Using Selective Deployment (Zones) to distribute applications by Front-End

Using Selective Deployment (Zones) to distribute applications by Front-End

Hi All

Ever since Agile Platform 4.1, a feature called Selective Deployment, allows the distribution of applications by Front-End, by the means of Zones, very useful when having Front-Ends in different networks (like DMZ networks).

Zones are the implementation of the Selective Deployment feature available only in the Enterprise Edition of the Agile Platform. They allow to fine tune eSpace distribution between Front-ends registered on a farm environment. To each Zone is associated one or more Front-Ends, and each espace can be associated to a particular Zone.

By default there is a built-in Zone which encloses all Front-ends, called the Global zone. Every new espace is automatically associated to this default Zone, which includes all existing Front-Ends of the environment, and thus, makes the new espace available in runtime in every Front-End. However, you can add new zones by associating specific Front-ends to it, which will provide isolation of the application deployment in those Front-ends, and set your espace to use them, instead of the default Zone. This will effectively deploy your espace only on the Front-Ends that are associated to the chosen Zone.

So, how to configure Zones and set the espaces to use them, and what are usually the use cases?

All you need is to create the Zone in Service Center, and associate an espace to it, also in Service Center.

To create the Zone, you'll need to access the Administration tab, page Zones, which lists the current available Zones on the Service Center.

Then, press the New Zone link, and type in a Zone name and small description.

While editing the just created Zone, you're presented with the typical Service Center object list management for Front-Ends, much like when managing lists of eSpaces or Extensions in solutions or permissions. Just type in the Front-End names in the input box and select the ones you want to add to this Zone by pressing the Add Front-End Server button.

Finally, you'll then need to change your espace(s) to use this new Zone. For that, just access the espace details, and in the Operation tab, choose the Zone from the Zones list. Upon saving this change, the espace will be automatically undeployed from all Front-Ends that don't belong to the Zone, and deployed to the Front-Ends that are included in the Zone.

You can create any number of Zones, with all combination of Front-Ends in Service Center. This means that you can have different Zones with the same Front-Ends, or have at least a common Front-End in different Zones. All combinations are possible, so you can actually define the correct Zone to your application. Here's another example:
  • You have 3 Front Ends: 2 Internal Front-Ends to be accessed by internal users and 1 Public Server on a DMZ for internet Users
  • Since you have both internal and public applications, the obvious approach is to create 2 Zones: an internal Zone with the Internal Front-Ends, and a DMZ Zone with the public Front-End.
  • Now consider that you also have a specific application for a specific set of users that can be both internal and external users, but the internal users must only access through one of the internal Front-Ends, and the external users through the public Front-End. This will require a third Zone, which includes an internal Front-End and the Public Front-End. No problem there, just create the third Zone as well.
Finally some remarks about the internals of the Agile Platform with this feature:
  • The Service Center, being an espace, by default is configured for the default Global Zone, and it should remain as such. The reason is that the internal monitoring system will use Service Center to check the IIS availability status between Front-Ends. If you're concerned about Service Center's security, the espace has all it's web services and web screens as internal only, and thus it's possible to set the internal network parameters on the Configuration Tool to block indesirable accesses.
  • When an espace is published for the first time, it's deployed on the Global Default Zone
  • When a Zone is changed for an espace, the espace will be deployed on the Front-Ends of that Zone, and it will be undeployed from the Front-Ends that don't belong on that Zone
  • You can only associate one Zone to an espace, but since you can have unlimited number of Zones and any combination of Front-Ends within a Zone, you can easily create a Zone that suits this espace deployment requirements
  • The Selective Deployment (Zones) is a feature only available on the Enterprise Edition of the Agile Platform. So you'll need an Enterprise Edition license to configure Zones in Service Center.
Have fun, and great deployments ...


Miguel João

This is awesome! Thanks for sharing! It answered 999 of the 1000 questions I had on the subject. :-) 

I do have one remaining question though. I currently have three environments in LifeTime (‘Development’, ‘UAT’, ‘Production’). Should I create a fourth one called ‘DMZ’ for mobile applications, or add the new front-end server to the existing ‘Production’ environment? My concern is the database catalogs and connections being accessible to hackers through the public front-end. I was planning to use web services for any data access requirements.