[CLOSED] PCSM Connection Broker Mechanism

Container for RESOLVED incidents, queries SOLVED by the experts, EXPIRED topics or those that have been CLOSED by the users.
Locked
User avatar
unyu123
Registered user
Registered user
Posts: 35
Joined: Mon, 06 Jan 2014, 06:24
Location: secret

[CLOSED] PCSM Connection Broker Mechanism

Post by unyu123 »

hi all,

I had read an article about PCSM Connection Broker and I wondering with connection broker mechanism.
This article said that every 90 seconds, PCSM Agent communicating with PCSM Server.
Let say i had 1000 machine in my company with PCSM Agent installed in every single node, and all of them had full internet access.
- Then how this connection broker work? Which node that designated as connection broker and how many nodes are set as connection broker?
- If I set a single node as local cache, is that node will have a role as connection broker for the entire network?
- Fyi, in my case every 90 second, my PCSM agent use 1-2 KB and sometimes strike to 30 KB (upload+download), thats mean every single day (approx. about 960 times) my agent consume about 1 MB. Multiple with whole network, at least 1 GB/day.. geez.. :o :o So how much this connection broker affected to my bandwidth consumption? and is there any tools that can measure PCSM bandwith consumption and make sure that the traffic is routed to the connection broker before using public traffic?
- Last question, what is covered in this "every 90 second" message? Only keep alive message from its machine or also include message from the other agent in the same network? Can I configure this interval?


I'm sorry about ton of questions but I was wondering something,


Happy Monday! Cheers.. :D



..:: Matur Nuwun ::..
icikiprit~~
User avatar
unyu123
Registered user
Registered user
Posts: 35
Joined: Mon, 06 Jan 2014, 06:24
Location: secret

Re: [ask] PCSM Connection Broker Mechanism

Post by unyu123 »

helloooooo,

it's been a month since I post this thread, but nobody nobody but me :D

can anyone gimme some idea?
icikiprit~~
Bones
Official moderator
Official moderator
Posts: 13
Joined: Tue, 03 Apr 2012, 19:09

Re: [ask] PCSM Connection Broker Mechanism

Post by Bones »

Hi Unyu123,

Quite a few questions there so I'll try my best in answering them :)

First off regarding the "Connection Broker", the broker is determined by it's Node score which is defined by several variables. The higher the score the high the ranking it get's to be used as a broker. I believe each broker can service around 250 nodes per CPU , if a Broker goes offline then another is delegated automatically for the job. See What is a Node Score? http://www.pandasecurity.com/enterprise ... ?id=300147

Any device can be set as a Local Cache and will not necessarily also be a Broker (depending on it's score)

As for the total traffic question, that's a tough one to really calculate as it's highly dependent on number of Brokers in use and also what else might be being communicated. Typically the 90second heartbeat reports back it's online status as well as any triggers for monitoring policies set, if you have the facility to do so you could monitor the traffic destined for the CS platform to get some idea of the data.

The Agent, Broker, Local Cache, local hand-off (when trying to remote onto machines on the same LAN) attempt to work in the most efficient/optimized way to ensure that performance isn't hindered for the user or business whilst maintaining continued operation in dispersed environments.

Some other articles that might be of interest:

How to control agent updates in Panda Cloud Systems Management http://www.pandasecurity.com/enterprise ... ?id=300153
What is Peer sharing in Panda Cloud Systems Management? http://www.pandasecurity.com/enterprise ... ?id=300152


Hope that helps a bit.
User avatar
unyu123
Registered user
Registered user
Posts: 35
Joined: Mon, 06 Jan 2014, 06:24
Location: secret

Re: [ask] PCSM Connection Broker Mechanism

Post by unyu123 »

thanks in advance for the enlightenment Bones, it helps alot, apreciate it :D

but there's still grey about total traffic, because bandwidth is just like a gold in my country :mrgreen: :lol:
I using SeriousBit Netbalancer to measure every PCSM agent bandwidth consumption, it said 1-2 KB every heartbeat (-+ 90 second), but I dont know the traffic goes to the connection broker or directly goes to PCSM Server. Is there any useful tools to view exactly where my traffic goes to? anyone? :D


cheers~
icikiprit~~
Davy
Official moderator
Official moderator
Posts: 8
Joined: Wed, 03 Apr 2013, 10:48

Re: [ask] PCSM Connection Broker Mechanism

Post by Davy »

Hi Unyu123,

U can use these tools for network monitoring and packet capturing:

http://www.wireshark.org/download.html

http://www.netresec.com/?page=NetworkMiner

Sincerely,

Davy Paridaens
Panda security Corporate Support
Bones
Official moderator
Official moderator
Posts: 13
Joined: Tue, 03 Apr 2012, 19:09

Re: [ask] PCSM Connection Broker Mechanism

Post by Bones »

Hi,

No worries.

Using Netbalancer is a great way of monitoring traffic, Wireshark would give you a bit more detail at a lower level.

Here's an article that provides a list of "destinations" being used by the agents themselves. Maybe using either your permeter gateway or Wireshark you can monitor the local agent to confirm where it's heart-beating too.

http://www.pandasecurity.com/enterprise ... ?id=300126

You can see if your connected to a broker by opening the agent from the system tray, and reviewing the "CS Connection" the same data can be located in the log.txt file in the PCSM's program directory.

If you want to "force" via a broker, you could always omit gateway and DNS settings from the local machines but this would also break web browsing etc :)
User avatar
unyu123
Registered user
Registered user
Posts: 35
Joined: Mon, 06 Jan 2014, 06:24
Location: secret

Re: [ask] PCSM Connection Broker Mechanism

Post by unyu123 »

Hi there,
been trying wireshark, and I can see clearly UDP 13300 goes to local network (with filter), and doesnt seen any 13229 TCP/UDP or 13300 TCP connections. it it correct? capture it for about 2 minutes.

from the log.txt, how to indicate that the connection goes to my local machines? the log file that containing CS just saying about:
- Sending request to CS - loggedindevices
- ? CS 01sm-cc.pandasecurity.com
- Sending request to CS - ping
- Connected to Cs server


thanks,
icikiprit~~
Locked

Return to “SM - Archive Issues”