Extensible & Scalable

The Intigua platform is built upon an open, extensible and scalable architecture designed to support large-scale, distributed data center environments.

Intigua supports a range of heterogeneous environments including physical servers, virtual servers, and VMs in both private and public clouds.  It supports both Linux and Windows end-points running diverse IT infrastructure & operations management technologies such as IBM Tivoli, HP-OM, BMC Patrol, CA Audit, Symantec ESM and NetBackup, Hyperic, Splunk, Puppet and Chef.

Intigua is tightly-integrated with VMware vCenter to obtain important services such as server auto-discovery, authentication and secure real-time communication with virtual endpoints (via the hypervisor channel).  Connections to multiple vCenters simultaneously are supported for larger environments.

Intigua Architecture -- Revised 10-16-13

Intigua Architecture: Intigua provides centralized, policy-based automation for provisioning, configuring and ongoing management of the entire management stack, including configuring both end-points and back-end management servers/consoles.  Intigua also provides a unified portal for continuous, real-time visibility into the operational status of all your management technologies (Splunk, IBM Tivoli, NetBackup, SCOM, etc.).

In non-VMware environments, Intigua leverages alternate information sources for auto-discovery (such as CMDBs or the Amazon EC2 API) and alternate channels for communication with virtual end-points (including HTTP/HTTPS, SSH and CIFS/SMB).

A single Intigua Central Server can manage approximately 5,000 server end-points.  Multiple Central Servers can be deployed to address larger environments, or the need for more redundancy, or to address bandwidth constraints between geographically-distributed locations.

Intigua virtualizes the entire management stack, providing an abstraction layer and policy engine for automating and orchestrating management software in dynamic large-scale environments.

Intigua virtualizes the entire management stack, providing an abstraction layer and policy engine for automating and orchestrating management software in dynamic large-scale environments.

The Intigua platform consists of four key components:

  • The Intigua Central Server & Policy Engine provides all core services and data storage.  The Server is provided as a CentOS virtual appliance and runs as a Tomcat-based application.
  • The Console provides a browser-based UI from which all interactive system operations are performed, along with various administration functions, system configuration, log access, and other tools.  It supports single sign-on integration with LDAP/Active Directory and enforces role-based access controls (RBAC).
  • Virtual Containers are self-contained “sandboxes” for encapsulating system components such as virtual agents (vAgents) and security certificates for server end-points.
  • The Intigua REST API provides programmatic access to all Intigua operations, enabling integration with cloud orchestration platforms such as vCAC and OpenStack; workflow automation solutions such as vCO and HP-OM; and DevOps tools such as Puppet and Chef.

For further details on Intigua system capabilities, please refer to the online documentation.

Central Server & policy engine

The Intigua Server is the central point of control for all system actions including initial management provisioning, policy configuration on both server end-points and back-end management servers, health monitoring, remediation, logging and reporting.  The Server maintains a library of all configuration packages, and handles assignment and removal during deployments, upgrades and de-commissioning.

In situations where the Central Server is unavailable for some reason, all vAgents continue to operate normally with no impact on operation or performance.

The Central Server provides a full complement of services accessible either via the browser-based Console or the REST API:

  • Server End-Point Management: The Intigua Server provides a holistic view of all server end-points that it manages, including their status, deployed vAgents, package configurations, tags and groups to which they belong.
  • Management Provisioning: The Central Server pushes vAgents to server end-points (or groups of end-points), both via the Console and API.  One or more vAgents can be deployed, upgraded, or removed from end-points through individual or bulk operations.  At the same time it also configures associated settings on back-end management servers (such as daily or weekly backup schedules), based on group policies, including settings for agentless management solutions.
    • You can also opt to provision vAgents using your existing scripting tools (e.g., Puppet, Chef, SCCM), and utilize Intigua’s packaging, monitoring, and management features to enhance those deployments.
  • Central Management Portal: Intigua provides a central point of control for administering and monitoring all of your management technologies from a single portal.  Administrators can start and stop agents, inquire about the health status and resource consumption of vAgents, view local agent logs and alerts, and perform all necessary inquiries and actions to support daily operations. vAgent status is available from the web-based GUI, through API calls, or via real-time logging and SNMP alerts.
  • Role-Based Access Control (RBAC): The Intigua administrator specifies which users have read/write access to specific server end-points and/or management products (SCOM, HP-OM, etc.).  Users are able to view but not modify vAgents that are not assigned to them; and they are unable to view or change Servers to which they are not assigned.

    Roles & Permissions: Intigua provides centralized visibility and control for multiple teams along with role-based access control to ensure only designated administrators have access to specific vAgents and server end-points.

