Announce is the name of the procedure used by NoTouch OS client devices to contact NoTouch Center. Announce tells the management console about existence and runtime state of the client, and can lead to the client getting a new configuration or a firmware update.
The client device connects the NoTouch Center server host by making an HTTP connection to the stored server host name or IP address and port number (by default, the host name is "tcmgr" and the port number is 8080 - even though the system will try to connect via HTTPS/443 and HTTPS/8443 in versions after OS 2.35), identifying itself and transmitting a few runtime information bits. NoTouch Center checks if there is something to do for this client, such as fetching a new configuration or a new firmware image, and sets the reply status accordingly. The client reacts accordingly and, if told to do so, contacts NoTouch Center again with a more specific request. You can configure the actual URL that NoTouch Center will hand out to its clients - please see here: URL Prefix
This protocol has been designed to work with only one-way TCP connection initiation, originating at the client, targeting NoTouch Center; in a world full of firewalls, gateways, network address translations, etc, it is much easier to have clients connect to a server than the other way round. That means, client will contact NTC periodically, NTC will tell them what to do, and this works fine. The frequency of this periodic connect can be adjusted by setting the announce interval parameter in the client's base settings; default is 60 minutes, which is reasonable for a working setup and does not impose too much traffic on your network, even in large installations. On the other hand, this means any parameter change you do in NoTouch Center may need up to one hour until it is transmitted out to the client(s).
From software appliance version 1.0-52 on NoTouch Center can work on the regular HTTPS/443 port. If you use standalone NoTouch Center on Windows, or older clients (before 2.38), please make sure that TCP port 8443 (HTTPS) from endpoint to management server is open.
For the client actions, such as reboot or "announce now", you need UDP port 1500 from management server to clients open (see RCMD for more information). If you do not want this service for security reasons (which we understand) or are unable to have this open for policy reasons (UDP not allowed) or IP address masquerading, don't worry - then you can rely on the clients automatically connecting at regular intervals (the "announce interval" parameter) - see above.
Have clients announce now
If you want to see parameter changes out on the client immediately and it is possible to connect to the clients (speaking of networking and firewalling), you can make the clients announce instantly. The following easy steps assume that you are logged in to NoTouch Center and have a browser window showing NoTouch Center on the monitor in front of you. Have a look at the screenshot for further reference.
- Click on "Manage" in the main menu
- Choose the client or group you want to "announce" in the tree view on the left
- Click on "Tools" in the tab descriptions in the middle of the screen
- Choose "Announce" from the possible tasks to do (should be pre-selected already)
- Click on "Execute"
To prevent thousands of devices doing the announce at the exact same moment, clients will wait a random amount of time (at most half a minute), until the announce will actually be done.
Note: For this function to work, NoTouch Center must be able to send UDP packets on port 1500 to the target host.
Announce status on the client
The client will fetch a new configuration immediately after announce. This may or may not have visible consequences. NoTouch OS shows information about both received client actions (such as "search") and the pull-based announce. It displays date and time of last action, status and external information.
On a machine running NoTouch, open the local configuration, log in, and click on "Information". Scroll down until you see the "NoTouch Center" section like here:
This screenshot shows us that the client connected to https://192.168.2.7:8443/. Unless otherwise specified, the system tries to connect with HTTPS even if a plain HTTP URL is sent. This ensures compatibility for existing customers but also allows for maximum available security without breaking anything. To influence what URL will be sent by NoTouch Center, please see URL Prefix.
The clients don't get the configuration - what could be wrong? First of all:
- Did you check the #Announce status on the client?
- Did you make sure client and NoTouch Center find each other?
- Did you add the client to a group?
- Did you change the Image update mode from "never" to "at announce" or "at reboot" without uploading/activating a proper image? You can not update to the predefined meta-image, and this will inhibit configuration data exchange. Please see here Firmware Update (NTC)
If you are really sure that everything should work, there are actually three things to consider:
- The "announce now" command packets are not getting through from NoTouch Center to the client. Then it is most likely a firewall problem. See above for protocol and port information (inbound TCP 443 as well as 8080 and 8443 for older installations, outbound 1500 UDP). If using the Stratodesk Virtual Appliance, check its Firewall configuration.
- The "announce now" command packets are going through, but the client announces to the wrong URL. This sometimes happens when you do not set the tcmgr hostname and did not search for client devices or after an IP address change. This could also happen if you change the default value for "announce URL" in the NoTouch Center configuration to an incorrect value or use NoTouch Center on a system with multiple IP addresses.
- Announce is ok, the Announce URL on the client is ok, but the client can't get through to the server. Again, you might have a firewall problem. See above for protocol and port information.
Note: As stated above, inability to send "announce now" (UDP port 1500) packets to the client does not make the system unusable. In fact, it is designed to work without that as NoTouch clients will announce anyway
- at reboot, and
- periodically ("management announce interval" parameter)
It is your decision if it is worth making sure "announce now" works in your firewalled environment or not. In any case you must make sure however that the actual announce (clients connecting to TCP 8080/8443 at NoTouch Center) works.