Last update:
Last verified version: AAC 4.4.3
ASGARD deployments are planned by network segments rather than by AD domain or sub-domain, and one Management Center can centrally manage all servers and clients across all domains and IP ranges via the ASGARD Agent over HTTPS.
Network vs domain segmentation
-
ASGARD Management Center scales up to roughly 25,000 endpoints, so a single instance is typically sufficient for environments like 100 servers and 500 clients, regardless of how many domains or buildings/IP ranges exist.
-
Endpoints connect via the ASGARD Agent over TCP/443 using the FQDN. Domain membership or AD structure do not restrict management, as the agent runs with system privileges.
Assigning Management Centers to segments
-
Segmentation typically involves placing different Management Centers in separate network zones (for example, a DMZ ASGARD and an internal-network ASGARD), each managing the endpoints in its segment.
-
Multiple ASGARD Management Centers can be linked to a single Analysis Cockpit, allowing centralized analysis while preserving network separation of control planes.
Cockpit and MC relationships
-
Each ASGARD Management Center links to one Analysis Cockpit, while one Analysis Cockpit aggregates data from multiple Management Centers (n-to-1).
-
The product and licensing model does not distinguish clients from servers at the Management Center level; separating "client vs server" requires logically or physically separate ASGARD and Cockpit instances, not just configuration.
Different Cockpits for network segments
-
To operate separate cockpits for clients and servers, you need two distinct environments: one ASGARD and one Cockpit for servers, and one ASGARD and one Cockpit for clients.
-
Licensing is per instance: each ASGARD Management Center and each Analysis Cockpit requires its own valid license file and cannot share a license across multiple instances.