to centrally manage and control the infrastructures of remote offices and branches has always been a very important requirement to increase efficiency and reduce costs, in particular for certain sectors (banking and insurance, logistics, GDO,…).

This ability is even more useful (often also a pressing need) in the current situation, which often prevents travel, and invites to minimize interactions and the exchange of personnel between offices, reinforcing the need of being able to manage all operations in a centralized way.

Furthermore, the growing need for centralization and remote management also imposes new technical and scalability constraints, in order to make operations more efficient in terms of planning times and resources used (as bandwidth consumption).

Praim Solutions provides companies with the robust technical tools needed to empower remote workers working from home and remote office locations. Let’s see how recent updates to ThinMan enhanced the ThinMan Gateway capabilities to ease the management in such use cases.

What is the ThinMan Gateway?

The ThinMan Gateway component helps manage remote offices scattered throughout different locations and introduces improvements in managing remote endpoints from one single place. Using the ThinMan Gateway solution, IT administrators have full access to management capabilities and remote assistance for the entire network of Praim client devices through a single Internet connection and without the need for a VPN.

With Gateway, organizations can also orchestrate in each branch tasks such as Wake on LAN and configurations distribution as well as provide remote assistance. The ThinMan centralized management console and ThinMan Gateway communicate over a secure tunnel connection formed between them, while remote clients communicate directly with their assigned Gateway.

Praim provides access to the ThinMan Gateway in three different form factors:

  • Software (can be installed on a Windows machine in the remote office)
  • Virtual Appliance (as a virtual machine activated in the remote office server)
  • Hardware Appliance (zero-config, plug-and-play, to be added on your remote local network branch)

ThinMan architecture
ThinMan architecture using ThinMan Gateway for remote infrastructure management

ThinMan Gateway v. 2.3.0 New Features

With the release of ThinMan v. 8.2.0 and ThinMan Gateway v. 2.3.0, Praim has included great new features that extend the benefits and advantages of using ThinMan Gateway in environments made up of multiple locations with their local network of controlled endpoints.

ThinMan Gateway version 2.3.0 includes the following new features:

  • Control of the maximum transfer speed for the synchronization of replicated packets on local Gateways (bandwith control and allocation)
  • Management of time slots in which to perform packages synchronization
    (package distribution flexibility, optimized for different time zone or to differentiate in batches the overall synchronization)
  • Ability, at choice, to customize the files to synchronize on each selected Gateway
  • Enforced security of the communication between the Gateways and the other pieces of the infrastructure:
    • Management of devices connected to Gateway via WSS protocol
    • Integration of the “Safe” connection mode to ThinMan, through the validation of a certificate installed on ThinMan (with the possibility of using a company certificate).

Empowering IT management with ThinMan Gateway

The new features added in the recent releases of ThinMan Gateway help organizations to have more granular control over how endpoints are managed in the remote branches. It is crucial to understand how these new features help empower IT management of remote devices, even in situations where remote management may be challenging from a bandwidth or security standpoint.

The new capabilities of ThinMan Gateway allow IT admins to:

  1. Increase control and SECURITY of Gateways with the adoption of the WSS (Web Socket Secure) protocol even between the clients and Gateway, further strenghted allowing the use of corporate certificates.
  2. Finely-grained CONTROL and PLANNING of updates and file transfer to local offices. IT admins can decide which FILES to include in local replicas, at what TIMES to transfer them, and at what BANDWITH consumption/transmission speed, dividing loads.
  3. Ability to define DEFAULT policies of these parameters for all Gateways for an easily and fast management, side by side also with the capability of creating CUSTOMIZED policies for the single Gateway (i.e., for perfectly adapt to the requirements of a particular location).

Real-world benefits of new ThinMan Gateway capabilities

Let’s consider some real-worldbenefits of usingThinMan Gateway for the management of remote business-critical environments. Consider an example of a remote site with limited bandwidth availablity for business-critical workload traffic. In this case, the connection links are extremely sensitive to any additional network burden. It includes the traffic generated from the management tasks and the traffic required to copy to each device the updates or other software applications to be installed.

