Axonius Hosted SaaS Deployment
- 1 Minute To Read
In SaaS deployments, Axonius is deployed on an AWS EC2 instance that is fully separated from other customers’ environments. The AWS EC2 instance can be hosted on any of the available Amazon EC2 Regions, and is automatically backed up to allow restoration in case of failure.
How It Works & System Architecture
To aggregate and correlate asset data, Axonius securely fetches data from your IT, Security, and business solutions using pre-built integrations with hundreds of security and management solutions, known as adapters.
Since the Axonius SaaS instance resides in the cloud and is not part of your organization's internal network, you must install the Axonius Tunnel to connect to adapter sources that are only accessible by an internal network. The Axonius Tunnel enables you to establish a secure link between an internal network and the Axonius SaaS instance.
Axonius fetches data on periodic and custom discovery cycles from configured adapters. During these discovery cycles, the Axonius Tunnel is used as a VPN to pull asset data from the sources of the adapters that are part of your organization’s internal network.
The Axonius Tunnel is a container that is installed on an on-premise server you provision that can access to the internet via TCP port 443 from the Tunnel server either by direct connection or by HTTPS proxy. Once the Axonius Tunnel is installed, it initiates a connection from the on-premise container to the Axonius SaaS instance. After this connection is established, bi-directional communication is enabled on the top of that Tunnel, using the VPN protocol.
To connect adapters that are accessible to the internet, such as other SaaS solutions, configuring and installing the Axonius Tunnel is not required.
Hardware requirements for the Axonius Tunnel server:
- An Intel x86 based architecture processor
- At least 1 GB of free disk space
- At least 1 GB of RAM dedicated to the tunnel container
For more details on adapters and enforcement actions, see: