How to Use Distributed App Repositories in IGEL UMS
The experimental feature of Distributed App Repositories can help to distribute apps to locations with no internet connection or low bandwith. You can find more information on the benefits, use cases and best practices in the IGEL Blog post https://www.igel.com/blog/the-power-of-a-distributed-app-repository-enabling-access-for-offline-and-low-bandwidth-environments/ .
The Distributed App Repository is an experimental feature, please handle with caution.
The feature is going to be offered as an enterprise feature with the launch of the new licensing model. For details, see IGEL OS Editions.
By enabling and configuring this feature, binaries of apps will be stored on a self-hosted WebDAV server. Devices can then download the binaries of those apps from the WebDAV server. Please be aware that metadata will still be downloaded from the UMS Integrated App Repository or the IGEL App Repository.
Prerequisites
You have the following UMS permissions :
App management; see General Administrator Rights in IGEL UMS
Write access for UMS Administration > UMS Network > Server; for details on access rights, see Object-Related Access Rights
The devices must run IGEL OS 12.5.0 or higher.
The feature can be enabled by performing the following steps:
Manually update the database by executing the following SQL statement in the SQL Console:
UPDATE config_settings SET cs_value = 'true' WHERE CS_KEY = 'APP_PROXY_BREPOSITORY_ENABLED';
Restart the UMS server.
At least one self-hosted WebDAV server must exist. This server will act as the Distributed App Repository, therefore it needs to fulfill the following requirements:
Enough disk space to store binaries
A user with write permission to update and add new files
A user with read permissions used by the devices to download the app binaries
Digest login enabled
It is recommended to use a secured connection:
The UMS needs a certificate for the Webdav server to be used for file uploads if SSL is used. This certificate is also forwarded to the devices to be used to download the files.
To make the certificate visible, the public key has to be imported into the UMS. Use Import root certificate for this. For details, see Web Certificates in the IGEL UMS .
The certificate must contain Subject Alternative Names (SANs) to be imported into the UMS.
Setup Distributed App Repositories in UMS
After enabling the feature manually, you can perform the following steps to set up one or multiple repositories in UMS Web App:
Navigate to the Apps area.
Open Settings.
If not yet done, enable UMS as update proxy. For more information, see Configuring Global Settings for the Update of IGEL OS Apps.
You can also use the app repository without the UMS as an update proxy. In this case, the repository gets the binaries directly from the IGEL App Portal.
On the same tab, open Manage Binary App Repositories.
By clicking + you can add a new repository with the following parameters:
Name
Name of the repository to add.WebDAV URL
URL of an existing WebDAV server. This URL is used by the UMS to upload binaries. If no Load Balancer URL is given, devices will use it to download the binaries.Load Balancer URL
URL of the load balancer, if the WebDAV server is balanced by one. Devices will use it to download the binaries.Download User
Username that is used to download binaries from the WebDAV server.Download User Password
Password that is used to download binaries from the WebDAV server.Upload User
Username that is used to upload binaries from the WebDAV server.Upload User Password
Password that is used to upload binaries from the WebDAV server.Priority
Priority that this repository will be handled by. See more details on priority explanation below.Certificate path
Optional field to use after experimental phase.
File path to the SSL certificate that is used for the HTTPS connection, if the certificate is not handled by UMS administration.
It is recommended to manage the certificate by UMS administration and import the web certificate through the UMS Console under UMS Administration > Global Configuration > Certificate Management > Web. For more information, see Web Certificates in the IGEL UMS.
App Upload to Repository
Apps are automatically sent to the configured repository within minutes after the app import into UMS.
Apps normally cached by the UMS update proxy are uploaded to the distributed app repositories. If UMS is not set as the update proxy, all apps imported to the UMS Web App are also uploaded to the distributed repositories.
Once an app is cached in the repository, synchronization to the repository is performed at regular intervals. The interval is the same as defined under Apps > Settings > Automatic Updates.
For details on importing apps, see How to Import IGEL OS Apps from the IGEL App Portal.
Assign Priorities to Distributed App Repositories
Be aware that the available repository with the highest priority value will be used by the devices to download binaries. If none is available, download will fall back to the UMS Integrated App Repository or the IGEL App Repository.
It is possible to assign a negative value to a repository. In that case binaries will be synchronized to that server, but devices won't download from them. However, those repositories can be then configured via profiles for some devices with another higher priority.
Example:
Set up a Distributed App Repository named "Local Download" with priority "-1".
Create a profile named "Local Download" for the base system.
Under System > Update add the repository with priority "300".
Assign the profile to the devices that should download from that repository.
Hints for WebDAV servers
Apache HTTP with WebDAV
The password for the WebDAV users should be created with the command ‘htdigest’ to work properly.
Windows Server IIS with Webdav
Make sure the following features are installed:
WebDAV publishing
Digest Authentication
When setting up virtual directories, ensure that:
The WebDAV users must have access
Digest Authentication must be enabled
Directory Browsing must be enabled
As the uploaded files could contain + signs, the IIS WebDAV must be configured to accept them. Add the following to ‘web.config’ of your web site:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<directoryBrowse enabled="true" />
<security>
<requestFiltering allowDoubleEscaping="true" />
</security>
</system.webServer>
</configuration>