Offline and Intermittent Connectivity
Some environments have restricted network access: air-gapped networks, outbound-only connectivity, or intermittent connections. These environments require software updates and license verification to work without direct connections to vendor infrastructure.
Big Picture supports offline and restricted connectivity through vendor-controlled mirrors and local license servers. Regulated customers can mirror Big Picture’s signed metadata and artifacts into their networks while maintaining trust through cryptographic verification.
When This Scenario Applies
Section titled “When This Scenario Applies”This scenario applies when you ship software to:
- Air-gapped environments with no external network access
- Networks with outbound-only connectivity policies
- Environments with intermittent or unreliable connectivity
- Regulated environments that require self-hosted update infrastructure
- Organizations that require complete control over external dependencies
Big Picture’s mirror architecture enables these scenarios while maintaining vendor control over release decisions and license governance.
How Big Picture Addresses This
Section titled “How Big Picture Addresses This”Vendor-Controlled Mirrors
Section titled “Vendor-Controlled Mirrors”Regulated customers can mirror Big Picture’s signed snapshot bundles into their networks. These bundles contain:
- Signed update metadata
- Artifact hashes and verification information
- License server configuration for local deployment
- All information needed for offline operation
Customers mirror bundles into their networks through approved channels (secure file transfer, physical media, or approved network paths). Once mirrored, clients verify vendor signatures and operate entirely from local infrastructure.
Local License Servers
Section titled “Local License Servers”For air-gapped deployments, customers deploy Big Picture’s local license server within their network. The license server:
- Issues license leases using keys provided by the vendor
- Operates independently of cloud infrastructure
- Maintains license state within the customer’s network
- Provides the same lease-based licensing as cloud deployments
Vendors provide license server keys through secure channels, and customers deploy the server within their network boundaries.
Outbound-Only Operation
Section titled “Outbound-Only Operation”Environments with outbound-only connectivity can use Big Picture’s cloud infrastructure while maintaining security boundaries. Clients make outbound requests to Big Picture’s API, and responses are signed and verifiable.
This pattern works when:
- Networks allow outbound HTTPS connections
- Organizations require that no inbound connections are established
- Security policies permit outbound-only vendor communication
Big Picture’s signed responses allow clients to verify authenticity without requiring inbound connections.
Intermittent Connectivity
Section titled “Intermittent Connectivity”Applications in environments with intermittent connectivity can:
- Cache update metadata and license leases locally
- Operate offline using cached information until connectivity is restored
- Synchronize when connectivity is available
- Verify signatures locally without requiring network access
Big Picture’s lease-based licensing uses short-lived tokens that can be cached and verified locally, allowing applications to operate offline until connectivity is restored.
Key Considerations
Section titled “Key Considerations”Mirror Deployment
Section titled “Mirror Deployment”Vendor-controlled mirrors require:
- Secure channels for transferring snapshot bundles to customers
- Customer processes for mirroring bundles into their networks
- Verification that mirrored content matches vendor signatures
- Processes for updating mirrors when new releases are available
Big Picture provides signed bundles that customers can verify, but the mirroring process itself is managed by customers according to their security policies.
Local License Server Deployment
Section titled “Local License Server Deployment”Local license servers require:
- Vendor-provided license server keys distributed through secure channels
- Customer deployment of license server infrastructure
- Network configuration to allow clients to reach the license server
- Processes for updating license server software when needed
Big Picture provides license server software that customers can deploy, but the deployment and operation are managed by customers within their network boundaries.
Synchronization Strategies
Section titled “Synchronization Strategies”For intermittent connectivity:
- Applications cache update metadata and check periodically when online
- License leases are cached locally and refreshed when connectivity is available
- Update downloads can be deferred until connectivity is available
- Applications can queue operations that require network access
Big Picture supports these patterns through its API design, but applications must implement caching and synchronization logic.
Security Boundaries
Section titled “Security Boundaries”Offline and restricted connectivity scenarios require careful attention to security:
- All vendor content must be cryptographically signed and verifiable
- License server keys must be distributed through secure channels
- Mirror processes must verify vendor signatures before deployment
- Local license servers must be secured within customer networks
Big Picture provides cryptographic verification mechanisms, but customers are responsible for securing their infrastructure and following security best practices.
Next Steps
Section titled “Next Steps”- Review Syncing Local License Server for deploying license servers in air-gapped environments
- See Generating Snapshots for creating mirror bundles
- Review Regulated Environment Deployments for comprehensive guidance on regulated environments
- See Common Regulatory Requirements for regulatory considerations