The Architecture topic is applicable for a TrueSight Automation Console (on-premises) installation only.
BMC Helix Automation Console (SaaS) is available as a service only. For details about subscribing to this service, see BMC Helix subscriber information.
TrueSight Automation Console (on-premises) uses a microservices-based architecture and comprises an application server and a database. These components are deployed as a set of Docker containers.
The following figure shows the components, their interaction, and the product architecture:
Automation Console uses TrueSight Server Automation as an endpoint manager. Currently, only one-to-one mapping with the endpoint manager is supported, which means a single instance of Automation Console works with a single TrueSight Server Automation instance.
To authenticate with Server Automation, you must use one of these authentication methods:
- Secure Remote Password
- Domain Authentication
- RSA Secure ID
- Lightweight Directory Access Protocol
Application server comprises the following microservices and components:
Nginx acts as an API gateway and reverse proxy for communication amongst the services and between the graphical user interface and the microservices.
Provides APIs for authenticating with the endpoint manager. Provides login, logout, authentication, and session management APIs.
Also provides connector APIs required for configuring and managing connectors supported by Automation Console.
This service also supports administrative actions such as configuring Service Level Agreements, adding security groups, and adding a service account.
|UI service||Provides UI pages to the user.|
|Asset (Resource) service|
Obtains a list of servers or assets in Server Automation, which is retrieved during the Data Refresh cycle. It keeps an inventory of all enrolled and decommissioned assets. This microservice is used to generate data on the Assets page.
|Asset state service|
Stores information about the state of all patches, missing or already installed, and vulnerabilities identified on all assets.
This service displays data on the Risks > Missing Patches and Risks> Vulnerabilities pages and on the Patch Dashboard and Vulnerability Dashboard.
Imports catalogs from Server Automation and schedules their update.
Acts as a communicator between Policy service and TrueSight Orchestration connector to create change requests and send and receive change request data such as change templates, change request ID, change approval information, change status, and so on.
|Policy and Operation service|
Creates policies and operations in the Automation Console. While using policies and operations, patching jobs get created in Server Automation. This microservice supports actions that identify and remediate missing patches and vulnerabilities.
|Data Refresh service|
Retrieves information about all Windows and Red Hat Linux assets from Server Automation and sends it to the asset service.
|Redis service||Used for in-memory session cache. It is also used as a database-cache for the Work Manager.|
Provides capabilities to push or pull a set of requests and responses used by the Automation Console to send requests to the endpoint manager.
TrueSight Server Automation connector
Acts as an adapter to communicate with the Server Automation instance. It fetches requests from the Work Manager and forwards it to the Automation Console instance. Response from Automation Console is sent back to the Work Manager.
TrueSight Orchestration connector
Acts as an adapter to communicate with TrueSight Orchestration, which integrates with BMC Remedy IT Service Management for change automation.
|BMC Discovery connector|
Acts as an adapter to communicate with BMC Discovery to send discovered assets in your environment to Automation Console.
The Automation Console currently supports PostgreSQL server as a database. You can install the database as part of the product installation or use an existing installation of the PostgreSQL database (supported only on Linux).