Deployment Architecture
Ashwani
Last Update há 8 meses
The Deployment Architecture section describes how Athera’s SaaS scanner operates across different network zones, enabling comprehensive scanning of both public and private assets via jump hosts.
Public Assets (Direct Scanning)
Athera can scan assets with public IPs in two ways:
- Authenticated Scans: Athera connects to target systems using native remote authentication protocols (e.g., SSH for Linux, WinRM for Windows) to collect detailed system and configuration information.
Unauthenticated Scans: If credentials are not provided, Athera can still perform external scanning to identify open ports, running services, and basic vulnerabilities without accessing the host’s internal configuration.
Prerequisites for Public Asset Scanning
- Linux (for authenticated scans): SSH must be enabled and accessible
Windows (for authenticated scans): WinRM service running (HTTP/HTTPS)
Outbound connectivity: Target hosts must be able to reach Athera’s cloud API endpoints over HTTPS
Private / Internal Assets (via Jump Host)
To scan assets within private networks or behind firewalls, Athera uses a Jump Host. The Jump Host acts as a secure bridge: it is deployed inside the target network and communicates with Athera’s cloud. All scan traffic to internal hosts flows through this Jump Host, eliminating the need to deploy any software on internal machines.
Athera can scan internal hosts in two ways:
- Authenticated Scans: Using credentials (SSH/WinRM) to collect detailed system and configuration information.
Unauthenticated Scans: Without credentials, Athera can still identify open ports, running services, and basic vulnerabilities via the Jump Host.
Prerequisites for Jump Host Scanning
- The Jump Host must have outbound HTTPS access to Athera’s cloud
It must have network access to the internal hosts
Refer to the Jump Host Configuration Guide for detailed setup instructions