Trusted Agent Components
Understanding the components that participate in Trusted Agent scenarios is key to a successful cross-network implementation.
Component | Definition |
---|---|
Private CSM Network |
The network in which CSM servers are running. For SaaS customers, this is the Cherwell data center. This network is separate from the network in which one or more private resources reside, so Trusted Agent is required to communicate with those private resources. |
Private Customer Network | A network that contains one or more private resources, such as an LDAP directory and/or a relational database, that need to be accessed by CSM but which are separated from CSM by one or more network security boundaries. |
Private Resource | A server, service, or data source that is not directly accessible to CSM servers because of one or more network security boundaries. A typical scenario is to have one or more private resources within a private customer network while CSM is hosted outside of the customer network. |
Redis Cache | A Redis database used to enable scale-out of Trusted Agent Hubs. |
Trusted Agent | A software component that acts as a proxy
for communication between a Trusted Agent Hub and one or more private resources
of a given type. Each Trusted Agent can handle communication with one type of
private resource, but it can handle communication with more than one instance
of that private resource type.
For example, a Trusted Agent for external data can connect to any number of databases as long as those databases are accessible to the Trusted Agent. Similarly, a Trusted Agent for LDAP can connect to any number of LDAP directories as long as those directories are accessible to the Trusted Agent. Each Trusted Agent is hosted within a Trusted Agent Service. |
Trusted Agent Hub | A
CSM
software component that runs within a
CSM Browser Client
web application and acts as the central point of communication for all Trusted
Agent interactions. Trusted Agents connect to a Trusted Agent Hub at startup,
and
CSM
servers communicate to Trusted Agents by sending requests to the Trusted Agent
Hub, which selects the Trusted Agent to receive each request.
Trusted Agent Hubs may be scaled out using Redis just as CSM Browser Client can be scaled out. For SaaS customers, the Trusted Agent Hub is hosted in the Cherwell data center. |
Trusted Agent Service Group | A configurable set of Trusted Agent Services that can be created in CSM Administrator and selected when configuring Trusted Agent usage for CSM features. Trusted Agent Groups are used to route requests to only specific Trusted Agent Services. If no groups are configured, all Trusted Agent Services are assumed to be capable of performing all Trusted Agent operations. |
Trusted Agent Server | The physical or virtual machine that hosts a
Trusted Agent Service and is collocated on a private network with the private
resources that should be accessible to
CSM
servers. A Trusted Agent Server can host only one Trusted Agent Service, but
multiple Trusted Agent Servers can be used to support request routing and fault
tolerance.
For SaaS customers, the Trusted Agent Server is hosted in the servers in the customer's domain. |
Trusted Agent Service | A Windows service that hosts Trusted Agents. Each Trusted Agent Service hosts one Trusted Agent for each feature supported by CSM, for a total of five: external databases, LDAP authentication, Windows Domains, email, and One-Step Actions. |