Communication Between Trusted Agent and the Trusted Agent Hub

Unlike connections to private resources, the connection between a Trusted Agent and a Trusted Agent Hub is established when the Trusted Agent is started and is maintained until the Trusted Agent is stopped, the Trusted Agent Hub is no longer available, or there is a loss of network connectivity between the two.

In either of the latter two cases, the Trusted Agent will continue to try to reconnect to the Trusted Agent Hub until the Trusted Agent is stopped.

This long-lived and resilient connection is established to ensure a Trusted Agent Hub can send requests to the Trusted Agent as needed. Since the Trusted Agent resides inside a private network that is different than the network of the Trusted Agent Hub, a Trusted Agent Hub would not be able to initiate an inbound connection request to a Trusted Agent without opening the private network in a way that is typically undesirable.

As a result, a Trusted Agent establishes an outbound connection from within the private network to the Trusted Agent Hub using web-standard and firewall friendly protocols. The outbound connection request is made to either port 443 or port 80 of the CSM Browser Client, which hosts the Trusted Agent Hub. The port number is dependent on the protocol specified for the Trusted Agent Hub URL when the Trusted Agent Service is configured in Cherwell Server Manager.

Production environments should always use HTTPS (TLS/SSL) for the connection between the Trusted Agent and the Trusted Agent Hub to protect sensitive authentication information and business object data.

Trusted Agent uses a technology called SignalR to establish a persistent, bi-directional connection with a Trusted Agent Hub. SignalR is an open source technology from Microsoft which facilitates use of several transports for real-time messaging between a client (Trusted Agent) and a server (Trusted Agent Hub). A SignalR connection starts as HTTP(S) and then may be promoted to a WebSocket connection if it is available. Otherwise, other another transport is used.

The following summary describes the transports SignalR may use to establish bi-directional communication between a Trusted Agent and a Trusted Agent Hub:

  • WebSocket: an HTML5 protocol for an efficient and persistent two-way connection between client and server
  • Server Sent Events, also known as EventSource: an HTML5 standard describing how servers can initiate data transmissions to clients after a client connection has been established
  • Forever Frame: a technique in which a hidden IFrame makes a request to an endpoint on the server that does not complete. The server then continually sends script to the client which is immediately executed, providing a one-way real-time connection from server to client
  • Ajax long polling: a technique in which the client polls the server with a request that stays open until the server responds, at which point the connection closes and a new connection is requested immediately

More information about SignalR is available from Microsoft at the following site:

Introduction to SignalR