Skip to main content

Technical description

The architecture and processes of the cloud application metering solution are described here.

Description

CloudApplicationMeteringArchitecture_SnowAtlas.jpg

The picture illustrates the cloud application metering architecture and the interactions between the components. The figures in the picture correspond with the steps in the Overall cloud application metering process description. The table below gives a summary description of the tasks executed by each component.

Component

Description

Data Intelligence Service (DIS)

  • Operated by Snow Software. Creates the cloud application definitions and ruleset.

SAM Core on Snow Atlas

  • Provides the user with an interface to view and act on the cloud application metering data.

  • Processes and stores new and updated cloud application definitions and ruleset provided by DIS.

  • Distributes new and updated definitions and ruleset to the agents via Snow Extenders.

  • Collects, processes, and stores the cloud application usage data reported by the agents.

Snow Extender

  • Transfers data between Snow Atlas and the Snow Inventory Agents.

  • Maintains a local cache for the cloud application definitions and ruleset.

Snow Inventory Agent for Windows and macOS

  • Updates the local cloud application ruleset database by retrieving it from the Snow Extender.

  • Enables deployment of the cloud application metering browser extensions, according to the agent configuration (exceptions to this deployment method exist for some browsers).

  • Matches the data produced by the browser extensions with its local ruleset database.

  • Consolidates the cloud application usage data with the other inventory data and sends the results to the Snow Extender.

Cloud application metering browser extension

  • Runs in the context of the browser, records the web pages visited by the user, and stores the data locally together with the user login name and the date stamp.

Overall cloud application metering process

The overall cloud application metering process includes several subprocesses which are referred to in the overall process and described in separate sections.

  1. The Data Intelligence Service (DIS) creates cloud application definitions and ruleset that the Snow Inventory Agent uses to recognize the cloud applications run on the browsers. The definitions and ruleset are continuously developed and updated by DIS.

  2. The cloud application definitions and ruleset are transferred to Snow Atlas.

  3. The Snow Inventory Agent queries the Snow Extender for pending updates. When updated cloud application definitions and ruleset are available, they are downloaded and stored in the agent directory in one or both of the files named webmetering.rules and webmetering.crules. The Snow Extender caches the updated definitions and ruleset to reduce the traffic between the local network and Snow Atlas.

  4. The agent installs the browser extensions according to the agent configuration, see Snow Inventory Agent installs browser extensions.

    Note that the Apple Safari browser extension is not installed by the agent, see Install Apple Safari browser extension.

  5. The browser extensions on the computer gather cloud application metering data which is stored locally on the computer, see Browser extension gathers cloud application metering data.

  6. The Snow Inventory Agent collects the cloud application metering data, see Snow Inventory Agent collects gathered cloud application metering data.

  7. During the regular Snow Inventory Agent scan process, the agent consolidates the cloud application metering data with the other inventory data and sends it as a .snowpack file to Snow Atlas via the Snow Extender.

  8. The cloud application metering data is processed by SAM Core on Snow Atlas.

  9. The data is available to be used in the Cloud section in SAM Core, allowing the user to see cloud application usage and manage relevant licensing aspects.

Snow Inventory Agent installs browser extensions

This is the sub-process of Step 4 of the Overall cloud application metering process.

All cloud application metering browser extensions except Apple Safari can be installed by the agent according to the process below.

The Windows service Snow Inventory Agent carries out the process every three minutes.

For macOS, the snowagent cloud command, which is run by the scheduled task defined in the /Library/LaunchDaemons/com.snowsoftware.Cloudmetering.plist file, carries out the process every five minutes.

  1. The agent checks if at least one of the files webmetering.rules or webmetering.crules is present in the agent installation folder.

  2. If so, the agent requests the browsers for which the setting saas.[browser].enabled in the agent configuration is set to true to download the browser extension from its store and install it. The installation method depends on the browser and platform combination, as listed in the table below.

  3. The agent instructs the browser to run the cloudmeteringhost.exe (Windows) or cloudmeteringhost (macOS) process and to allow communication between the extension and the process.

