Trusted Agents Components
Understanding the components that participate in Trusted Agents scenarios is key to a successful cross-network implementation.
| Component | Definition |
|---|---|
| Private CSM Network |
The network in which CSM servers are running. For SaaS customers, this is the Cherwell data center. This network is separate from the network in which one or more private resources reside, so Trusted Agents are required to communicate with those private resources. |
| Private Customer Network | A network that contains one or more private resources, such as an LDAP directory and/or a relational database, that need to be accessed by CSM but which are separated from CSM by one or more network security boundaries. |
| Private Resource | A server, service, or data source that is not directly accessible to CSM servers because of one or more network security boundaries. A typical scenario is to have one or more private resources within a private customer network while CSM is hosted outside of the customer network. |
| Redis Cache | A Redis database used to enable scale-out of Trusted Agents Hubs. |
| Trusted Agent | A software component that acts as a proxy
for communication between a Trusted Agents Hub and one or more private
resources of a given type. Each Trusted Agent can handle communication with one
type of private resource, but it can handle communication with more than one
instance of that private resource type.
For example, a Trusted Agent for external data can connect to any number of databases as long as those databases are accessible to the Trusted Agent. Similarly, a Trusted Agent for LDAP can connect to any number of LDAP directories as long as those directories are accessible to the Trusted Agent. Each Trusted Agent is hosted within a Trusted Agents Service. |
| Trusted Agents Hub | A
CSM
software component that runs within a
CSM Browser Client
web application and acts as the central point of communication for all Trusted
Agent interactions. Trusted Agents connect to a Trusted Agents Hub at startup,
and
CSM
servers communicate to Trusted Agents by sending requests to the Trusted Agents
Hub, which selects the Trusted Agent to receive each request.
Trusted Agents Hubs may be scaled out using Redis just as CSM Browser Client can be scaled out. For SaaS customers, the Trusted Agents Hub is hosted in the Cherwell data center. |
| Trusted Agents Service Group | A configurable set of Trusted Agent Services that can be created in CSM Administrator and selected when configuring Trusted Agent usage for CSM features. Trusted Agents Groups are used to route requests to only specific Trusted Agent Services. If no groups are configured, all Trusted Agent Services are assumed to be capable of performing all Trusted Agent operations. |
| Trusted Agents Server | The physical or virtual machine that hosts a
Trusted Agents Service and is collocated on a private network with the private
resources that should be accessible to
CSM
servers. A Trusted Agents Server can host only one Trusted Agents Service, but
multiple Trusted Agents Servers can be used to support request routing and
fault tolerance.
For SaaS customers, the Trusted Agents Server is hosted in the servers in the customer's domain. |
| Trusted Agents Service | A Windows service that hosts Trusted Agents. Each Trusted Agents Service hosts one Trusted Agent for each feature supported by CSM, for a total of five: external databases, LDAP authentication, Windows Domains, email, and One-Step Actions. |