Page tree

Enterprise Edition is a software solution for complex organizations in need of a complete understanding of their network and cloud assets under management. The solution has three primary components: the Command Center, one or more Enterprise Scouts and one or more Cloud Scouts. Communication between these components and your network is TLS/SSL-secured over port 443.  FireMon provides all of the software, training, documentation, and consultative services needed for your enterprise to enjoy the benefits of hybrid cloud visibility.

Command Center

The Command Center is the is the hub of network situational awareness and the analytics engine of Asset Manager systems. It is typically hosted on a virtual machine in your security or network operations center but can also be instantiated in Asset Manager Services, AWS, or Azure cloud.

From its vantage point, you can look out over your network, overseeing its performance and monitoring activity in real-time. At its browser interface, you control the operation of Asset Manager by setting parameters such as IP addresses, protocols, targets, and known space to discover responsive devices in the network and cloud zones you specify.

The Command Center's mapping and visualization features let you stay apprised of network conditions through visual cues and indicators. You can compare and contrast what Asset Manager knows about your hybrid cloud to what other systems in your security stack know. And because Asset Manager can be integrated with the Security Intelligence Platform, what becomes known about your hybrid cloud network gets extended to the entirety of your automated firewall and endpoint policy management.  

Scouts

Enterprise Scouts and Cloud Scouts participate in watching a network from remote networks or clouds and transmit findings back to the Command Center for analysis. An Enterprise Scout can take the form of a physical machine running in one of your data centers, but most often it is deployed as a virtual machine. Scouts are deliberately positioned to provide visibility into areas of a network that are remote from the Command Center. The primary job of Scouts is to collect information on the state of the network and exchange information with Collectors.

Enterprise Scouts are available as virtual machines and are installed in the same manner as Command Centers. Your licensing agreement with FireMon determines whether the component operates as a Command Center or an Enterprise Scout. You can deploy Enterprise Scouts in various locations, one in Area 0 (i.e., OSPF, backbone), for example. Others in remote, insulated areas of the network. Each of these collects device details, working in tandem and recursively to enable the authoritative indexing of your complex, hybrid cloud network.

Cloud Scouts can be instantiated in an AWS or Azure cloud–a maximum of one Cloud Scout per provider.  They can be run in a private or public, multi-tenanted cloud. Cloud Scouts communicate with the Command Center via API calls.

Scouts of both types can respond to requests from multiple Command Centers. Neither Enterprise nor Cloud Scouts store data but transmit it back to the Command Center, where it is stored in a database and analyzed. Scouts operate bi-directionally and are proxy-aware. Their session traffic goes through an HTTP proxy, meaning that addressing information is not exchanged between the Internet and Asset Manager.

Scouts are controlled almost entirely from the Command Center and have a very limited GUI presence. Your administration of Scouts will consist of attaching and detaching them from a Command Center, upgrading them (in the case of Enterprise Scouts), and replacing them (in the case of Cloud Scouts).

Collectors

Collectors are autonomous logical elements that flow among the Command Center and Scouts, listening and gathering data.  They carry indexing/discovery definitions, instantiate and perform passive, active, and targeted discovery, reference interfaces, watch message queues, and transmit collected data back to the Command Center. Collectors can respond to requests from multiple Command Centers, and multiple collectors work together to gather information about devices in your network unless you configure them not to do so.

You can outfit a zone with multiple collectors that are, essentially, network explorers. They flood the network (without impacting network performance), gathering data according to the methods and via the protocols you define. When you add collectors, you are laying the groundwork for discovery.

Collectors are tied to discovery configurations and associated with zones. They do not probe the network or perform any activity until a configuration for them has been set and enabled. If you create a collector but do not enable it, it will not run. See Managing Collectors for more.

User Interfaces

Asset Manager Graphical User Interface (GUI)
You'll run most Asset Manager operations via the graphical user interface, which provides menu access to five modules:  

  • Dashboards - A operational overview of zones, notifications, and cyberissues. Dashboard panes (aka widgets) can illustrate information globally–across all zones, or locally–for a single zone.
  • Maps - Displays a topology map of your selected zone.
  • Reports - Single-zone index of findings.
  • Search - Basic or advanced Search with Query Builder
  • Settings - The location from which to configure the Asset Manager system, system users and their roles, and the discovery process–including a definition of what, where, and how to discover.
  • Command-Line Interface (CLI) -  CLI is used to initiate the system installation and configuration. Collectors, Scouts, Roles, and User Management can also be set up and managed through the CLI.

Discovery

Zones
Zone is any set of devices you want to monitor as a unit, for example, a subnet, an enclave, or a business unit. Typically, an organization comprises multiple zones.

Zones circumscribe the information that can be displayed on an Asset Manager map. To map a particular network view, all elements belonging to that view must be contained in a single zone. Therefore, when planning a zone definition, be sure to define elements you want to see on a one map as belonging to the same zone.

Administration

The administration of Asset Manager is all about configuring the system to deliver the information you need, and this is accomplished through the Settings section.  Elements that require configuration are the system itself, system users and their roles, and the discover process–including defining what, where, and how to discover.

  • No labels