Desktop Notification Connections

The AppArmor Desktop Notification client app maintains a persistent connection with the AppArmor servers using a series of HTTP based protocols. Once the connection is established, two way communications between the client and server are possible. The client can update the server on its connection status, and the server can push configuration information and notifications.

 

This type of connection is effective because there is no “polling” required. When an alert is sent, the desktop notification device receives and displays the notification almost immediately.

The desktop client app will automatically reconnect if a network connectivity issue occurs.

Firewall Considerations

Since the connection is initiated by the desktop client app, there are no firewall changes required. The outbound connection is established over standard port 443 https traffic.

Transport Fallback

Under ideal circumstances, the client will connect to the server using a persistent websocket connection. If websockets are not available due to client limitations or network restrictions, then the desktop notifications app will fall back to other transports which include server sent events, forever frame, or long polling. Based on our experience, the vast majority of clients will connect using Websockets, a small percentage with connect using Server Sent Events. Forever frame and long polling are almost never used.

Security

All connections are establed over secure https connections to the AppArmor servers. All data is encrypted in transit. Alerts are not stored on the clients, they are only displayed on-screen.