    Roles & Permissions: Intigua provides centralized visibility and control for multiple teams along with role-based access control to ensure only designated administrators have access to specific management products and/or server groups.

  • SNMP & Logging Services: The Intigua Server tracks all system activity via a centralized logging scheme. It supports Syslog integration enabling the transmission of Intigua logs to corporate log repositories. SNMP integration allows log messages to be raised as SNMP alerts and trapped by standard enterprise monitoring consoles.

Virtual Containers

Intigua is unique in leveraging virtual containers to deploy management agents and other system software, such as security certificates, to server end-points.  Virtual containers protect critical servers by encapsulating agents in a self-contained sandbox that is isolated and decoupled from the underlying guest OS, and by eliminating the need for invasive physical installations of agents that spread many files and other changes (e.g., registry, directories, etc.) throughout the system.

Instead, new or upgraded agents are simply deployed to all target machine via a simple file copy process.  Rollbacks of faulty deployments are also streamlined by simply deleting virtual containers and assigning new ones.

Protected Sandbox for Agents & Other System Components: Virtual Agents and other system software are encapsulated in a self-contained execution environment that's deployed as a single virtual container file.   Virtual Containers minimize risk by containing all installation-related changes within a protected sandbox, decoupled from the underlying guest OS, and save time by eliminating the need for installation-related reboots.  vAgents are not physically installed in the traditional sense but provide all of the same functionality as their physical counterparts, including performing all normal end-point functions and communicating with their native management consoles.

Protected Sandbox: Virtual Agents and other system software are encapsulated in virtual containers, which are self-contained execution environments deployed as a single “sandbox” file. Virtual containers eliminate the risk of unwanted system changes caused by physical agent installs (registry, directories, etc.), streamlining deployments and upgrades. vAgents are not physically installed in the traditional sense but provide all of the same functionality as their physical counterparts, including performing all normal end-point functions and communicating with their native management consoles.

This copy operation can be performed either by the Intigua Server or via existing scripting or CM tools (BladeLogic, HP-SA, SCCM, Chef, Puppet, etc.).

Each virtual container is a protective “sandbox” that includes the native agent executable along with a set of virtual OS services to manage, monitor, and control that software at runtime.  The vAgent itself is managed as a single consistent “.vai” (virtual agent image) file containing all executables, configuration files, scripts, registry settings, and other assets required for operation.

Further, because they are contained within the Intigua sandbox, vAgents are also instrumented which allows Intigua to gain insight into their use of operating services (either via the hypervisor or via the physical OS).  As a result, vAgents are easily throttled when necessary, based on policies, while misbehaving agents are prevented from causing system instability.

In addition, all agent log files are captured locally in the virtual container, enabling administrators to directly examine them via the Intigua central console and REST API without requiring root-level access to the machine — significantly speeding up troubleshooting operations.

Virtual agents communicate with the Intigua Central Server via the Intigua Connector utility, which operates as a broker between the Central Server and all vAgents on a given end-point.  On VMware virtual machines, the Connector is deployed within VMware Tools (for non-VMware end-points, it is deployed as a local program).  The Connector is able to self-upgrade when needed, and can also remove itself from end-points upon request.

Services provided by the Virtual Container include:

  • Virtual Filesystem: Ensures that all filesystem operations requested by the vAgent are redirected from their their typical targets to the vAgent’s virtual filesystem, encapsulated within the .vai file.
  • Virtual Service Manager: Controls all running processes within the vAgent sandbox, and performs all necessary operations to deliver operating system-level services without the native services manager provided by the native OS.
  • Virtual Registry:  Ensures that all requests to read/write data in the Windows registry are instead properly fulfilled by the vAgent’s virtual registry (located in the virtual container).
  • Virtual Library Manager: Provides all runtime loading services for Windows DLLs and Linux shared objects used by vAgents.
  • Virtual Communications Service: Manages all inter-process communication between the vAgent and other running programs.

Encapsulation also enables several new management capabilities including:

  • Resource Throttling: Utilization of machine resources (e.g., CPU, memory) by each virtual container is constrained according to thresholds set via user-defined policies.  Each vAgent is aware of its consumption of underlying machine resources, and knows its configured limits for that consumption.  The vAgent is instrumented such that calls made to the operating system are inspected, redirected when needed, or limited as necessary to remain within specified resource limits.
  • Health Monitoring & Remediation: Intigua provides a continuous real-time view into the runtime health of management software, with the ability to automatically restart processes when issues are identified.  The vAgent is continuously assessing its status, ensuring that all required processes are running, connectivity is in place, and that dependent processes are responding correctly.  Specific health checks are also available including certificate status, ongoing log activity, and other indicators of vAgent health.  When issues are detected, vAgents will be auto-restarted according to user-defined policy, with all remediation steps logged centrally.