Architecture

Sections

Puppet Remediate consists of a number of components and services, each one running as an individual Docker container.



ServiceContainerDescription
Licensingremediate_licensingStores the user licensing information and is queried by the UI using the licensing API.
Ingressremediate_frontdoorThe nginx front end listening on port 8443 (HTTPS).
VRremediate_vrConnects to and retrieves host and vulnerability data from Tenable, Qualys and Rapid7.
Storageremediate_storageThe storage layer for discovered data which communicates with the remediate_gopdp container on port 5432.
Identityremediate_identityGenerates the bearer token for the default user roles: admin and viewer.
Exportremediate_exportThe export service consumes API requests from the UI on port 9200 (HTTPS) and queries the data platform on port 8082 (GRPC).
gopdpremediate_gopdpThe data platform is an ingest service implementation that processes discovered data from the edge on port 8082 (GRPC), and exposes the query API to the UI on port 8084.
Controllerremediate_controllerThe controller manages the discovery process by:
  • Authenticating each API request by validating the bearer token with remediate_identity on port 5556 (HTTPS).

  • Retrieving source and host credentials from the vault on port 8200 (HTTPS).

  • Consuming the discovery and task API requests from the UI on port 9999 (HTTPS).

  • Dispatching discovery and task commands to the edge on port 8081 (GRPC).

Edgeremediate_edgeThe edge consumes the discovery API requests from the controller and invokes each source the user adds. It discovers vulnerabilities, resources, executes ad hoc tasks on target hosts, and submits data to the data platform. The edge services consist of a set of pluggable providers that are determined by which sources are added.
Vaultremediate_vaultThe secure store for source and node credentials.
UIremediate_uiThe UI enables you to add sources, credentials, and run tasks on target hosts by initiating discovery API requests to the controller on port 9999 (HTTPS). To populate the dashboards and provide a high-level summary view of your infrastructure, the UI queries the data platform on port 8084 (HTTPS) for vulnerabilities and discovered resources.
How helpful was this page?

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.