Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The experimental feature of Distributed App Repositories can help to distribute apps to locations with no internet connection or low bandwith. By enabling and configuring this feature, binaries of apps will be stored on a self-hosted WebDAV server. Devices can then download the binaries of those apps from the WebDAV server. Please be aware that metadata will still be downloaded from the UMS Integrated App Repository or the IGEL App Repository. You can find more information on the benefits, use cases and best practices in the IGEL Blog post https://www.igel.com/blog/the-power-of-a-distributed-app-repository-enabling-access-for-offline-and-low-bandwidth-environments/ .

Note

Binary repositories are The Distributed App Repository is an experimental feature, please handle them with caution.

The feature is going to be offered as an enterprise feature with the launch of the new licensing model. For details, see /wiki/spaces/ENLITELICENSESP/pages/197820520.

...

By enabling and configuring this feature, binaries of apps will be stored on a self-hosted WebDAV server. Devices can then download the binaries of those apps from the WebDAV server. Please be aware that metadata will still be downloaded from the UMS Integrated App Repository or the IGEL App Repository.

Prerequisites

The devices must run IGEL OS 12.5.0 or higher.

The feature can be enabled by performing the following steps:

  1. Manually update the database by executing the following SQL statement in the SQL Console:
    UPDATE config_settings SET cs_value = 'true' WHERE CS_KEY = 'APP_PROXY_BREPOSITORY_ENABLED';

  2. Restart the UMS server.

...

  • Enough disk space to store binaries

  • A user with write permission to update and add new files

  • A user with read permissions used by the devices to download the app binaries

  • Digest login enabled

  • It is recommended to use a secured connection:

    • The UMS needs a certificate for the Webdav server to be used for file uploads if SSL is used. This certificate is also forwarded to the devices to be used for download of the files.

    • To make the certificate visible, the public key has to be imported into the UMS. Use Import root certificate for this. For details, see Web Certificates in the IGEL UMS .

    • The certificate must contain Subject Alternative Names (SANs) to be imported into the UMS.

Setup Distributed App Repositories in UMS

After enabling the binary repository feature manually, you can perform the following steps to set up one or multiple repositories in UMS Web App:

...

  1. If not yet done, enable UMS as update proxy. For more information, see Configuring Global Settings for the Update of IGEL OS Apps.

Info

You can also use app repository without UMS as update proxy. In this case the repository gets the binaries directly from the IGEL App Portal.

...

  1. By clicking + you can add a new repository with the following parameters:

    • Name
      Name of the repository to add.

    • WebDAV URL
      URL of an existing WebDAV server. This URL is used by the UMS to upload binaries. If no Load Balancer URL is given, devices will use it to download the binaries.

    • Load Balancer URL
      URL of the load balancer, if the WebDAV server is balanced by one. Devices will use it to download the binaries.

    • Download User
      Username that is used to download binaries from the WebDAV server.

    • Download User Password
      Password that is used to download binaries from the WebDAV server.

    • Upload User
      Username that is used to upload binaries from the WebDAV server.

    • Upload User Password
      Password that is used to upload binaries from the WebDAV server.

    • Priority
      Priority that this repository will be handled by. See more details on priority explanation below.

    • Certificate path
      Optional field to use after experimental phase.
      File path to the SSL certificate that is used for the HTTPS connection, if the certificate is not handled by UMS administration.
      It is recommended to manage the certificate by UMS administration and import the web certificate through the UMS Console under UMS Administration > Global Configuration > Certificate Management > Web. For more information, see Web Certificates in the IGEL UMS.

Info

App Upload to Repository

Apps are automatically sent to the configured repository within minutes after the app import into UMS.

Apps which are normally cached by the UMS update proxy are uploaded to the distributed app repositories. If UMS is not set as the update proxy, all apps imported to the UMS Web App are also uploaded to the distributed repositories.

Once an app is cached in the repository, synchronization to the repository is performed at regular intervals. The interval is the same as defined under Apps > Settings > Automatic Updates.

For details on importing apps, see How to Import IGEL OS Apps from the IGEL App Portal.

Assign Priorities to Distributed App Repositories

...

  1. Set up a Distributed App Repository named "Local Download" with priority "-1".

  2. Create a profile named "Local Download" for the base system.

  3. Under System > Update add the repository with priority "300".

  4. Assign the profile to the devices that should download from that repository.

Hints for WebDAV servers

Apache HTTP with WebDAV

The password for the WebDAV users should be created with the command ‘htdigest’ to work properly.

Windows Server IIS with Webdav

Make sure the following features are installed:

  • WebDAV publishing

  • Digest Authentication

When setting up virtual directories, ensure that:

  • The WebDAV users must have access

  • Digest Authentication must be enabled

  • Directory Browsing must be enabled

As the uploaded files could contain + signs, the IIS WebDAV must be configured to accept them. Add the following to ‘web.config’ of your web site: 

Code Block
<?xml version="1.0" encoding="UTF-8"?> 
<configuration> 
    <system.webServer> 
        <directoryBrowse enabled="true" /> 
        <security>  
            <requestFiltering allowDoubleEscaping="true" />  
        </security>  
    </system.webServer> 
</configuration>