Highlighted
Honored Contributor.
Honored Contributor.
403 views

diagram / architecture views UCMDB (opinions)

Hi, good day

I would like to know your opinions of the following diagram or architecture of ucmdb according to your experiences in implementations:
Considerations:
There is only one probe (discovery and integrations)
There is only integration with Service Manager and with Asset Manager
Only unix / windows servers, bd oracle and sql server and vmware virtualization will be discovered.
The assigned DB is SQL Server

 


diagrama-arquitecturaUCMDB.PNG

Some questions are:
1) The relationship of the integrations (Service Manager and Asset M.) should go to the Firewall or directly to the probe?
1.1) Is it recommended to put the port, name and ip in these relationships?
2) The relationship between the database and the ucmdb server must be bidirectional?
3) The relationship between the UCMDB Server and UCMDB Probe must be bidirectional?

I need some important relationship or adjustment to make?

 

Thank you very much,

 

 

 

0 Likes
4 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: diagram / architecture views UCMDB (opinions)

1) The relationship of the integrations (Service Manager and Asset M.) should go to the Firewall or directly to the probe?

It is fine these to be behind firewall, because they are static and you know the IPs of SM and AM. However if they are in the same network segment, why would you have firewall between the solutions?

One more thing - do you want to have firewall between DFP and the discovered servers? The recommended setup is to have the DFP installed nearest to the servers. In your architecture if somebody forgets a to put in permitting rule network range or a port, the DFP will not be able to connect and will report incomplete scan.

1.1) Is it recommended to put the port, name and ip in these relationships?

If you want to tell the DB team what to configure, of course
2) The relationship between the database and the ucmdb server must be bidirectional?

Only the UCMDB connects to the database, so one direction.

3) The relationship between the UCMDB Server and UCMDB Probe must be bidirectional?

Only the DFP connects to the UCMDB. The connection is one direction.

Cheers,

Petko Popadiyski

Freelance Microfocus CMS UCMDB Consulting

Likes are appreciated!
0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: diagram / architecture views UCMDB (opinions)

Hi, good day

1) The relationship of the integrations (Service Manager and Asset M.) should go to the Firewall or directly to the probe?

It is fine these to be behind firewall, because they are static and you know the IPs of SM and AM. However if they are in the same network segment, why would you have firewall between the solutions?

The answer is that UCMDB is in a QA environment and Service Manager and asset manager are in a production environment; for that reason they have different segments.

One more thing - do you want to have firewall between DFP and the discovered servers? The recommended setup is to have the DFP installed nearest to the servers. In your architecture if somebody forgets a to put in permitting rule network range or a port, the DFP will not be able to connect and will report incomplete scan.

When dealing with a financial client there are many security policies, however it is a procedure that the administrator of ucmdb must do and it is clear to him.
However I have never seen a client where it does not touch go through a firewall for that are the permissions on the ports, 445, 139, 22 or the one that applies is not it?

1.1) Is it recommended to put the port, name and ip in these relationships?

If you want to tell the DB team what to configure, of course

Thanks
2) The relationship between the database and the ucmdb server must be bidirectional?

Only the UCMDB connects to the database, so one direction.

but the ucmdb server does not send the discovered information to the database?
for that reason it was that I put it bidirectional. Excuse my concern.

3) The relationship between the UCMDB Server and UCMDB Probe must be bidirectional?

Only the DFP connects to the UCMDB. The connection is one direction.

here also believe that both the ucmdb server and ucmdb probe communicate, to be the probe who sends the discovered to the server or again is not it?

a pleasure

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: diagram / architecture views UCMDB (opinions)

The following diagram coincides with what you have indicated above, however I insist with my concerns.

arquitecturaDFM.PNG

 

arquitectura.PNG

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: diagram / architecture views UCMDB (opinions)

1) fine, if you have your reasons for that. I have had multiple customers who don't have firewalls applied to their internal environments.
2) the ucmdb does send the discovered data to DB. and it also initiated the connection to retrieve the information. The direction means who initiated the communication , and the DB server will never try to connect to the UCMDB application. It's the other way around. the connection is UCMDB -> DB.
3) same thing as above. The DFP initiated connection to UCMDB. The server never tries to connect to DFP. So one direction DFP -> UCMDB
Likes are appreciated!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.