Cache Engine

To avoid downloading the same file from the Internet over and over (and thus taxing your WAN), you can set up Cache Engines on your LAN to offload this burden.

You will likely set up Blueprints that will download payloads to install software. These payloads may be large.

To avoid downloading the same file from the Internet over and over (and thus taxing your WAN), you can set up Cache Engines on your LAN to offload this burden.

Agents behind the same WAN IP as a Cache Engine will first check the Cache Engine for Blueprint payload files before making a web-based request for the file.

The general flow for a computer asset running a Blueprint is:

  1. The K12 Panel agent will read the Blueprint instructions

  2. If the Blueprint requires a payload, the agent will see if there is a Cache Engine available

  3. If there is a Cache Engine available, the agent will see if the Cache Engine has the Payload file

  4. If the Payload file is available on the Cache Engine, the agent grabs it directly from the Cache Engine and foregoes the trip to the Internet for the file

  5. If the Cache Engine does not have the Payload file, the agent will reach out to the Internet-based Payload URL to get the file from the Internet

Payload files are always validated against the Payload’s Checksum URL. A Payload file that does not pass Checksum (either from the Cache Engine or the Internet) is rejected and is not used.

At this point, only Windows 10 / Server 2012 and above is supported for running the PowerShell script to sync with the Panel but NAS and writable shares can be supported as the actual file storage. The Windows machine will need write rights to the file storage to be able to post the payload files for assets to download. Linux servers and bash script support is on the roadmap.

 

Payload files are always validated against the Payload Checksum, regardless of whether they are obtained from the Internet or a Cache Engine.

Setup Cache Engine

In Panel, click on Add New Cache Engine to bring up this screen.

  • Name for your convivence. Useful for naming server where script is run on or for distinguishing between multiple sites.

  • Enter the public IP where this site’s cache sync PowerShell script will be run from. Syncs coming from an different IP will be rejected to resist spoofing attacks.

  • The cache UNC is the path that assets will use to copy the modifier payload files from if this path is read accessible for them.

  • The Username and Password the agents on the assets will use to access these files. It is recommended to setup a read-only user that can access the cache path. The username is in format of either machinehostname\username or domain\username depending on your environment.

When done, submit and you will need to turn on the Cache Engine by pressing the Turn On button as shown below. The Status will show an Error until an successful sync is established. Also it will error out if there has not been a sync for at least four hours or if a checksum on a modifier payload fails.

Open Panel with your organization selected download the PowerShell script from the Settings - Software Tab page.

Make sure you have the correct organization selected in the upper right if you manage multiple organizations. The script version may vary among organizations and your download links may be redirected to to the incorrect version if you have the incorrect organization selected.

Place the script in an administrative location on the domain controller itself (where common users cannot access or modify).

Obtain your Org ID from your Org Overview tab in Settings in Panel, your Cache Engine ID from your Cache Engine tab in Settings, and the path the server can write to before continuing below.

Open Task Scheduler on that machine and create a task with the following settings:

  • Name “Panel - Cache Engine”

  • Enable checkbox for “Run whether user is logged on or not”

  • Enable checkbox for “Run with highest privileges”

  • Set the Trigger to be Daily with Repeat Task Every 1 hour

  • Enable and change “Stop task if it runs longer than” and value at “1 day” (optional but recommended to kill frozen processes)

  • Program: PowerShell

  • Add arguments: -NoProfile -ExecutionPolicy Bypass -NonInteractive -Command "& ‘filepathtothescripthere' 'Enter ORG GUID here' 'Cache Engine GUID Here' 'Path to Cache Share with Write Rights’“

Pay close attention to the single quotes around ORG GUID, AD SYNC GUID, and the LOCAL PATH TO CACHE SHARE values. And also make sure to include the double quotes right after -Command and at the very end. This is very easy to miss!

  • Edit conditions as needed based on your environment. Defaults usually are ok for common setups.

Otherwise, you can fire up administrative PowerShell (run as admin) on the domain controller then copy this command into notepad, edit the ORG GUID, AD SYNC GUID, and the LOCAL PATH TO CACHE SHARE values then copy and paste into PowerShell to create the task schedule with a single command. EXAMPLE LEFT BLANK FOR NOW.

Run the scheduled task and depending on size of any modifiers payload (if none, only a couple of minutes) then refresh your Panel page and the Cache Engine status will turn green and show a sync timestamp.

If the cache engine does a sync, you will have the option to press the View Sync Report button to pull up a list of modifiers being cached, where and checksums, checksum status and so on.