Secured deployment – an introduction
This section of the cookbook provides IT infrastructure experts with the information they need to plan a secure deployment of the CAST Application Intelligence Platform.
The CAST Application Intelligence Platform (AIP) can be deployed either:
- On-site: customers purchase classic software licenses and install and operate CAST AIP on their own infrastructure.
- Managed Services: customers purchase services from CAST (or a service provider) to run analyses. They provide source code of their applications to CAST, and CAST publishes dashboards to access results.
For both of these deployments, the same secure architecture can be used, except for some specific configuration settings. For example:
- Network configuration (proxies, firewalls…)
- Authentication and security rules (datacenters, virtualized desktops, secured workstations, authentication systems…)
This document provides information about implementing the most highly secure deployment.
Secured deployment architecture summary
The following digram shows the recommended layout for the various CAST AIP components using two distinct groups: Front Office and Back Office:
These Front Office components are deployed on a specific network area (private cloud, …) which is accessed:
by consumers/Delivery Managers: all these users access resources through https and must be authenticated and have privileges on the corresponding applications. They use browser based dashboards to investigate the analysis and snapshot data or they query results using RestAPIs.
by CAST-users: all these users access resources via Client/Server (C/S) tools installed by the CAST AIP setup on a Windows machine and published as a XenApp application. The configuration is described below in Back Office.
Please see Front Office deployment.
In the Back Office, there are two groups of users that require access to the resources:
- CAST Platform Admins: Installation and upgrade of CAST components
- CAST AI Admins: Configuration of the platform to produce the results
Please see Back Office deployment.