The CloudSphere SaaS (CAM) solution uses an appliance (a VM) deployed inside the customer estate to perform the scanning operations and return the scanned data to the SaaS platform to make it available to the CAM UI.
For those customers who are interested in the expected traffic flow across firewalls between the appliance and the SAAS solution, this article provides exemplars of the network traffic to be expected. This article specifically excludes all traffic flows within the estate (i.e. Appliance scanning operations of the estate target servers) and focuses only on traffic that flows to the external SaaS environment.
Example System Definition
The example used to generate traffic flow from the appliance to the SaaS solution is described as follows:
A single appliance is installed in the customer estate
A total of sixty (60) in-house devices were identified during the scan operation (and the description of these devices generates the bulk of traffic to the SAAS platform)
The traffic capture is based on packet traffic between the Appliance and the SaaS solution. The specifics of what data is transferred within the packets is ignored.
Directional Totals (Packets/Bytes/Average Bits Per Sec)
The following diagnostics identify the total packet flows between Address A (SaaS Platform) and Address B (Appliance) in the example. The total traffic exchange is: 314KB with outbound traffic (directed to the SaaS Platform) generating 287KB of this total traffic.
Traffic Flows (Bytes/10 Secs)
The following graphs identifies the peak data flow over time. In the example, the maximum data flow in a specific 10-sec period is ~35KB. The graph identifies outbound packet traffic on the green line; the inbound packet traffic is identified by the red line and the total is in blue. This diagram also identifies that the network traffic is composed of spikes of network traffic and troughs of low bandwidth usage. This is typical of a scanning operation.