Almaden – Architecture
Architecture CIQ ITAM / CIQ DEX
This document aims to demonstrate and formalize the prerequisites of CIQ ITAM and CIQ DEX. This includes the list of ports that must be opened, the agents that need to be previously authorized, and a description of their functions. Additionally, it provides an overview of the entire solution’s topology, whether it is internal in the Almaden cloud or in the client/partner environment where it will be implemented
CIQ ITAM / CIQ DEX Summarized topology
Sample Topology
CIQ ITAM / CIQ DEX Applications (cloud or replica)
Receiver:
The Receiver is a component of the CIQ ITAM and CIQ DEX solution responsible for receiving information sent by agents installed on servers and desktops. It centralizes the responsibility of receiving, decrypting, interpreting, and storing in a database all the information collected by the agents.
It ensures the security of the received data by authenticating the agents before allowing the transmission of information.
After receiving the data, the Receiver interprets and stores it in the corresponding database. It decrypts the received data and converts it to the appropriate format for storage. The Receiver is also responsible for filtering and enriching the data before storing it in specific databases of the CIQ ITAM and CIQ DEX solution.
The Receiver is a critical component of CIQ ITAM and CIQ DEX, as it is responsible for ensuring the integrity and reliability of the data collected by the agents. It is designed to be highly scalable, allowing it to handle large volumes of data and ensure that no data is lost or corrupted during the process of receiving and storing.
Site/Portal:
The CIQ ITAM and CIQ DEX Portal is the data exposure layer of the solution. It is responsible for providing a user-friendly interface for viewing and managing data collected by agents and stored in the solution’s databases.
Through the Portal, users can view reports, charts, and dashboards with information about the performance, capacity, and configuration of servers and desktops managed by the CIQ ITAM and CIQ DEX solution. In addition, the Portal allows users to manage their monitoring configurations and policies, such as adding or removing servers and desktops to be managed and configuring performance alerts.
The CIQ ITAM and CIQ DEX Portal also provides advanced data analysis features, such as the ability to correlate performance events and perform root cause analysis to identify issues affecting the performance and availability of managed servers and desktops. The Portal is highly customizable, allowing users to create custom reports and dashboards based on their specific monitoring and management needs.
Conversion (data analyzer):
Conversion (data analyzer) is a component of the CIQ ITAM and CIQ DEX solution responsible for converting performance data collected from servers and desktops. It converts data from the granularity of collection to the granularity used in reports. For this, server data is collected minute by minute and converted to hourly points, while desktop data is collected hourly and converted to daily points. This application is essential to ensure the accuracy and reliability of reports generated by the CIQ ITAM and CIQ DEX solution.
Databases
Server DB
Server DB is a database in DB2 used to centralize configuration information for the solution and server data. It stores CIQ ITAM and CIQ DEX configuration information, such as server access credentials, server groups, and other general solution settings. In addition, it is also responsible for storing the information collected by CIQ ITAM and CIQ DEX agents, which is sent to the Receiver and subsequently written to the database. This information includes server performance data, service status, running processes, hardware resource usage, and other useful information for server monitoring and management. The Server DB database is one of the key components of the CIQ ITAM and CIQ DEX solution, as it is used to store and process most of the information collected by the solution’s agents.
Desktop DB
The Desktop DB database of the CIQ ITAM and CIQ DEX solution is responsible for storing information about desktops. It contains data such as hardware configuration, installed software, security updates, disk usage, memory usage, event history, among other information.
The Desktop DB database in DB2 is used by CIQ ITAM and CIQ DEX to provide desktop inventory information and for software and hardware asset management. It allows IT administrators to obtain accurate information about the desktops in their networks, which can help them identify issues and perform tasks such as software deployment, security patching, and hardware maintenance.
In Desktop DB, the Asset database is integrated with other parts of the CIQ ITAM and CIQ DEX solution, allowing the data collected about desktops to be used in performance and capacity reporting and analysis. It is also used to support automation and policy management features, enabling administrators to define policies to automatically manage desktops based on the information collected by CIQ ITAM and CIQ DEX .
RTM DB
RTM DB (Real-Time Monitoring Database) is a database in DB2 used by the CIQ ITAM and CIQ DEX solution to store real-time monitoring data from servers and network devices. It is responsible for collecting raw performance data, including CPU usage, memory, network, storage, and other system resources.
The RTM DB is a high-speed, low-latency database designed to store and manage large volumes of data in real-time. It allows the CIQ ITAM and CIQ DEXsolution to monitor device performance in real-time and generate instant alerts and reports based on the collected metrics.
The data stored in the RTM DB is later transferred to other databases, such as the Server DB and Desktop DB, where it is converted and aggregated into more complex reports on performance, capacity, sizing, and other metrics.
Cache DB:
Cache DB is a cache database in REDIS used by CIQ ITAM and CIQ DEX to speed up data delivery and store temporary data. It is an in-memory data structure that allows for quick storage and retrieval of data without needing to access the database again.
CIQ ITAM and CIQ DEX DB:
The CIQ ITAM and CIQ DEX DB database in PostgreSQL used by CIQ ITAM and CIQ DEX is responsible for storing customization information for the portal. It is used to store report configuration information, dashboards, users, and other custom settings defined by users.
Prerequisites communication ports
Check the specific documentation for producing your account: LAD1 or LAD2 Documentation
Classic view: Below is the list of communication ports for the solution to work in its entirety.
NOTE: Check the customer’s environment when logging into CIQ ITAM and CIQ DEX and replace the word environment with the correct name.
Ex: env-receiver.almaden.app to lad2-receiver.almaden.app.
| Feature | Origin | Ports | Direction | Protocol | Destiny | Description |
| All Agents Rule: Mandatory | Relays or all equipament | 443 | In/Out | SSL | env-receiver.almaden.app | Communication with the CIQ ITAM / CIQ DEX Cloud on the internet via SSL or HTTP protocol. |
| Relay (Central or local) – Collector Agents when transmitting through relays Rule: Mandatory | All equipment that will transmit through the relays | 1999 | In/Out | TCP | Relays | Communication between environment equipment and relays |
| Netscan Rule: Optional | Netscan server | ICMP | In/Out | – | All Equipment | Discovery of machines on the network. |
| Netscan server | 137/138/139 | In/Out | TCP/UDP | All Equipment | ||
| Netscan server | 237/238/239 | In/Out | TCP/UDP | All Equipment | ||
| Netscan server | 161 (SNMP) | In/Out | TCP/UDP | All Equipment | ||
| Netscan server | 445 | In/Out | TCP/UDP | All Equipment | ||
| ADW – Distribuition Wizard Rule: Optional | Distribution server | 5900/5901 | In/Out | TCP | All Equipment | Transferring distribution files, commands and executables via LAN. |
| SRA – Remote Access Rule: Optional | All Equipment | 443 | In/Out | TCP/UDP | remote.automatos.com | Support/Remote access between client and server |
| AAU – Auto Update Rule: Optional | All Equipment | 8081/8443 | In/Out | TCP/UDP | env-smartcenter.almaden.app | Automatic update of agents in the environment and file distribution via WAN |
| Agent – Geolocation Rule: Optional | All Equipment | 80 | In/Out | TCP | ip-api.com | collects the geolocation of the equipment. |
The standard communication ports of the distribution server with the equipment (5900/5901) can be changed if there is another tool in the environment that uses the VNC protocol.
User that is part of the security group is required (Auto ADW SRC). Used for distribution and removal of software.
