|
NetResident consists of the three
main components: a service, a console, and agents. The picture
below illustrates a typical NetResident installation that includes
a computer running NetResident service, a console, an SQL server
with the database (all of them usually installed on the same
computer), and many agents installed on client computers on the
LAN.
The core component of the
application is the NetResident
Service. The key function of the service is to link the
components into a single system, capture network communications
that go through the computer on which it is running, receive data
from the agents, analyze the collected data, and store them in a
database.
NetResident Agents are optional system
components. They capture network communications that take place on
the computers on which they are installed. Agents are instrumental
for two reasons: They provide visibility into the traffic of LAN
computers that otherwise cannot be seen from the “central” computer
running NetResident service, and they are capable of decrypting
encrypted traffic of the computer they are running on. Typically,
agents are installed on multiple computers (one per computer), but
deploying agents is not mandatory. If you want to analyze only the
traffic that is visible to the computer running NetResident
service, and if you do not need to analyze encrypted
communications, then NetResident service is all that you need.
The NetResident Console is the only system
component that has a user interface. The console allows you to
interact with NetResident: explore the captured data, search and
filter them, change system settings, and perform many other tasks.
Normally, the console is installed on the same computer on which
the NetResident service is installed, but this is not required. You
can install it on any other computer, even in different LAN
segments, as long as the console can connect to the computer
running the NetResident service over the Internet.
The next chapter discusses deployment strategies in detail.
|
