Documentation update

   

To provide a better user experience, we have now created a separate documentation space for BMC Helix Automation Console (previously called BMC Helix Vulnerability Management).
Users of BMC Helix Automation Console can find the latest documentation at BMC Helix Automation Console. .

Architecture

TrueSight Automation Console uses a microservices-based architecture and comprises an application server and a database. These components are deployed as a set of Docker containers. 

The following figure shows the components, their interaction, and the product architecture:

*Requires 21.02 enhancements.

Endpoint managers

Automation Console uses TrueSight Server Automation and TrueSight Network Automation as endpoint managers. Currently, only one-to-one mapping with the endpoint manager is supported, which means a single instance of Automation Console works with a single TrueSight Server Automation instance. 

To use TrueSight Network Automation as a endpoint manager, you must install 21.02 enhancements

To authenticate with Server Automation, you must use one of these authentication methods:

  • Secure Remote Password
  • Domain Authentication
  • RSA Secure ID
  • Lightweight Directory Access Protocol

In addition, for the TrueSight Server Automation endpoint manager, Automation Console supports BMC Remedy Single Sign-On and PKI as authentication mechanisms. 

Application Server

Application server comprises the following microservices and components: 

ComponentDescription
API gateway

Nginx acts as an API gateway and reverse proxy for communication among the services and between the graphical user interface and the microservices.

Login service

Provides APIs for authenticating with the endpoint manager. Provides login, logout, authentication, and session management APIs.

Also provides connector APIs required for configuring and managing connectors supported by Automation Console.

This service also supports administrative actions such as configuring Service Level Agreements, adding security groups, and adding a service account.

UI (Patch manager portal and Platform portal) service Provides UI pages to the user.
Asset (Resource) service

Obtains a list of servers or assets in Server Automation, which is retrieved during the Data Refresh cycle. It keeps an inventory of all enrolled and decommissioned assets. This microservice is used to generate data on the Assets page.

Asset state (Patch manager core) service

Stores information about the state of all patches, missing or already installed, and vulnerabilities identified on all assets.

This service displays data on the Risks > Missing Patches and Risks> Vulnerabilities pages and on the Patch Dashboard and Vulnerability Dashboard.

Catalog service

Imports catalogs from Server Automation and schedules their update.

ITIL service

Acts as a communicator between Policy service and TrueSight Orchestration connector to create change requests and send and receive change request data such as change templates, change request ID, change approval information, change status, and so on.

Policy and Operation service

Creates policies and operations in the Automation Console. While using policies and operations, patching jobs get created in Server Automation. This microservice supports actions that identify and remediate missing patches and vulnerabilities.

Data Refresh service

Retrieves information about all assets from Server Automation and manages change integration ticket synchronization.

Exceptions service

Creates exceptions for vulnerabilities or missing patches on the selected assets in the Automation Console. This microservice prevents creating a remediation operation for the selected vulnerabilities and missing patches on which the exception is created.

Redis serviceUsed for in-memory session cache. It is also used as a database-cache for the Work Manager.
Work Manager

Provides capabilities to push or pull a set of requests and responses used by the Automation Console to send requests to the endpoint manager.

TrueSight Server Automation connector

Acts as an adapter to communicate with the Server Automation instance. It fetches requests from the Work Manager and forwards it to the Automation Console instance. Response from Automation Console is sent back to the Work Manager.

TrueSight Orchestration connector

Acts as an adapter to communicate with TrueSight Orchestration, which integrates with BMC Remedy IT Service Management for change automation.

BMC Discovery connector

Acts as an adapter to communicate with BMC Discovery to send discovered assets in your environment to Automation Console.

Identity Management service/ Users service/ Organization service

Manages identity, authentication, activation, and deactivation of the users.

Connectors serviceManages configuration and life-cycle of the connectors.
Tenant Onboarding serviceCreates a fresh tenant and executes the migration tasks.
RSSO portal serviceManages the login using BMC Remedy Single Sign-On.
Configurations serviceHolds configurations required across services, for example BMC Remedy Single Sign-On server configuration is stored in this service.

Database server

The Automation Console currently supports PostgreSQL server as a database. You can install the database as part of the product installation or use an existing installation of the PostgreSQL database (supported only on Linux).

Related topics

Planning

System requirements

Was this page helpful? Yes No Submitting... Thank you

Comments