Architecture
TrueSight Automation Console uses a microservices-based architecture and comprises an application server and a database. These components are deployed as a set of Docker containers.
The following figure shows the components, their interaction, and the product architecture:
Endpoint managers
Automation Console uses TrueSight Server Automation and TrueSight Network Automation as endpoint managers. Currently, only one-to-one mapping with the endpoint manager is supported, which means a single instance of Automation Console works with a single TrueSight Server Automation instance.
To authenticate with Server Automation, you must use one of these authentication methods:
- Secure Remote Password
- Domain Authentication
- RSA Secure ID
- Lightweight Directory Access Protocol
In addition, for the TrueSight Server Automation endpoint manager, Automation Console supports BMC Remedy Single Sign-On and PKI as authentication mechanisms.
Application Server
Application server comprises the following microservices and components:
Component | Description |
---|---|
API gateway | Nginx acts as an API gateway and reverse proxy for communication among the services and between the graphical user interface and the microservices. |
Login service | Provides APIs for authenticating with the endpoint manager. Provides login, logout, authentication, and session management APIs. Also provides connector APIs required for configuring and managing connectors supported by Automation Console. This service also supports administrative actions such as configuring Service Level Agreements, adding security groups, and adding a service account. |
UI (Patch manager portal and Platform portal) service | Provides UI pages to the user. |
Asset (Resource) service | Obtains a list of servers or assets in Server Automation, which is retrieved during the Data Refresh cycle. It keeps an inventory of all enrolled and decommissioned assets. This microservice is used to generate data on the Assets page. |
Asset state (Patch manager core) service | Stores information about the state of all patches, missing or already installed, and vulnerabilities identified on all assets. This service displays data on the Risks > Missing Patches and Risks> Vulnerabilities pages and on the Patch Dashboard and Vulnerability Dashboard. |
Catalog service | Imports catalogs from Server Automation and schedules their update. |
ITIL service | Acts as a communicator between Policy service and TrueSight Orchestration connector to create change requests and send and receive change request data such as change templates, change request ID, change approval information, change status, and so on. |
Policy and Operation service | Creates policies and operations in the Automation Console. While using policies and operations, patching jobs get created in Server Automation. This microservice supports actions that identify and remediate missing patches and vulnerabilities. |
Data Refresh service | Retrieves information about all assets from Server Automation and manages change integration ticket synchronization. |
Exceptions service | Creates exceptions for vulnerabilities or missing patches on the selected assets in the Automation Console. This microservice prevents creating a remediation operation for the selected vulnerabilities and missing patches on which the exception is created. |
Redis service | Used for in-memory session cache. It is also used as a database-cache for the Work Manager. |
Work Manager | Provides capabilities to push or pull a set of requests and responses used by the Automation Console to send requests to the endpoint manager. |
TrueSight Server Automation connector | Acts as an adapter to communicate with the Server Automation instance. It fetches requests from the Work Manager and forwards it to the Automation Console instance. Response from Automation Console is sent back to the Work Manager. |
TrueSight Orchestration connector | Acts as an adapter to communicate with TrueSight Orchestration, which integrates with BMC Remedy IT Service Management for change automation. |
BMC Discovery connector | Acts as an adapter to communicate with BMC Discovery to send discovered assets in your environment to Automation Console. |
Identity Management service/ Users service/ Organization service | Manages identity, authentication, activation, and deactivation of the users. |
Connectors service | Manages configuration and life-cycle of the connectors. |
Tenant Onboarding service | Creates a fresh tenant and executes the migration tasks. |
RSSO portal service | Manages the login using BMC Remedy Single Sign-On. |
Configurations service | Holds configurations required across services, for example BMC Remedy Single Sign-On server configuration is stored in this service. |
Database server
The Automation Console currently supports PostgreSQL server as a database. You can install the database as part of the product installation or use an existing installation of the PostgreSQL database (supported only on Linux).
Comments
Log in or register to comment.