cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mcavanagh
By Level 6 Flexeran
Level 6 Flexeran

Back to Start: Introduction to Series

 

Data Flow Considerations 

There are various Data Flow Considerations; below, you will find the most commonly discussed in the past.  

NOTE: Not all Data Flow Considerations are located here, and more are being added often. 

  

Two Way Communication 

Since all components communicate with each other, there needs to be two-way communication between each component. Especially Agent to Beacon and Beacon to Inventory/Batch server.

For example 

Assuming that HTTP/Port 80 is configured, then the agent will initiate an HTTP PUT to upload inventory files TO the beacon.  This uploads inventory files from the endpoint to the beacon.

The agent downloads policies FROM the beacon, the agent will initiate an HTTP GET.  This downloads policy files from the beacon to the endpoint.

Therefore, the direction is 2-ways, even though the Agent is initiating all communication.

And when secure communication is configured, the agent will initiate HTTPS PUT and HTTPS GET.

For configuring the firewall as long as the Firewall is set for Stateful. The firewall is intelligent enough to return the data back to the original request IP. So you would only need to submit a firewall request one one way.

So it would look like this >

Source

Destination

Port

192.168.1.1

10.10.10.1

80/443

 

If you had a Stateless Firewall as communications are technically bi-directional, those type of firewalls would refuse the connection back to the source or to the destination so you would have to firewall both ways for agent connectivity to work correctly.

Like this >

Source

Destination

Port

192.168.1.1

10.10.10.1

80/443

10.10.101

192.168.1.1

80/443

*IP's used are for reference.

 *Thank you bmaudlin for the example

 

Port Numbers 

It is a consideration you will have to undertake; whether you use the regular ports of 80 and 443 or non-common ports is up to you. As stated above, you will need to make sure that whatever port you choose needs to be opened in both directions.  

For other Port Numbers used, please visit Ports and URLs for Inventory Beacons Online Help Article. 

 

Setup Types 

There are various layouts when configuring an FNMS environment: 

  • Single Server  
  • Two Servers  
  • Three Servers  
  • Multiple Level Beacon  

Below is a deep dive into all the Setup Types listed above.  

NOTE: All setups listed below cover having Application, Batch, Inventory, and Database Servers. 

 

Single Server Setup 

Single Server.PNG

It is the most common setup, requires fewer servers to be configured, and is the easiest to configure. However, since all the components are installed on a single server, this request requires the most processing power and resources on a single machine. You could change this setup to have the database on a separate server than with the FNMS components, and that way would be more optimal and not that hard to configure. 

 

Two Server Setup 

2 server.PNG

Two Server Setup sees that the batch and inventory are sitting on the same server, and the application is on its own. This configuration is the second most effortless way to set up FNMS and probably the most optimal. It requires fewer servers to be set up than the three-server setup and is less complicated to set up.   

 

Three Server Setup 

3 server setup.PNG

 As you can see from the image below, each component sits on its own individual server. This setup carries the best performance but can be slightly more complex to set up. If not configured correctly during installation.    

 

Multi-level beacon setup 

multi.PNG

 This is where you have multiple beacons in a parent-child setup. This setup is for customers with complex environments that need different beacons in different regions around the world. It can also be used as a sort of load balancing or, in some instances, a DMZ setup. 

 

Setting up a Child Beacon 

Setting up a Child Beacon is similar to setting up a Parent Beacon; however, when configuring the beacon from within the FNMS UI, you would select the beacon that it would report to as the Parent Beacon. 

Want to know more about Child Beacon Setups? Please visit Beacon Configuration - Child to Parent for more details.  

 

Setting up a DMZ 

Although we cannot tell you what you need to secure your DMZ, we can advise setting up FNMS. You can take a few approaches; two of them are similar in your steps to configure the beacon. However, depending on what you have set up within your estate will alter which approach to take. 

 

Reverse Proxy 

This approach would be to set up a proxy in which your user's laptops would access that would forward to your beacon. 

Want to know more about Reverse Proxy? Please visit How to enable Beacon Reverse Proxy Setup for more details.  

  

Beacon Network Name (Alias) 

This would be to set up your beacon to have an alias with an outside name that our DNS would handle. 

Want to know more about Beacon Network Names? Please visit How to configure the beacon to use a different name or alias than its hostname for more details. 

  

Dummy Beacon Records 

It would be to create records within the beacon table; however, this would not be practical. A Dummy Beacon Record will show the beacons within the UI that will show as never connected. 

 

(1) Comment
fstewart2
By
Level 4

Great series!  Look forward to the rest as well.  One suggestion:  add locations for logs for each of the elements/steps in the processes.  Would help with understanding the "happy path" as well as troubleshooting when things fail.