Network Architecture Overview
This section lists the various sites and their components, supported protector versions, communication flows, and key measurements for the recommended model architecture across various dimensions.
Table 1. Sites and Components
| Sites | Components | Description |
| Primary Site | ESA | ESA P1, ESA S1, ESA S2 |
| LTM | LTM-1: Manages resiliency within the Primary Site | |
| DR Site | ESA | ESA S3, ESA S4, ESA S5 |
| LTM | LTM-2: Manages resiliency within the DR Site | |
| GTM | GTM | GTM: Manages resiliency between the Primary and DR Sites |
Table 2. ESA Compatibility
| ESA | Supported Protectors |
| 10.2.0 |
|
Table 3. Communication Flows
The following table describes communication flows as depicted in diagrams in Deployment with Default Audit logging flow to ESA and Deployment with Audit logging flow to External SIEM.
| Flow | Request Initiator | Destination | Port | Protocol | Flow Sequence | LTM Configuration |
Policy Download for v9.1.0.0
Protector and v3.3.0.1 DSG | Pepserver in the Protector node | Service Dispatcher in ESA | 8443 | TLS |
| Primary Active Flow: Active connection to ESA P1 and
standby connection to other ESAs Protector 9.1/DSG 3.3.0.1 -> GTM
-> LTM-1 -> ESA P1 DR Flow: Active connection to ESA S3
and standby connections to other ESAs Protector 9.1/DSG 3.3.0.1 ->
GTM -> LTM-2 -> ESA S3 |
Package Download for v10.0.0 Standard
Protector and v4.0.0 DSG | RPAgent in the Protector node or RPP in the DSG node | RPP in ESA | 25400 | TLS |
| Primary Active Flow: Active connection to ESA P1 and
standby connection to other ESAs Protector 10.0.0/DSG 4.0.0 -> GTM
-> LTM-1 -> ESA P1 DR Flow: Active connection to ESA S3
and standby connection other ESAs Protector 10.0.0/DSG 4.0.0 -> GTM
-> LTM-2 -> ESA S3 |
Forwarding of Audit Events to
ESA | Log Forwarder in the Protector node | Insight in ESA | 9200 | TLS |
| Primary Active Flow: Routed to all ESAs in the Primary
Site Protector 9.1.0.0/10.0.0 or DSG 3.3.0.1/4.0.0 -> GTM -> LTM-1 -> ESA P1,
S1, S2 DR Flow: Routed to all ESAs in the DR
Site Protector 9.1.0.0/10.0.0 or DSG 3.3.0.1/4.0.0 -> GTM -> LTM-2 -> ESA S3,
S4, S5 |
Forwarding of Audit Events to External SIEM via
ESA | Log Forwarder in the Protector node | TD-Agent in ESA | 24224/ 24284 | Non-TLS/TLS |
| Primary Active Flow: Routed to all ESAs in the Primary
Site Protector 9.1.0.0/10.0.0 or DSG 3.3.0.1/4.0.0 -> GTM -> LTM-1-> ESA P1,
S1, S2-> External SIEM DR Flow: Routed to all ESAs in
the DR Site Protector 9.1.0.0/10.0.0 or DSG 3.3.0.1/4.0.0 -> GTM -> LTM-2-> ESA
S3, S4, S5 -> External SIEM |
Table 4. Key measurements for the recommended model architecture across various dimensions
The following table summarizes the key measurements for the recommended model architecture across various dimensions.
| Measurement | Policy | Insight | Criteria summary |
| Extensibility | √ | √ | The current architecture allows easy addition of new features, capabilities, or functionalities without requiring significant changes to the existing architecture. |
| Vertical Scalability | √ | √ | The current architecture allows enabling a node to expand its capacity by adding additional resources such as processing power, memory, or storage. |
| Horizontal Scalability | X | √ | The current architecture has the ability to distribute the load among multiple machines to improve the system's reliability and performance through a static consistent routing. However, for Policy, it is always recommended to perform authoring and modification only from Primary ESA. Hence, policy does not support horizontal scalability. |
| High Availability (HA) | X | √ | For Policy, HA is not supported as there is no real time replication of changes in policy to other ESAs from the Primary ESA. There is a dependency on a TAC replication job for replication. For Insight, audit logs are replicated to all the ESAs in a round robin fashion and there are replicas available in each of the ESAs handled by OpenSearch. |
| Disaster Recovery (DR) | √ | √ | The architecture meets the necessary criteria for DR, but it is important to understand that an appropriate DR plan is ready and tested by the user. The solution relies on the external SIEM for a complete log retention to be in place. |
| Federation | √ | √ | The current architecture has the ability to manage policy, monitor nodes, analyze events, and access logs. It can monitor performance and troubleshoot potential issues at the enterprise level, providing a single sheet of glass view. This criterion is met due to the use of an external SIEM. |
These measurements underscore the importance and effectiveness of adhering to a well-defined model architecture. Adherence ensures resiliency, fault tolerance, scalability, maintainability, and being adaptable to changes.
Feedback
Was this page helpful?