We have a an "airgapped" network that is only accessible via a unidirectional data diode. UCMDB is on one side, and it's proposed that the discovery components will all exist on the other side. Now; as we can't just push discovered CIs back to the high-side, are we able to do like a file drop? i.e. perhaps all discovered CI's and relationships could be represented in an XML file which we push back to a high-side area which can then be processed and pushed into CMDB? Any ideas and thoughts around this would be much appreciated!
I am not entirely sure a server on the black side and a probe server on the red side would be functional as there is some 2 way communication between the server and the probe gateway.
I am assuming you would perform some kind of manual transfer of the discovery results, since dumping data and sending to the black side would imply a data channel the other way, which you don't have, right?
All discovery results are stored in a MySQL database on the probe server. You could consider dumping the contents of the DB and transporting it to the other side. However it would mean setting up a duplicate system on either side with host and IP identical. You can suspend transmission of results using the JMX console. That should give you enough time to dump and then either clear out the results DB or else have the probe server push to the duplicate DB as if nothing happened. Otherwise you could dump the uCMDB DB itself and import it on the black side. Would just mean a bit more data than the probe DB option.
Only certain file types are allowed from black to red, so I was thinking originally of creating an XML from the MySQL db and then possibly having a look at the XML source adapter (i.e. shoe-horning it to my requirements!) to get the CIs in on the red side. Thanks for the input though; given me some more to think about. I'll update this thread with my actions/findings.