November 2021

Deploying Applications with AppLife Cloud

AppLife provides the ability to easily deploy and maintain many applications on your Windows clients and servers. By installing AppLife Manager on your deployed systems a channel is created with which one or more applications can be deployed and maintained using AppLife packages. This is the first of a series of posts that will discuss and demonstrate the use of AppLife tools to deploy software. This series will include:

  1. Deploying an application with AppLife
    Using mostly default settings, we’ll start from a brand new AppLife subscription and deploy a .NET WPF application through AppLife Manager.
  2. Explore Manager Deployment Options
    After looking at a default deployment in the first post, we’ll demonstrate the different configuration options available with AppLife Manager.
  3. Explore the AppLife Engine
    The deployment package in the first post added two files to the installation directory. In this post, we’ll look at other actions and demonstrate the features of the AppLife Update engine.
  4. Using the Dashboard
    The AppLife Dashboard provides the ability to control which of your deployed systems get applications and updates. It can help in troubleshoot defective packages, can identify which clients are running what version of your applications and more. The final post in the series will look at how the dashboard enhances your AppLife deployment model.

Connecting AppLife Manager to your Subscription

The AppLife Manager application gets installed on all of the systems that will run your software and connects your deployed clients to your AppLife subscription. AppLife Manager is downloaded from AppLife Update home page (www.applifeupdate.com). Once installed, you’ll connect Manager to your subscription through a registration process. To register AppLife Manager, you’ll need your Publisher Code. You’ll also need to define a Client Access Key. The Client Access Key will be a value that identifies an individual client, or perhaps a group of clients.

Your publisher code can be found on the Subscription view of your dashboard and can be replaced with a custom value.

Find your publisher code

Defining a Custom Publisher Code

You can set a custom publisher code for your subscription. One that is more meaningful and easier to remember, such as your domain name. A custom publisher code is set from the Subscription view on your dashboard.

With your publisher code entered, the default settings of your initial application will allow it to be discovered. It’ll be displayed within AppLife Manager. Nothing is actually installed on this deployed client yet, as there are no AppLife packages published for the application.

Deploying an Application

We have an application, called First Look that we want to deploy. We are going to effectively XCopy deploy our First Look application to our client machines through AppLife Manager. To accomplish this, we’ll create and publish an AppLife package that, when executed, will place our application on the deployed client. Once published, AppLife Manager will automatically discover and apply the package.

To create the package, we’ll use the AppLife Builder application. Like AppLife Manager, this can be downloaded from the AppLife Update home page. Once downloaded and installed, log into AppLife using your credentials. Select your subscription application. You’ll be prompted for the basic information about your application.

  1. Application Name
    Set this to your application’s name. In this case, First Look. Note that this will change the name displayed in AppLife Manager.
  2. Executable Name
    Set this to the name of the primary executable of your application. FirstLook.exe.
  3. Local Working Directory
    This is a local value that defines the local directory for your application and will be used for relative paths later. For custom software, this is usually a bin directory or an output directory of your build process.

AppLife Actions

An AppLife Package consists of a series of Actions that will take place when the package is executed on a deployed client. There are many actions available. This first package is going to include only one action. An Add & Replace Files action, which will copy two files to the designated Application Directory. When AppLife Manager discovers and applies this package, these two files will be copied.

By default, AppLife Manager applications will check for new versions every 24 hours. After having published this package, any connected clients will install First Look on their next check. AppLife Manager can also be refreshed manually, which will find the application immediately.

Deployments in the Dashboard

When a client applies an AppLife Package, the results are reported to your dashboard and can be reviewed there.

Summary

Using a new AppLife Subscription, we just built an AppLife Package that deploys our existing application through AppLife Manager. With the exception of setting a custom Publisher Code and changing the application name, we used entirely default settings. In the next post, we’ll explore the configuration options available through AppLife Manager that will let you customize the deployment and maintenance model to better fit different scenarios.

