Trusted Agent Components

Understanding the components that participate in Trusted Agent scenarios is key to a successful cross-network implementation.

Component Definition
Private CSM Network

The network in which CSM servers are running. For SaaS customers, this is the Cherwell data center.

This network is separate from the network in which one or more private resources reside, so Trusted Agent is required to communicate with those private resources.

Private Customer Network A network that contains one or more private resources, such as an LDAP directory and/or a relational database, that need to be accessed by CSM but which are separated from CSM by one or more network security boundaries.
Private Resource A server, service, or data source that is not directly accessible to CSM servers because of one or more network security boundaries. A typical scenario is to have one or more private resources within a private customer network while CSM is hosted outside of the customer network.
Redis Cache A Redis database used to enable scale-out of Trusted Agent Hubs.
Trusted Agent A software component that acts as a proxy for communication between a Trusted Agent Hub and one or more private resources of a given type. Each Trusted Agent can handle communication with one type of private resource, but it can handle communication with more than one instance of that private resource type.

For example, a Trusted Agent for external data can connect to any number of databases as long as those databases are accessible to the Trusted Agent. Similarly, a Trusted Agent for LDAP can connect to any number of LDAP directories as long as those directories are accessible to the Trusted Agent.

Each Trusted Agent is hosted within a Trusted Agent Service.

Trusted Agent Hub A CSM software component that runs within a CSM Browser Client web application and acts as the central point of communication for all Trusted Agent interactions. Trusted Agents connect to a Trusted Agent Hub at startup, and CSM servers communicate to Trusted Agents by sending requests to the Trusted Agent Hub, which selects the Trusted Agent to receive each request.

Trusted Agent Hubs may be scaled out using Redis just as CSM Browser Client can be scaled out.

For SaaS customers, the Trusted Agent Hub is hosted in the Cherwell data center.

Trusted Agent Service Group A configurable set of Trusted Agent Services that can be created in CSM Administrator and selected when configuring Trusted Agent usage for CSM features. Trusted Agent Groups are used to route requests to only specific Trusted Agent Services. If no groups are configured, all Trusted Agent Services are assumed to be capable of performing all Trusted Agent operations.
Trusted Agent Server The physical or virtual machine that hosts a Trusted Agent Service and is collocated on a private network with the private resources that should be accessible to CSM servers. A Trusted Agent Server can host only one Trusted Agent Service, but multiple Trusted Agent Servers can be used to support request routing and fault tolerance.

For SaaS customers, the Trusted Agent Server is hosted in the servers in the customer's domain.

Trusted Agent Service A Windows service that hosts Trusted Agents. Each Trusted Agent Service hosts one Trusted Agent for each feature supported by CSM, for a total of five: external databases, LDAP authentication, Windows Domains, email, and One-Step Actions.