There are also other use cases that ThinMan Gateway covers:

– GENERAL USE OF GATEWAY: to lighten the loads of the ThinMan by being able to have individual clients served by their Gateway, optimizing scalability on very large infrastructures, especially when this also corresponds to a territorial subdivision.
– Possibility to have LOCAL REPOSITORIES/BACKUPS to make the network more robust even in the event of temporary drops in the WAN network towards ThinMan.
– OPTIMIZE the distribution of replicas (packages or firmware to be updated) based only on the type of devices existing in the local offices and syncing/transferring only the things that are really needed.
– OPTIMIZATION and SCALABILITY by distributing the loads of the updating processes. It is possible to define a bandwidth limit in order not to clog the network or blocking operations and at the same time being able to avoid communication boosts (by controlling the band, the synchronization can be a continuous background activity, and not only relegated to burst in some specific moments).
– OPTIMIZATION and SCALABILITY because the transfer can be planned either on the basis of the local times of the offices (ThinMan or Gateway time zones) or to optimally distribute the sendings to each single Gateway while limiting the bandwidth and reducing the possibility of errors during transmission (which would slow it down).

ThinMan Gateway ensures that upload bandwidth consumption at remote sites is minimized for the endpoint upgrades tasks. It is made possible by a synchronization process between ThinMan Gateway and the ThinMan Server. The Gateway can synchronize the package repository from ThinMan Server and store the upgrade packages to each local site repository housed on the Gateway. The usage of the Repository Replica on the Gateways ensures packages are synchronized only once for each the remote site instead of pulling updates across the WAN for each device in the infrastructure. The real upgrade of endpoint is then performed efficiently via the local LAN.

The new capabilities of the ThinMan Gateway allow administrators to have laser focus on bandwidth consideration, including the ability to have granular control over updating and transfer methods. IT admins can control which files are stored in local replicas and at what transfer rates files move to remote sites. With the new architecture, not only does administrative traffic traverse from the ThinMan Console to the ThinMan Gateway in the remote site, all client traffic connects to the local ThinMan Gateway using the web socket secure protocol, which is SSL-encrypted.

The SSL-encrypted traffic ensures there are no additional non-standard ports needed to manage endpoints communication is secured end-to-end. IT admins can define policies for all Gateways at a global level and also define policies for each ThinMan Gateway locally at each location. It provides companies with the tools to manage each location individually and in a granular fashion.

Notice the configuration below, allowing the configuration of maximum bandwidth and time slot for Replica. It helps to ensure business-critical traffic is not impacted by endpoint management operations. Note also the Gateway services, including WOL Relay and Repository Replica.

ThinMan Gateway configuration
Configuring Gateway services parameters

Above, we have placed a maximum bandwidth limit for the replication activity between the ThinMan Gateway and ThinMan Server to synchronize the Replica Repository. Also, the time slot for the replica synchronization can be scheduled when least likely to affect business-critical traffic. This enable IT administration to conceive their optimized and customized plan for the distribution of updates, so that while the overall management optimizes the synchronization and the load distribution among ThinMan and the Gateways each local network (branch) experiments optimized performance in the management of endpoints thanks to the direct connection between them and the Gateway, relieving the load on the ThinMan server.

Final Thoughts

Efficiently managing remote site locations can be a challenge and requires companies have the right tools. Often, bandwidth and other network resources are limited in remote locations.  Praim’s ThinMan Gateway solution allows businesses to control management traffic to endpoints in remote sites efficiently. ThinMan Gateway maintains a local copy of the repository using intelligent synchronization and serves as the “point of contact” for all devices located at the remote location. ThinMan Server uses the Gateway as a pass-through device for configuration, updates, and other special management communication. Moreover, this ramification provides an efficient organization of the infrastructure improving the overall efficiency and robustness. 

The new features in the latest release of ThinMan Gateway help provide even better control of bandwidth consumption, scheduling of traffic patterns, and ensuring business-critical resources are not impacted by other types of management traffic.