Enterprise workgroup deployment

The enterprise workgroup deployment is for medium to large teams in large organizations where enterprise considerations are required. This deployment works well if your organization must:

  • Comply with IT Governance and Compliance Guidelines such as clustering and load balancing web applications
  • Maximize corporate resources, such as having the database in a data center with automatic backups
  • Run components within certain firewalls, requiring some form of port-forwarding

This deployment model expects that there is a corporate LDAP Directory Server and that authentication to use AppScan® Source requires validation of credentials through the directory server. It also assumes that access to source code is available through a source control management client on the computer or the source resides on the computer, and that a defect tracking system integration is in place.

Typically, the organization automates application scans by integrating with the build process, thus requiring the deployment of AppScan® Source for Automation. In this model, it is also possible that the enterprise has standardized on a database server, such as Oracle.

A common enterprise workgroup deployment would have these characteristics:

  • Security analysts and developers connect to the AppScan® Enterprise Server
  • Auditors connect to the Enterprise Console component of AppScan® Enterprise Server through a web browser
  • AppScan® Source server components run on different computers due to IT Governance and Compliance Guidelines
    • The Enterprise Console is on a central web application server cluster that is load balanced, and the Automation Server runs on one or more build servers
    • Data Center contains a Oracle Database Server
  • Automation Server is deployed on the build systems
  • AppScan® Enterprise Server communicates with the LDAP Directory Server for user authentication
  • AppScan® Enterprise Server and AppScan® Source clients connect to the AppScan® Source Database hosted in a Data Center (and possibly requires a specific database such as Oracle)
  • Source control clients provide access to source code on all appropriate computers
  • AppScan® Source for Analysis integrates with defect tracking system clients on the same computer