Security – Desktop Agent and Server Agent
Introduction
This document aims to describe the security applied in the Almaden topology, analyzing everything from agent data collection and plugin behavior to data reception, database storage, and information presentation in our cloud.
Security – Desktop Agent and Server Agent
Both the Automatos Desktop Agent (ADA) and Automatos Server Agent (ASA) follow the same architecture and behavior regarding data collection, processing, and transmission. The only distinction lies in the Windows Registry paths where their configuration settings are stored.
Registry Configuration
- Server Agent (ASA):
- MID and CID:
HKLM\SOFTWARE\WOW6432Node\Automatos\Asa\Common\3.0 - Engine:
HKLM\SOFTWARE\WOW6432Node\Automatos\Asa\Engine\3.0 - Plugin Frequency:
HKLM\SOFTWARE\WOW6432Node\Automatos\Asa\Plugins\Asset - Relay Config:
HKLM\SOFTWARE\WOW6432Node\Automatos\Asa\Relay\3.0
- MID and CID:
- Desktop Agent (ADA):
- MID and CID:
HKLM\SOFTWARE\WOW6432Node\Automatos\Ada\Common\3.0 - Engine:
HKLM\SOFTWARE\Automatos\Ada\Engine\3.0 - Plugin Frequency:
HKLM\SOFTWARE\WOW6432Node\Automatos\Ada\Plugins\Asset - Relay Config:
HKLM\SOFTWARE\WOW6432Node\Automatos\Asa\Relay\3.0
- MID and CID:
Data Collection and Processing
- Both agents collect data using system-native functions via internal OS libraries.
- Data is stored in logical objects (proprietary format).
- During processing, the data is loaded into memory and compressed using BZIP2, a lightweight compression tool embedded in the agent.
Transmission to Relay
- The agent opens an SSL (Secure Socket Layer) connection with the relay to send data securely.
- Data is transmitted in TU (Transmission Unit) format to the relay.
- The connection between the relay and the receiver uses SSL (already encrypted)
Receiver Handling
- The receiver reads the TU from each plugin.
- It determines the protocol (SSL or HTTP) and creates a matching instance.
- If HTTPS is used, the TU is decrypted before being read. If compressed, the TU is decompressed.
- Data is in Astream format (encoded logical object) and is mapped into variables and objects before being inserted into the database using predefined queries.
Databases
- Servers:
- First stored in
RTMDB(Real-Time Monitoring Database). - Then normalized and summarized into
AUTOM02(performance data).
- First stored in
- Desktops:
- Stored directly in the
ASSETdatabase (hardware and software inventory).
- Stored directly in the
Portal Access
- Data is displayed on the web portal via queries to:
AUTOM02for server dataASSETfor desktop data
- No encryption is applied at this stage since the portal reads directly from the databases for report generation.