  4. The agent converts the rules in the webmetering.rules and webmetering.crules files to a local file called cloudmetering.db, for quicker access to the data.

Note that when the Windows agent is stopped, the browser extensions are uninstalled. When the agent is restarted, the above process is carried out and the extensions are reinstalled if the conditions in steps 1 and 2 are fulfilled.

For macOS, if the webmetering.rules and webmetering.crules files are not present in the agent installation folder upon the check in step 1 of the process, any installed browser extensions will be uninstalled.

Table 6. Browser extension installation method

Browser

Platform

Installation method

Google Chrome

Windows

Registry key: HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist

Microsoft Edge

Windows

Registry key: HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist

Mozilla Firefox

Windows

Registry key: HKLM\SOFTWARE\Mozilla\Firefox\Extensions

Google Chrome

macOS

.plist file: /Library/Managed Preferences/<username>/com.google.Chrome.plist

Microsoft Edge

macOS

.plist file: /Library/Managed Preferences/<username>/com.microsoft.Edge.plist

Mozilla Firefox

macOS

policies.json file: /Applications/Firefox.app/Contents/Resources/distribution/policies.json

Note

Mozilla Firefox must be installed in /Applications and must be run at least once before the extension can be installed.

Apple Safari

macOS

The extension is installed independently of the Snow Inventory Agent for macOS, see Install Apple Safari browser extension.



Browser extension gathers cloud application metering data

This is the sub-process of Step 5 of the Overall cloud application metering process.

When the browser extension has been installed on the computer's browser, it carries out the following tasks:

  1. The browser extension captures information on web URLs visited by the user on the browser.

  2. The browser extension sends all visited URLs to the cloudmeteringhost process.

  3. The cloudmeteringhost process saves the URL data, together with user names and time stamps, on the computer in the location shown in Table 7, “Output path, depending on the platform. The information is stored in encrypted form.

    For Apple Safari on macOS, there is no cloudmeteringhost process and the browser extension stores the data directly on the computer in the location shown in Table 7, “Output path.

The stored cloud application metering data is collected by the agent according to Snow Inventory Agent collects gathered cloud application metering data.

Table 7. Output path

Platform

Output path

Windows

%ProgramData%\SnowSoftware\Inventory\Agent\cloudmetering\extension-output

macOS

Google Chrome, Microsoft Edge, Mozilla Firefox:

/Users/Shared/SnowSoftware/Inventory/Agent/cloudmetering/extension-output

Apple Safari:

In each user's home folder: Library/Containers/com.snowsoftware.snow-web-application-metering.WebApplicationMetering/Data/cloudmetering/extension-output



Snow Inventory Agent collects gathered cloud application metering data

This is the sub-process of Step 6 of the Overall cloud application metering process.

The Windows service Snow Inventory Agent carries out the process every three minutes.

For macOS, the snowagent cloud command, which is run by the scheduled task defined in the /Library/LaunchDaemons/com.snowsoftware.Cloudmetering.plist file, carries out the process every five minutes.

  1. The agent checks the content of the folder in Table 7, “Output path for files generated by the browser extensions.

  2. The agent matches the patterns in the files with the webmetering rules in the local cloudmetering.db file.

  3. The agent deletes the files in the folder in Table 7, “Output path immediately after the patterns have been matched.

  4. The agent writes an encrypted JSON file in the agent’s data\web-metering (Windows) or data/web-metering (macOS) folder containing the rule hits.

    Note

    The Windows agent keeps the results in its memory until 50 unique matches have been found. After that, it starts caching matches in the %ProgramFiles%\SnowSoftware\Inventory\Agent\data\web-metering\cache folder.

    A manual agent scan does not flush the memory. To get the same behavior as a scheduled scan, you must stop the agent prior to the scan.

When the agent runs its regular scans, the cloud application metering data is consolidated with the other inventory data into .snowpack files which are sent to the Snow Extender.