- 08 Mar 2022
- 2 Minutes to read
Central Core Architecture
- Updated on 08 Mar 2022
- 2 Minutes to read
The Axonius central core system is a completely independent Axonius system that operates in a different mode. The central core has no adapter connections at all. Instead, it is configured to pull and download asset data that other Axonius instances (core nodes) have generated and uploaded into a storage location. The asset data contains devices and users from the recent discovery cycle on that core node.
The central core loads the downloaded asset data into a central core node, allowing you to manage the consolidated asset inventory of all the different core nodes from a single Axonius instance.
Using the central core functionality does not require any connection from/to the other Axonius instance(s). It only requires an intermediate storage location that is accessible to both systems, where the asset data resides.
Axonius supports three options for the storage of the asset data from each Axonius core node:
- AWS S3 bucket
- Azure Storage
The common use case for using the central core functionality is to deploy an Axonius core node for each business unit in the organization and to deploy an Axonius central core node. The Axonius central core node will manage the consolidated asset inventory of all the different business units of the organization from a single Axonius instance.
Data Synchronization Flow
The following flow uses Amazon S3 bucket as an example, but the same flow applies if you are using Azure Storage or SMB as the storage location.
- Upload process (on each core node)
- At the end of every discovery cycle, the core node will create an encrypted zipped assets file that contains all the users and the devices managed by that node.
- The assets file will be uploaded to the specified Amazon S3 bucket.
- The created zip assets file is deleted from the core node.
- The assets file will be created only if there are at least 15 GB available in the core node disk space.
- The assets file contains only devices and users information. It means it does not contain: adapters, dashboards, enforcements, reports, or settings.
- Download process (on the central core node) - The discovery cycle on the central core node is different from the standard discovery cycle. It does not involve correlation nor cleaning phases, but only the following:
- Save history - A snapshot of the current inventory is saved to the database, based on the Historical Snapshot Scheduling Settings.
- Download - The central core node downloads all the assets files that have not been restored in the past from the Amazon S3 bucket. The devices and users on the central core node are replaced with the restored information.
- Trigger enforcements - all enforcement sets that should run at the end of a discovery cycle are triggered.
- If no assets files are found on the Amazon S3 bucket, the data on the central core node will remain as is.
- If the central core does not have sufficient disk space to download the files, the restore process will be stopped, and the discovery cycle will be completed without restoring all the files.
- If one of the core nodes has failed to upload the asset file or the central core node has failed to restore it, data may be inaccurate.
Core Node and Central Core Node Configuration
For details, see Core Node and Central Core Node Configuration.