1.4. Presentation of the GCenter
The management of the GCap probe including managing the analysis rules, signatures, health status supervision, and so on.
In-depth analysis of the files retrieved by the probe
Administering the system
Displaying the results of the various analyses in different dashboards
Long-term data storage
Exporting data to third-party solutions such as the Security Information and Events Management (SIEM) system
Sends files to the GBox for analysis and retrieves reports
1.4.1. Different server models
For more information, please refer to Mechanical characteristics of GCenter.
1.4.2. List of the GCenter inputs / outputs
Example of a GCenter server 7100/8100/9100 :
The GCenter comprises:
Inputs/outputs |
Usage |
|---|---|
USB and VGA connector |
Directly access a keyboard and a monitor.
This connection mode is deprecated in favour of KVM/IDRAC/XCC and should only be used as a last resort
|
USB connector |
Accommodates the USB key enabling disk decryption (standard Linux Unified Key Setup) |
RJ-45 connector |
Remote access to the server's management and configuration interface |
RJ-45 connector |
Management and VPN interface with GCAP |
RJ-45 connector |
Dedicated VPN interface with GCAP (optional) |
RJ-45 connector |
Interaction with external services |
RJ-45 connector |
Interaction with external services |
Two power supplies |
Redundant server power supplies |
Example of a GCenter server 9900/10500 :
Note
Although the names of the interfaces may suggest that they are specifically dedicated, it is possible to use these interfaces for other purposes via the "output interfaces" options.
Viewing these communication links is provided in the section Interconnection between devices.
1.4.2.1. Use of USB and VGA connectors
Connecting a keyboard and monitor enables direct access to the GCenter console interface.
Important
This mode is deprecated. It should only be used during initial installation and for advanced diagnosis.
1.4.2.2. Access to the server's management and configuration interface
Access to this management interface is via HTTPS:
on a Dell server, this connector is called iDRAC. It is noted on the KVM/IDRAC diagram
on a Lenovo server, this connector is called TSM: This connector can be identified by a wrench symbol on the bottom of it.
1.4.2.3. `MGMT0` and `VPN0` network interfaces
`MGMT0` and `VPN0` are connected to the network interfaces `gcp0` and `gcp1`.Function 1: remote administration through the SSH protocol with access:
To the graphical setup/configuration menu
Function 2: secure communication between the GCenter and the probe through an IPSEC tunnel in order to:
Escalate information such as files, alerts, metadata, and so on, derived from analyzing the monitored flows
Report information on the health of the probe to GCenter
Control the probe - analysis rules, signatures, etc.
There are 2 configuration possibilities:
The single interface configuration
The dual-interface configuration
In single interface configuration:
- The
`MGMT0`interface is used and connected to the`gcp0`network interface of the GCapThis interface ensures functions 1 and 2. The
`VPN0`interface is not used
In dual-interface configuration:
- The
`MGMT0`interface is used and connected to the`gcp0`network interface of the GCapThis interface ensures function 1. - The
`VPN0`interface is used and connected to the`gcp1`network interface of the GCapThis interface ensures function 2.
The purpose of the dual-interface configuration is to ensure that the management flow and the interconnection flow between the GCap and the GCenter are separated from each other.
Important
This configuration of flow separation by interface is mandatory when using the MPL mode on the GCenter.
1.4.2.4. Network interfaces `ICAP0` and `SUP0`
These two interfaces enable, if needed, communicating with services external to the solution such as:
An update server
A supervision server
An LDAP server
A log server or an SIEM
A storage server for backing up the solution
etc.