Application Master Passcode

When a deployed application discovers and downloads an AppLife package, the first action taken is a verification of the package using the Public Key value that is already present on the client and the update package signature that comes with the package. Digital signature validation using asynchronous cryptology. If the downloaded update package fails validation, it is never loaded or executed. There are many reasons why a downloaded update package might fail validation, but whatever the reason, a failed validation means that the update package is not identical to the package that was built and published by the author.

Validation ensures that the package that is about to be applied on a deployed client is the exact package that was created and published. The validity of the authentication process performed by AppLife is completely dependent on the sanctity of the project’s private key. This validation process ensures that it is not possible for a third party to create a package that could ever be applied through your software.

So if your AppLife Cloud account was compromised, would your application private keys be at risk? Yes they would, and this could potentially lead to a third party having the ability publish a privileged update package that your deployed clients would apply. Securing your AppLife Cloud account through strong passwords, two-factor authentication, and Publishing IP Address Filtering significantly reduces the probability of a compromised account. Beyond these, another action that can be taken to secure your deployed clients is to implement a Master Passcode on your individual applications.

A master passcode is added to your application locally through AppLife Builder. Navigate to your project settings dialog and open the Security tab. When a master passcode is provided, AppLife Builder uses the code to encrypt the application keypair before transmitting application data to the AppLife Cloud. The master pass code is never transmitted and only stored locally if elected to be.

If a unique passcode is applied to your application, the passcode is never transmitted and an update for the application can never be created without it.

A master passcode provides maximum protection against a compromised AppLife Cloud account, as a final secret that is required but never shared. With this protection comes the reality that a master passcode can never be recovered if forgotten. If a master passcode is forgotten, your deployed clients are forever disconnected from the remote update capabilities provided by AppLife.

For maximum protection from your update process ever being used to compromise your deployed clients, choose and implement a unique strong master passcode.

Publishing IP Address Filtering

Using the AppLife Cloud solution makes it easy to deploy and maintain applications by creating a channel between you the application publisher, and all your deployed client systems. It’s very important to protect that channel and keep it secure. Steps to keep your deployed clients secure started with:

  • Setting a strong password on your account. We require 8 characters, a letter, a number and special character, but going beyond these minimums is recommended. Using a password tool such as Last Pass makes using long strong passwords very manageable.

  • Enabling Two-Factor authentication on your account. In addition to a strong password, requiring something you have in addition to something you know adds a significant level of protection.

The next step to consider taking is enabling Publishing IP Address Filtering on your AppLife subscription. This is a great idea if your application publishing always originates from static IP addresses. Once enabled, your application update packages must originate from an IP address in your defined list.

To enable IP Address Filtering, navigate to your Subscription Properties view within your dashboard. IP Filtering is subscription scoped, and covers all applications in your subscription with one list.

Once on the Subscription Properties view, you’ll find the IP Filtering list towards the bottom. When you click the enable checkbox, your current IP Address is automatically added to the list. You can add as many IP Addresses as you need. Save the list and you have successfully enabled IP Filtering.

Enable Two-Factor Authentication

Securing your AppLife Cloud accounts is vitally important. In version 6, we’ve implemented multiple features designed to keep your accounts safe. One of these features is two-factor authentication.

Two-Factor authentication works by requiring a user to follow up your standard username and password credentials (something you know), with an additional authentication step that requires you to provide something you have. This style of authentication removes the potential of compromised credentials (commonly acquired by simply guessing, sophisticated brute force, or duplicate credentials from a less secure site) alone allowing access to your cloud account. With two-factor enabled, the potential imposter would need more than just your credentials. How much more, is configurable. There are three options available.

  • A one-time passcode emailed to the account email address
  • A passcode generated by an Authenticator app on a mobile device
  • A hardware USB key

Email Option

The simplest option available is to enable the Email method. With this method enabled, whenever you sign on to AppLife Cloud on a new device, an email will be sent to the account email address. This email will contain a one-time pass code. Enter this code when prompted and you’ll be successfully authenticated.

