ObserveIT Architecture:
Monitor Remote Access and Local Access
Overall Architecture
ObserveIT is a software-based user auditing platform, with no fixed hardware components:
Data Storage: File System and Database
ObserveIT can store visual screen data in either file-system storage or SQL database storage. Using file system storage is desirable when database management and performance requirements call for reduced SQL database sizing. In this scenario, SQL Server is still used for metadata and configuration data, but the actual screenshot images are stored in a file system directory structure, which is fully managed by ObserveIT.
Deployment Options
Standard Agent-based deployment (Servers and Desktops)
The standard method of deployment involves deploying the ObserveIT agent on each machine to be monitored.
An agent is installed on each machine that is being monitored, which captures activity on the machine and feeds the video / log data to the management server.
Jump Server Gateway
In this scenario, the ObserveIT Agent is only deployed on a gateway machine. Users are routed via this gateway, and thus ObserveIT still records all user sessions in which the user connects through to another target machine via RDP, SSH or other protocol.
ObserveIT does not record any user session in which a user logs on directly to the target machine (via local console login, or via direct RDP/SSH/etc. window that isn't routed via gateway.) Also, the amount of textual metadata captured is less than for full agent deployment, due to the fact that the ObserveIT Agent on the gateway does not have access to OS specific info on the target machine. (ex: Cannot see the name of a file opened within an RDP window.)
Outbound Jump Server Gateway
The Jump Server Gateway architecture described above can also be used for environments in which remote users need to access multiple external resources. (For example: A Managed Services Provider that needs to support multiple customers and wants to record and audit all the actions performed by the support employees.
The architecture is essentially the exact same as above, with the only difference being the location of each resources. (The Terminal Server would not be on same network as the target machines.)
Citrix Server for Published Applications
The ObserveIT Agent can also be deployed on a Citrix Server, in order to record all activities that take place within Published Applications served up by the Citrix machine.
Hybrid Deployment: Agent-based + Gateway
ObserveIT's allows you to deploy any combination of these architectures simultaneously. A gateway can be used for full network coverage, providing an audit of all activities for the majority of users who are routed via the gateway. Then, agents can also be deployed on specific sensitive servers that require a more detailed audit, including any logins performed by highly-privileged users who have direct access to the machine.
