Home → Questions →

Deploying to Agents on machines behind a VPN?

• Edit

sebastian

26 Nov, 2014 06:20 AM

Hi guys,

I'm very interested in moving our CI server over to use AppVeyor instead, it looks to be excellent value. My only concern is that several of our client projects require use to deploy to intranet machines that are only accessible via VPN. Cisco VPN Client and Dell SonicWall NetExtender are the two we need to use. Our current CI server has these VPN clients installed and we control them in our deployment cycle via PowerShell.

Does AppVeyor offer any kind of solution for this scenario?

Cheers,
Seb

1. Support Staff 1 Posted by Feodor Fitsner on 26 Nov, 2014 08:12 AM

   

   Hi Sebastian,

   Absolutely, AppVeyor Agent works in "listening" mode and require only outbound internet connection to https://ci.appveyor.com. You don't have to configure any inbound ports on your firewall or setup VPN in order to use AppVeyor Deployment Agent.

   • Edit

2. 2 Posted by sebastian on 26 Nov, 2014 05:07 PM

   

   So do I understand correctly that the Agent polls ci.appveyor.com? Out of curiosity, how often does the agent poll the server? Is there anywhere I can go to get more technical details on how the Agent works?

   • Edit

3. Support Staff 3 Posted by Feodor Fitsner on 26 Nov, 2014 06:27 PM

   

   Well, it's not polling, but Web Sockets, SignalR more specifically. It's constantly connected to the cloud.

   • Edit

4. 4 Posted by sebastian on 26 Nov, 2014 07:44 PM

   

   Oh wow, fancy. Okay, cool - thanks :)

   • Edit

5. 5 Posted by sebastian on 11 Dec, 2014 08:09 PM

   

   Hi Feodor,

   Sorry to open a closed topic again, but I just thought of a different scenario that normally requires a VPN connection for deployment. In the case that a project isn't publicly exposed over the internet, i.e. an intranet only available through a VPN, the HTTP port is closed to web... is there any solution for this scenario?

   • Edit

6. Support Staff 6 Posted by Feodor Fitsner on 11 Dec, 2014 08:24 PM

   

   Does that intranet environment have outbound connection to the internet?

   • Edit

7. 7 Posted by sebastian on 11 Dec, 2014 09:16 PM

   

   No its completely internal I'm afraid. It's actually fairly common for us
   in some corporate projects.

   • Edit

8. Support Staff 8 Posted by Feodor Fitsner on 11 Dec, 2014 09:39 PM

   

   Then I guess you should run VPN client on build worker to access your network and this VPN client must be scriptable.

   • Edit

9. 9 Posted by sebastian on 12 Dec, 2014 02:20 AM

   

   Is this something I'd have to script an install for in every build then,
   since build workers are transient?
   Or is these are any way I can save a build worker image with the clients
   pre-installed?

   • Edit

10. 10 Posted by sebastian on 12 Dec, 2014 02:24 AM

    

    Hi, would you be able to remove my signature from my previous comment?

    • Edit

11. Support Staff 11 Posted by Feodor Fitsner on 12 Dec, 2014 02:32 AM

    

    It depends on few factors:

    1. If it's easier to script and adds few minutes overhead to the build then I think it's OK to be part of every build.

    2. If it's hard to script or takes long to install, but the software is pretty standard we could install it to build worker image.

    • Edit

12. 12 Posted by sebastian on 13 May, 2015 08:30 PM

    

    Hi Feodor,

    Jumping back onto this issue, I've been playing with getting Cisco VPN Client working on these workers. So far, I've developed a chocolatey package that installs the client from MSI, which seems to work ok - but it takes a while to install.

    In the interest of keeping builds speedy, what are the odds that the 64-bit Cisco VPN Client v5.0.07.0440 (which is the only version I know of that works with Server 2012) could be installed on the build images?

    I believe there are some licensing arrangements around this VPN client. Not sure how AppVeyor handles that? Could it be an 'if you use it, you declare to have licensed it' kind of arrangement?

    • Edit

13. Support Staff 13 Posted by Feodor Fitsner on 14 May, 2015 01:13 AM

    

    Well, if you are installing with Agent it's actually executed from AppVeyor Azure workers (not build workers) which you don't have access to.

    • Edit

14. 14 Posted by sebastian on 17 May, 2015 02:57 PM

    

    Hi, actually I'm talking about installing the Cisco VPN client on the build worker itself, so that it can deploy to a host behind VPN... It's IIS6 so the Appveyor agent isn't compatible and we have to use msdeploy etc..

    • Edit

15. Support Staff 15 Posted by Feodor Fitsner on 18 May, 2015 05:11 PM

    

    Seems like these clients are really specific for your own application. Check if they can be deployed with XCOPY - that could be much faster.

    • Edit

16. 16 Posted by sebastian on 30 May, 2015 12:40 PM

    

    Hi Feodor,

    Sorry for the late reply with this, am back on the case again.

    If your brain's still in the headspace, can you elaborate on what you had in mind using XCOPY? I don't quite follow you...

    • Edit

17. Support Staff 17 Posted by Feodor Fitsner on 31 May, 2015 09:40 PM

    

    Yeah, I mean if the client could be deployed by simply unzipping its files during the build, without running MSI or EXE.

    • Edit

18. 18 Posted by sebastian on 01 Jun, 2015 05:55 AM

    

    Ah, yeah I don't think that's possible because the installer has to set up
    a new network adapter etc.

    • Edit

19. 19 Posted by sebastian on 01 Jun, 2015 05:57 AM

    

    Time heals all wounds, apparently... The server's being upgraded so this
    won't be a requirement in a few weeks time! Thanks for your attention on
    this matter :) It was a good exercise in playing with chocolatey packages
    at least!

    • Edit

20. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 01:56 AM.