Universal Application Protocol
Universal Application Protocol
Universal Agent components use an application-layer protocol to exchange data messages. The protocol has the following characteristics:
The following information refers to two categories of data transmitted by Universal Agent:
- Control data (or messages) consists of messages generated by Universal Agent components in order to communicate with each other. The user of the product has no access to the control data itself.
- Application data (or messages) consists of data that is transmitted as part of the requested work being executed. For example, standard input and output data of jobs Universal Command executes. The data is created by the job and read or written by Universal Command on behalf of the job.
Low-Overhead
The protocol is lightweight, in order to minimize its use of network bandwidth. The product provides application data compression options, which reduces the amount of network data even further.
There are two possible compression methods:
- ZLIB method offers the highest compression ratios with highest CPU utilization.
- HASP method offers the lowest compression ratios with lowest CPU utilization.
Note
Control data is not compressed. Compression options are available for application data only.
Secure
When used by Universal Agent Managers prior to version 3.x, and when communicating with Universal Agent Servers that force encryption on, the UNVv2 protocol is secure.
All control data exchanged between Universal Agent components are encrypted with a unique session key and contain a MAC. The encryption prevents anyone from analyzing the message data and attempting to circumvent product and customer policies. Each session uses a different encryption key to prevent "play back" types of network attacks, where messages captured from a previous session are replayed in a new session. This applies to both network protocols: SSL/TLS and UNVv2.
In versions prior to Universal Agent, the security features used in the control messages are not optional. They cannot be turned off. The security features are optional for application data sent over the network.
Starting with Universal Agent, the UNVv2 protocol is used only when SSL/TLS is disabled on the control session by specifying the NULL-NULL cipher suite. In this case, the UNVv2 encryption or MACs are not used for control messages.
As of Universal Agent, the SSL/TLS protocol must be used if data privacy and integrity is required for control messages. For this reason, UNVv2 should only be used when the resource utilization of SSL/TLS is considered too high and data privacy is not required. It is Stonebranch's recommendation that SSL/TLS should be used if at all possible to insure data privacy and data integrity.
Backward compatibility is still maintained with Universal Agent (formerly Universal Products) versions prior to 3.x such that encryption and MACs are still utilized for the control session.
Extensible
The message protocol used between the Universal Agent components is extensible. New message fields can be added with each new release without creating product component incompatibilities. This permits different component versions to communication with each other with no problems. This is a very important feature for distributed systems, since it is near impossible to upgrade hundreds of servers simultaneously.
New encryption and compression algorithms can be added in future releases without loosing backward compatibility with older releases. After a network connection is made, connection options are negotiated between the two Universal Agent programs. The options negotiated include which encryption and compression algorithms are used for the session. Only algorithms that both programs implement are chosen in the negotiation process. The negotiation process permits two different program versions to communicate.