AppLife

Deploying Applications with AppLife Cloud

AppLife provides the ability to easily deploy and maintain many applications on your Windows clients and servers. By installing AppLife Manager on your deployed systems a channel is created with which one or more applications can be deployed and maintained using AppLife packages. This is the first of a series of posts that will discuss and demonstrate the use of AppLife tools to deploy software. This series will include:

  1. Deploying an application with AppLife
    Using mostly default settings, we’ll start from a brand new AppLife subscription and deploy a .NET WPF application through AppLife Manager.
  2. Explore Manager Deployment Options
    After looking at a default deployment in the first post, we’ll demonstrate the different configuration options available with AppLife Manager.
  3. Explore the AppLife Engine
    The deployment package in the first post added two files to the installation directory. In this post, we’ll look at other actions and demonstrate the features of the AppLife Update engine.
  4. Using the Dashboard
    The AppLife Dashboard provides the ability to control which of your deployed systems get applications and updates. It can help in troubleshoot defective packages, can identify which clients are running what version of your applications and more. The final post in the series will look at how the dashboard enhances your AppLife deployment model.

Connecting AppLife Manager to your Subscription

The AppLife Manager application gets installed on all of the systems that will run your software and connects your deployed clients to your AppLife subscription. AppLife Manager is downloaded from AppLife Update home page (www.applifeupdate.com). Once installed, you’ll connect Manager to your subscription through a registration process. To register AppLife Manager, you’ll need your Publisher Code. You’ll also need to define a Client Access Key. The Client Access Key will be a value that identifies an individual client, or perhaps a group of clients.

Your publisher code can be found on the Subscription view of your dashboard and can be replaced with a custom value.

Find your publisher code

Defining a Custom Publisher Code

You can set a custom publisher code for your subscription. One that is more meaningful and easier to remember, such as your domain name. A custom publisher code is set from the Subscription view on your dashboard.

With your publisher code entered, the default settings of your initial application will allow it to be discovered. It’ll be displayed within AppLife Manager. Nothing is actually installed on this deployed client yet, as there are no AppLife packages published for the application.

Deploying an Application

We have an application, called First Look that we want to deploy. We are going to effectively XCopy deploy our First Look application to our client machines through AppLife Manager. To accomplish this, we’ll create and publish an AppLife package that, when executed, will place our application on the deployed client. Once published, AppLife Manager will automatically discover and apply the package.

To create the package, we’ll use the AppLife Builder application. Like AppLife Manager, this can be downloaded from the AppLife Update home page. Once downloaded and installed, log into AppLife using your credentials. Select your subscription application. You’ll be prompted for the basic information about your application.

  1. Application Name
    Set this to your application’s name. In this case, First Look. Note that this will change the name displayed in AppLife Manager.
  2. Executable Name
    Set this to the name of the primary executable of your application. FirstLook.exe.
  3. Local Working Directory
    This is a local value that defines the local directory for your application and will be used for relative paths later. For custom software, this is usually a bin directory or an output directory of your build process.

AppLife Actions

An AppLife Package consists of a series of Actions that will take place when the package is executed on a deployed client. There are many actions available. This first package is going to include only one action. An Add & Replace Files action, which will copy two files to the designated Application Directory. When AppLife Manager discovers and applies this package, these two files will be copied.

By default, AppLife Manager applications will check for new versions every 24 hours. After having published this package, any connected clients will install First Look on their next check. AppLife Manager can also be refreshed manually, which will find the application immediately.

Deployments in the Dashboard

When a client applies an AppLife Package, the results are reported to your dashboard and can be reviewed there.

Summary

Using a new AppLife Subscription, we just built an AppLife Package that deploys our existing application through AppLife Manager. With the exception of setting a custom Publisher Code and changing the application name, we used entirely default settings. In the next post, we’ll explore the configuration options available through AppLife Manager that will let you customize the deployment and maintenance model to better fit different scenarios.

Application Master Passcode

When a deployed application discovers and downloads an AppLife package, the first action taken is a verification of the package using the Public Key value that is already present on the client and the update package signature that comes with the package. Digital signature validation using asynchronous cryptology. If the downloaded update package fails validation, it is never loaded or executed. There are many reasons why a downloaded update package might fail validation, but whatever the reason, a failed validation means that the update package is not identical to the package that was built and published by the author.

Validation ensures that the package that is about to be applied on a deployed client is the exact package that was created and published. The validity of the authentication process performed by AppLife is completely dependent on the sanctity of the project’s private key. This validation process ensures that it is not possible for a third party to create a package that could ever be applied through your software.

So if your AppLife Cloud account was compromised, would your application private keys be at risk? Yes they would, and this could potentially lead to a third party having the ability publish a privileged update package that your deployed clients would apply. Securing your AppLife Cloud account through strong passwords, two-factor authentication, and Publishing IP Address Filtering significantly reduces the probability of a compromised account. Beyond these, another action that can be taken to secure your deployed clients is to implement a Master Passcode on your individual applications.

A master passcode is added to your application locally through AppLife Builder. Navigate to your project settings dialog and open the Security tab. When a master passcode is provided, AppLife Builder uses the code to encrypt the application keypair before transmitting application data to the AppLife Cloud. The master pass code is never transmitted and only stored locally if elected to be.

If a unique passcode is applied to your application, the passcode is never transmitted and an update for the application can never be created without it.

A master passcode provides maximum protection against a compromised AppLife Cloud account, as a final secret that is required but never shared. With this protection comes the reality that a master passcode can never be recovered if forgotten. If a master passcode is forgotten, your deployed clients are forever disconnected from the remote update capabilities provided by AppLife.

For maximum protection from your update process ever being used to compromise your deployed clients, choose and implement a unique strong master passcode.

Enable Two-Factor Authentication

Securing your AppLife Cloud accounts is vitally important. In version 6, we’ve implemented multiple features designed to keep your accounts safe. One of these features is two-factor authentication.

Two-Factor authentication works by requiring a user to follow up your standard username and password credentials (something you know), with an additional authentication step that requires you to provide something you have. This style of authentication removes the potential of compromised credentials (commonly acquired by simply guessing, sophisticated brute force, or duplicate credentials from a less secure site) alone allowing access to your cloud account. With two-factor enabled, the potential imposter would need more than just your credentials. How much more, is configurable. There are three options available.

  • A one-time passcode emailed to the account email address
  • A passcode generated by an Authenticator app on a mobile device
  • A hardware USB key

Email Option

The simplest option available is to enable the Email method. With this method enabled, whenever you sign on to AppLife Cloud on a new device, an email will be sent to the account email address. This email will contain a one-time pass code. Enter this code when prompted and you’ll be successfully authenticated.

Authenticator App Option

An authenticator app shares a private code during setup, and then generates rolling one-time passcodes that expire. Once setup, you will need the device with the app that you configured in your possession in order to log in and authenticate. The app that AppLife Cloud uses is Google Authenticator. Available for both Apple and Android mobile devices, it is a great option and more secure than Email, as it requires physical possession of your device during AppLife Cloud authentication.

USB Hardware Key Option

USB Hardware keys are the third and most secure option for validation. AppLife Cloud supports YubiKey brand keys. Once set up, the physical key must be present to login. The Series 5 key supports USB, USB-C and NFC. You can use your YubiKey for authentication on AppLife Cloud as well as many of the popular sites around the web, such as Google, Microsoft, Amazon, Apple and Twitter to name a few.

You can set up multiple keys on your AppLife Cloud account.

Pick one of the options and enable two-factor authentication on your AppLife Cloud account today. Doing so adds a significant level of protection for your AppLife enabled deployed applications.