Skybox Technical Fundamentals series

Skybox
Architecture
Agenda
Architecture of the Skybox
platform
The Manager
The Server
The Collector
Modules and connections

2
Skybox Architecture

3
Skybox Manager (the “Classic” GUI)
• Traditional application called Skybox Manager
– Developed in Java, brings its own runtime
• Supported on Windows only
• One instance for ‘Security Policy Management’,
and another for ‘Vulnerability and Threat
Management’
• No limitations on how many Managers can
connect to the same Server
• Multiple versions of the Manager can be
installed on a single computer (to talk to multiple
server versions)
• Connects to Server over port 8443/TCP (by
default)

4
Skybox Web UI
• Interface based on HTML5 and Javascript
• Supported on most modern browsers, on any
platform
– IE and Safari are not supported, regardless of the
platform
• Connects to Server by default over port
8443/TCP (same as traditional GUI)
• No limitations on how many clients can connect
to the same server

5
Skybox Server
• The Skybox Server is a J2EE process running
on a dedicated machine
– Nowadays it’s often a VM
– A range of Hardware Appliances available

• The Server embeds the DBMS engine

– Currently the DBMS is a MySQL instance
– Totally controlled by the Skybox Server
– No direct communication to the DB is allowed
• The MySQL process only binds to the loopback
interface

6
Server Options

Installation Options Requirements

.iso file Minimum system requirements:
• VMWare installation
• Deploys native Virtual Appliance • CPU: 8 Cores
• Will run CentOS 7 • RAM: 32 GB
• Disk: 500 GB
.bin file
• RHEL 6/7, CentOS 6/7
• Installs the Skybox Software only Large deployment requirements:
• Binary installer, silent or manual install
• CPU: 16 Cores
.exe file • RAM: 128 GB
• Standard Windows installer • Disk: 1 TB
• Installs the Skybox Software only
• Windows 7/8/10/Server 2012

7
Server Hardware Options

• Server class, Intel-based, 1U server

• Manufactured by Patriot Tech
• .iso image pre-loaded
• All software updates – both OS and Skybox
software – provided by Skybox Support
• Several models
– 7000: 64 GB RAM, 8 thread CPU
– 8000: 256 GB RAM, 16 thread CPU
– 8050: 512 GB RAM, 16 thread CPU

8
Skybox Collector
• It’s the dedicated process for connecting to external sources
and importing data
– The actual connection depends on the target technology
– Uses a range of protocols, from SSH to REST APIs
• Basic deployments have Server and Collector on same
machine
• Use cases for multiple collectors:
– Scaling for large networks
– Scaling for syslog
– Geographical reasons (latency)
– Security zones
• Server > Collector communicate over port 9443/TCP (by
default)
– Communication is always initiated by the Server

9
Skybox Collector

Installed the same way as Server

• It has the same deployment options
• Only difference, server components are turned off

System requirements (recommended):

• CPU: 8 cores
• RAM: 32 GB
• Disk: 500 GB

A Collector might need (much) more disk space in

some situations, e.g. when used to receive and
process firewall traffic logs.
10
Tiered Architecture
Main Logical Layers

Analytics
Network path analysis, hotspot analysis
Scanless vulnerability discovery, Policy compliance
Attack simulation, change impact analysis

Modeling Skybox
Comprehensive model of network, Skybox
Vulnerability
endpoints, business assets, threats Vulnerability
Database
Database

Data Firewalls Patch data Asset grouping

Collection Layer 3 devices Vulnerabilities Threat intelligence

11
Software Components
Java Swing HTML5
Browser
GUI Client
Client (Windows, Linux)
Web Client
(IE, FF, Chrome)

FA, NA, CM,

HTTPS SPM, HTTPS
VC
Skybox Certification Engine VTM

8443/TCP 8443/TCP
3rd Party
MySQL J2EE:
Server Reporting Engine e.g. Helpdesk,
Database Jboss
Dashboard

Web Services / Files

HTTPS iXML Exch

Collector 9443/TCP J2EE Tomcat Perl Script

12
Thank you!

13