The Application Server
The Application Server runs as a Windows® service that coordinates and tracks data flow between Application Server(s), connected clients, and the SQL® database.
The Application Server service runs under any domain account capable of reading domain users, user groups, and computer accounts from the domain controller. The Application Server performs the following functions:
- Retrieves user access and device permission policies from the database which are stored in the Application Server cache.
- Signs and/or encrypts the user access and/or device permission list, compresses the list, and communicates updated user access and/or device permission lists to client servers and computers, where the permission policies are stored locally. Permission policy updates only communicate changes to the existing user access and device permission policies, rather than retransmitting entire policies.
- Saves a log of administrator actions and, optionally, users actions including information about when application or device access is denied.
Each Ivanti Device and Application Control product installation requires at least one Application Server and a corresponding DataFileDirectory (DFD). The DFD can reside on the same computer or a shared network resource, to store log information. All servers can write to a shared DataFileDirectory or to a different directory for each Application Server, depending upon the unique architecture of your network environment.
Up to three Application Servers can be defined during client installation. Additional servers can be assigned by:
- Changing the Server Address default option in the Management Console Tools menu, as outlined in the IDAC help.
- Modifying the Server parameter for the Command & Control Registry Key as described in Managing Registry Keys.
The Application Server sends user access and device permission changes to users when:
- A user logs in.
- An administrator sends updated information to all computers, specific computers, or export changes to a file.
- A user requests updated information from a client computer.
An administrator uses the Management Console to interact with Application Server.