Deployment Architecture

The Deployment Architecture section explains different strategies for deploying assets in various network setups.

For Public Assets

Onboarding assets hosted in the cloud with static public IP addresses is straightforward with SecOps Solution. This process is entirely agentless, utilizing remote authentication protocols specific to the operating system for efficient Vulnerability Management and Patch Management operations.

1. WinRM Service: Ensure WinRM service (HTTP) is running on port 5985 on the target host machine.

2. Outbound HTTPS: Enable outbound HTTPS on port 443 for https://api.app.secopsolution.com

3. Domain Whitelisting: Whitelist necessary domains for Windows and third-party application patches (Patch Management). Alternatively, customers can use PatchVault Add-On - SecOps' patch server repository to avoid whitelisting multiple domains. Talk to our team to know more about it.

1. SSH Service: Ensure SSH service is configured and running on the Linux host.

2. Repository Whitelisting: Whitelist distribution-specific yum or apt repositories based on your device's configuration for Patch Management. Alternatively, customers can use SecOps' patch server repository to avoid whitelisting multiple domains.

For on-premise assets with static private IP addresses, create a jump host and deploy the SecOps Jump Host agent. Once set up, SecOps connects to internal private servers through the jump host for Vulnerability and Patch Management.

Pre-requisites for Onboarding Private Assets via Jump Host

1. WinRM Service: Enable WinRM service (HTTP) on port 5985 on the target host.
   
2. Network Requirements: If outbound HTTP and HTTPS are enabled on the target system, no additional network configurations are required. 
   

1. SSH Service: Check if SSH service is configured and running.
2. Repository Whitelisting: Whitelist the appropriate yum or apt              repositories based on your system’s configuration.

To onboard remote devices or endpoints that are not part of the corporate network, you can install the SecOps agent directly on the asset. This allows you to perform vulnerability management and patch management operations from your dashboard.

1. Outbound HTTPS: Enable outbound HTTPS on port 443 for https://api.app.secopsolution.com and outbound HTTPS WebSocket (WSS) traffic (port 443) to wss://socket.app.secopsolution.com
2. Windows and Linux Systems: For setup instructions, refer to the Windows Agent Setup section for Windows systems and the Linux Agent Setup section for Linux-based systems.