Logical Architecture; A.4 Logical Architecture - Novell SENTINEL 6.1 SP2 - 02-2010 User Manual

Data Access Service (DAS) Process
The Data Access Service (DAS) process is Sentinel Server's persistence service and provides an
interface to the database. It provides data driven access to the database backend.
DAS is a container, composed of five different processes. Each process is responsible for different
types of database operations. These processes are controlled by the following configuration files:
das_binary.xml: Used for event and correlated event insertion operations

 das_query.xml: All other database operations
activity_container.xml: Used for executing and configuring activity service

workflow_container.xml: Used for configuring the workflow (iTRAC) service

 das_rt.xml: Used for configuring the Active Views function within the Sentinel Control
Console
DAS receives requests from the different Sentinel processes, converts them to a query against the
database, processes the result from the database and converts it that back to a reply. It supports
requests to retrieve events for Quick Query and Event Drill Down, to retrieve vulnerability
information and advisor information and to manipulate configuration information. DAS also handles
logging of all events being received from the Collector Manager and requests to retrieve and store
configuration information.
Correlation Engine Process (correlation_engine)
The Correlation Engine (correlation_engine) process receives events from the Collector Manager
and publishes correlated events based on user-defined correlation rules.
Collector Manager
Collector Manager services, processes and sends events.
iSCALE
It is a message-oriented middleware (MOM) that provides the communication platform for all other
Sentinel processes.

A.4 Logical Architecture

Sentinel is composed of three logical layers:
Section A.4.1, "Collection and Enrichment Layer," on page 453

Section A.4.2, "Business Logic Layer," on page 456

 Section A.4.3, "Presentation Layer," on page 464
The collection/enrichment layer aggregates the events from external data sources, transforms the
device-specific formats into Sentinel format, enriches the native events source with business-
relevant data and dispatches the event packets to the message bus. The key component orchestrating
this function is the Collector, aided by a taxonomy mapping and global filter service.
The business logic layer contains a set of distributable components. The base component is a
Remoting service that adds messaging capabilities to the data objects and services to enable
transparent data access across the entire network and Data Access service that is an object
452 Sentinel 6.1 User Guide