Enterprise workgroup deployment

The enterprise workgroup deployment is for medium to large teams in large organizations where enterprise considerations are required. This deployment works well if your organization must:

  • Comply with IT Governance and Compliance Guidelines such as clustering and load balancing web applications
  • Maximize corporate resources, such as having the database in a data center with automatic backups
  • Run components within certain firewalls, requiring some form of port-forwarding

This deployment model expects that there is a corporate LDAP Directory Server and that authentication to use AppScan® Source requires validation of credentials through the directory server. It also assumes that access to source code is available through a source control management client on the computer or the source resides on the computer, and that a defect tracking system integration is in place.

Typically, the organization automates application scans by integrating with the build process, thus requiring the deployment of AppScan Source for Automation. In this model, it is also possible that the enterprise has standardized on a database server, such as Oracle.

A common enterprise workgroup deployment would have these characteristics:

  • Security analysts and developers connect to the AppScan Enterprise Server
  • Auditors connect to the Enterprise Console component of AppScan Enterprise Server through a web browser
  • AppScan Source server components run on different computers due to IT Governance and Compliance Guidelines
    • The Enterprise Console is on a central web application server cluster that is load balanced, and the Automation Server runs on one or more build servers
    • Data Center contains a Oracle Database Server
  • Automation Server is deployed on the build systems
  • AppScan Enterprise Server communicates with the LDAP Directory Server for user authentication
  • AppScan Enterprise Server and AppScan Source clients connect to the AppScan Source Database hosted in a Data Center (and possibly requires a specific database such as Oracle)
  • Source control clients provide access to source code on all appropriate computers
  • AppScan Source for Analysis integrates with defect tracking system clients on the same computer

The following diagram depicts the deployment of the AppScan Source components in an Enterprise Workgroup environment.


Enterprise deployment flow diagram