Skip to main content
Skip table of contents

Nextop Central Server

Central Server Architecture

The Nextop Central Server (CS) is the root governing body of the hardware and virtual part of the Nextop infrastructure.

The CA resides within the virtual machines (VMs) of the Nextop infrastructure, and is therefore autonomous and self-managing.

The direct executor of the CA tasks on each server is the Internal Server (IS). The IS also performs the initial initialization of the primary CA VM, as well as the network environment and storage required for the operation of the VM.

The uniqueness of Nextop CA is that it is fully horizontally scalable (scale-out), providing fault tolerance for all its components (including the database, management services, etc.).

In fact, the CA is part of an autonomous kubernetes cluster with a single access point (single Gateway), which in turn is also a fault-tolerant unit, thanks to the automatic system of IP address reassignment of the communication node representing the interests of the single Gateway.

Due to the scale-out architecture of the CA the limitation of the maximum number of active user sessions is limited only by the network bandwidth of the communication node representing the single Gateway.

There are no computational limitations and depend only on the number of CA machines serving the system. The system supports hot-plug VMs of the CA, and therefore is always capable of expansion.

Connection Broker

The connection broker of remote desktop user sessions works in two modes:

  • Direct Connection Broker. This type of broker directly connects the user to the host running the VM, with support for hot reconnection during live migration of the VM. This broker is recommended for private networks if there are enough IP addresses for each Nextop server. An integral advantage of this broker is a significant reduction in the load on a single Gateway so that the number of active sessions begins to depend only on the number of CA VMs.

  • Proxy Connection Broker. This type of broker allows you to proxy connection to remote desktops through a single Gateway. This type of broker is in development and working out the final requirements.

The broker and Gateway are components of the Nextop CA, which synchronizes the communication node certificate authority required for the broker and Gateway. Authorization in Gateway is synchronized with broker authorization of connections to remote desktops, thanks to the CA and does not require re-authorization by the user when connecting to a VM.

Central Server capabilities

CA provides API for client application operation and Nextop integration with third-party applications. Authorization is performed using a single sign-on (SSO) point of entry. At the time of writing, synchronization with third-party LDAP is performed in semi-automatic mode, fully automatic mode is in the final stages of development.

The CA allows the following entities to be managed:

  • Virtualization clusters

    • Virtualization servers

      • Monitoring of RAM, CPU, network environment, local storage consumption

    • Virtual machines

    • Virtual disks (images)

    • Virtual machine balancing policies

    • Network environment of cluster services (VMs, remote management protocol, etc.)

    • Downloading and managing installation images (iso)

    • Creating and managing base images

Cluster Management

  • Virtual network environment

    • DHCP Pool

    • DHCP Relay

    • Distributed Virtual Switch

      • Port Groups (L2, L3 configurations)

      • Managment Ports (L2, L3 configurations)

      • Distributed Uplink

      • Teaming

      • QoS (Individual and Collective)

      • Uplink Aggregation

Network environment management

  • Administrative Service

    • Roles (with dependency map tracking of all privileges)

    • Groups

    • Users

    • Global access list

    • Local entity access lists

Working with user roles

  • External storage systems

    • NFSv3, NFSv4

    • iSCSi

    • Storage monitoring (Bandwidth, Latency, IOPS)

Storage monitoring

Authorization (SSO, LDAP, Two-factor authentication)

Keycloak mechanisms are used to support SSO, LDAP and Two-factor authentication (Google, Microsoft Authenticator) (in High Avaliability (HA) mode within the Kubernetes cluster of the CA).

Additionally, the second stage of authorization using e-mail and OTP is proposed. For this purpose in the global authorization section it is offered to configure the SMTP server of the sender. If the customer wishes, it is possible to integrate third-party services for sending OTP, for example, in SMS messages.

Cloning of virtual machine images (Linked, Full)

Nextop is equipped with the ability to clone virtual machine images in full and linked cloning modes.

Full cloning is used in the functionality of creating child VM images from a pre-posted base image, which in turn was also obtained using full cloning. The most common custom VM creation scenario consists of the following steps:

  1. Downloading an OS (Windows, Linux, MacOS) installation image in .iso format

  2. Creating a VM using the downloaded installation image

  3. Starting the VM, configuring it, installing the necessary software

  4. Creating a base image using the full copy creation mechanism

  5. Create child VMs using a linked or full copy of the base image

A linked copy contains only modified parts of the parent image, which allows you to optimize storage usage.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close