Architecture
A TrueSight Vulnerability Management deployment mainly consists of the following nodes:
- Application Server
- Elasticsearch Server
- Database Server
The diagram shows various nodes and the components residing on them. Note that the second Application Node shown in the diagram also contains all the components that are shown in the first Application Node.
The following sections provide an explanation of the nodes and components.
Application Server
Following are the various components that reside on the Application Server node:
- Vulnerability-management-portal — Comprises the TrueSight Vulnerability Management GUI and the backend module which caters to the user requests coming from the GUI. Vulnerability-management-portal typically communicates with all other components of the Application Server node
- Tagging — A micro service which maintains the tags related to TrueSight Vulnerability Management. It typically provides tagging related CRUD operations.
- WorkManager — A generic micro service which provides capabilities of push/pull set of requests/responses utilized by TrueSight Vulnerability Management to send requests to endpoint managers.
- Redis — A light-weight component utilized as WorkManager repository for maintaining work items.
- Vulnerability-management-drm — A micro service that comprises of data refresh manager, which manages data refresh capabilities.
- Vulnerability-management-drw — A micro service comprises of data refresh workers, which execute data refresh work assigned by Vulnerability-management-drm.
- Consul — A third-party service discovery tool used to discover and configure Vulnerability-management-drm and Vulnerability-management-drw.
- TrueSight Server Automation Connector — Acts as an adapter to communicate with the TrueSight Server Automation instance. It fetches requests from WorkManager and forwards it to the TrueSight Server Automation instance. Response from TrueSight Server Automation is sent back to WorkManager.
- TrueSight Network Automation Connector — Acts as an adapter to communicate with TrueSight Network Automation instance. It fetches requests from WorkManager and forwards it to the TrueSight Network Automation instance. Response from TrueSight Network Automation is sent back to WorkManager.
- Discovery Connector — Acts as an adapter to communicate with BMC Discovery instance. It fetches requests from WorkManager and forwards it to the BMC Discovery instance. Response from BMC Discovery is sent back to WorkManager.
- Orchestration Connector — Acts as an adapter to communicate with TrueSight Orchestration instance. It fetches requests from WorkManager and forwards it to the TrueSight Orchestration instance. Response from TrueSight Orchestration is sent back to WorkManager.
- SCCM Connector — Acts as an adapter to communicate with Microsoft System Center Configuration Manager (SCCM) instance. It fetches requests from WorkManager and forwards it to the SCCM instance. Response from SCCM is sent back to WorkManager. SCCM connector is different from all other connectors because it must be deployed within Active directory domain of SCCM server.
Elasticsearch Server
TrueSight Vulnerability Management utilizes Elasticsearch server to store read-only data for faster retrieval. The Elasticsearch server allows for rapid text searches that apply to many areas of the TrueSight Vulnerability Management system, including vulnerability data and searches for managed servers.
Database Server
TrueSight Vulnerability Management currently supports PostgreSQL server as a database. You can install database using TrueSight Stack Manager tool or use an existing instance of PostgreSQL installed (supported only on Linux) in your environment.
Related topics