Authenticator App Option

An authenticator app shares a private code during setup, and then generates rolling one-time passcodes that expire. Once setup, you will need the device with the app that you configured in your possession in order to log in and authenticate. The app that AppLife Cloud uses is Google Authenticator. Available for both Apple and Android mobile devices, it is a great option and more secure than Email, as it requires physical possession of your device during AppLife Cloud authentication.

USB Hardware Key Option

USB Hardware keys are the third and most secure option for validation. AppLife Cloud supports YubiKey brand keys. Once set up, the physical key must be present to login. The Series 5 key supports USB, USB-C and NFC. You can use your YubiKey for authentication on AppLife Cloud as well as many of the popular sites around the web, such as Google, Microsoft, Amazon, Apple and Twitter to name a few.

You can set up multiple keys on your AppLife Cloud account.

Pick one of the options and enable two-factor authentication on your AppLife Cloud account today. Doing so adds a significant level of protection for your AppLife enabled deployed applications.

Introducing AppLife Cloud Version 6!

We’re excited to announce the release of the next version of AppLife Cloud. It’s never been easier to publish and maintain deployed Windows software with AppLife! Along with a new look and feel, version 6 strengthens the integration of the cloud dashboard, builder tools and AppLife Manager software. On the backend, we’ve increased performance, reliability and extensibility of the platform, which will lead to a better experience and more frequent feature additions going forward.

Here’s a summary of what’s new…

Dashboard

  • New Identity/Authorization System
    • Two Factor Authorization
      • Email
      • Authenticator App
      • Hardware Key
    • More strict password requirements
    • Email usernames
  • Responsive Layout
  • View Failed Client Execution Logs in Dashboard
  • Persisted Sorting, Paging, Filtering Navigation
  • Performance and Scalability improvements
  • IP Based Publishing Filter

AppLife Builder

Formerly called Make Update, AppLife Builder has been completely integrated with AppLife Cloud. You’ll notice the changes upon launching AppLife Builder, as your prompted to log on. All of your build configuration information is now centrally managed within AppLife Cloud. AppLife Builder makes it easier to build and publish update packages for your cloud applications.

  • Integrates directly with AppLife Dashboard
  • Simplified, per-user installation without licensing
  • Key Pair Encryption using local password
  • Edit published update Access Control configuration
  • New Install .Net 5 Action
  • New Install .Net 4.8 Action

AppLife Manager

We’ve added many features to AppLife Manager that makes it a compelling option over direct AppLife integration. Completely manage the distribution and maintenance of your applications without any source code integration. Your maintenance process can be as automated or manual as you prefer, based on simple dashboard configuration. In version 6, deploying applications with AppLife Manager has never been easier.

  • Organization Information in UI
  • More visual feedback during update process
  • Application Update History dialog
  • Publisher and Application Information dialog
  • Failed Update Execution Log Reporting to Cloud
  • Local Behavior Settings Options
    • Globally for all deployed clients
    • Enable for specific clients
  • Optionally require admin authorization for new applications
  • Custom Publisher Code option


API Changes

There is a new .NET 5 (Core) integration assembly. The .Net 4.x integration assemblies are now built on .NET 4.5 and include new TAP based asynchronous integration. The biggest change is that the AppLife integration API is now deployed through NuGet and integrated directly into your Visual Studio projects. You can find them here…

AppLife.Api

AppLife.Api is for .NET 5 applications and includes the primary AppLife Update controller and visual controls for the .NET 5 Windows Client extension (WinForms and WPF)

Kjs.AppLife.Update.Controller

This NuGet package is for applications targeting .NET 4.5 thru 4.8. It includes the primary AppLife Update controller and visual controls for WinForms.

Kjs.AppLife.Update.Wpf

This NuGet package extends and depends on the Kjs.AppLife.Update.Controller package and includes visual controls for .Net 4.5 thru 4.8 WPF applications.

In the Future…

We plan for frequent feature additions on the new platform. The next release is already in development and will add user management for subscription owners, allowing for adding and removing subscription users and modifying the application privilege’s of subscription users. We’re localizing AppLife Manager to German, Spanish, French, Italian, and Dutch with more languages to follow. Were adding more Update Actions too.

More to come…

Scroll to Top