The ResorsIT Agent
The ResorsIT agent is a lightweight Go daemon that runs on managed hosts and maintains a persistent WebSocket connection to the Agent Manager. It handles package installation, remote command execution, web application provisioning, and compliance auditing — all centrally orchestrated from the ResorsIT management server.
The agent initiates the outbound connection, which means it works behind NAT, through firewalls, and across network boundaries without requiring inbound firewall rules on the managed host. When connectivity is interrupted, the agent queues work locally and retries when the connection is restored.
Package Installation and Provisioning
When a package installation or provisioning task is dispatched, the agent evaluates the current state of the target system — installed software, versions, and configurations — then retrieves packages from designated repositories or a private registry managed by ResorsIT. It executes installation, resolves dependencies, applies updates, and logs all results back to the management server.
This applies to OS-level software as well as web application deployments: the agent pulls application code, configures dependencies, sets up network settings, applies security hardening (patches, firewalls, SSL certificates), and manages hardware configuration for computers and network devices.
Remote Operations
Commands dispatched to the agent are signed using ED25519 public key cryptography. Files transferred to or from the agent are verified with SHA256 hashes, carried in those same signed messages. Execution output is streamed to the Agent Manager in real time so administrators can monitor operations as they run. Errors are captured and reported to the central server.
The server controls which tasks the agent will accept and execute. This means a compromised host cannot instruct the agent to do something the server did not authorize — malware cannot hijack the agent’s execution path.
Auditing
The agent collects detailed system state: installed software, running processes, open ports, and user accounts. It compares that state against predefined compliance policies and reports non-compliant systems to the management server with alerts and comprehensive reports. For common issues, it can optionally apply automated remediation — closing unused ports, removing unauthorized software — with the results logged centrally.
Security Design
The agent operates on least privilege principles. There are no persistent credentials stored on the managed host — file transfers use time-limited tokens managed by the Agent Manager. All message and file transfers are protected by public key signatures. Role-based access control on the management server ensures administrators can only dispatch tasks they are authorized to run.
The agent itself is a single compiled Go binary with no runtime dependencies. Deployment is a startup script or configuration management run, and subsequent updates to the agent are handled centrally without logging into each host.