Enterprise Deployment Patterns
Mass Enrollment
For large-scale deployments, create enrollment tokens with multiple uses and distribute via your configuration management tool:
# Generate a batch token
curl -X POST https://admin.avon.example.com/api/v1/enrollment-tokens
-H "Authorization: Bearer $ADMIN_TOKEN"
-H "Content-Type: application/json"
-d '{
"name": "fleet-rollout-q1",
"groups": ["default", "corporate"],
"expires_in": "72h",
"max_uses": 500
}'Ansible playbook:
- name: Install and enroll AVON agent
hosts: workstations
become: true
tasks:
- name: Install AVON agent
apt:
name: avon-agent
state: present
- name: Enroll agent
command: >
avon-agent enroll
--gateway gateway.avon.example.com:4600
--token "{{ avon_enrollment_token }}"
--name "{{ inventory_hostname }}"
args:
creates: /var/lib/avon/agent.pem
- name: Enable and start service
systemd:
name: avon-agent
enabled: true
state: startedTerraform (infrastructure provisioning):
resource "helm_release" "avon" {
name = "avon"
namespace = "avon"
chart = "./deploy/helm/avon"
values = [
file("values-production.yaml"),
file("values-aws.yaml")
]
set {
name = "secrets.existingSecret"
value = "avon-secrets"
}
set {
name = "externalDatabase.host"
value = aws_rds_cluster.avon.endpoint
}
set {
name = "externalRedis.host"
value = aws_elasticache_replication_group.avon.primary_endpoint_address
}
}MDM Integration (macOS/Windows)
Distribute the agent and enrollment token via your MDM solution:
Jamf (macOS): Deploy the .pkg installer and a configuration profile that writes /Library/Application Support/AVON/agent.toml with the gateway address and enrollment token.
Intune (Windows): Deploy the .msi installer as a Win32 app. Use a PowerShell script to run the enrollment command post-install.
SCCM (Windows): Create a deployment package with the MSI and a task sequence that installs and enrolls.
Multi-Region Deployment
For global organizations, deploy AVON in multiple regions with DNS-based routing:
┌─────────────────────────────────────────────────────────────────┐
│ Global DNS │
│ (Latency-based routing) │
└─────────────────────────────────────────────────────────────────┘
│ │
┌───────────▼───────────┐ ┌─────▼─────────────┐
│ Region: US-East │ │ Region: EU-West │
│ │ │ │
│ ┌─────────────────┐ │ │ ┌──────────────┐ │
│ │ Gateway Pool │ │ │ │ Gateway Pool │ │
│ └────────┬────────┘ │ │ └──────┬───────┘ │
│ │ │ │ │ │
│ ┌────────▼────────┐ │ │ ┌──────▼───────┐ │
│ │ Control Plane │ │ │ │Control Plane │ │
│ └────────┬────────┘ │ │ └──────┬───────┘ │
│ │ │ │ │ │
│ ┌────────▼────────┐ │ │ ┌──────▼───────┐ │
│ │ PostgreSQL │◄─┼─┼─┤ PostgreSQL │ │
│ │ (Primary) │ │ │ │ (Replica) │ │
│ └─────────────────┘ │ │ └──────────────┘ │
└───────────────────────┘ └────────────────────┘Configure the agent with fallback gateways:
[gateway]
address = "gateway-us.avon.example.com:4600"
fallback = [
"gateway-eu.avon.example.com:4600",
"gateway-ap.avon.example.com:4600"
]