USM Appliance Deployment Types

Applies to Product: USM Appliance™ LevelBlue OSSIM®

This section introduces the various USM Appliance components and explains the different deployment types.

USM Appliance Components

All USM Appliance products include these three core components available as hardware or virtual machines. USM Appliance All-in-One combines the Server, Sensor, and Logger components onto a single system.

USM Appliance Sensor

The USM Appliance Sensor is deployed throughout the network to collect logs and monitor network traffic. It provides the five essential USM Appliance security capabilities – Behavioral Monitoring, SIEM, Intrusion Detection, Asset Discovery, and Vulnerability Assessment – for complete visibility.

There must be at least one USM Appliance Sensor. Depending on your corporate requirements, more may be desirable. This is particularly true if you have distributed branches on subnets subordinate to the network at your headquarters.

USM Appliance Server

Aggregates and correlates information that the Sensors gather. Provides single-pane-of-glass management, reporting, and administration.

There is usually just one USM Appliance Server.

USM Appliance Logger

Securely archives raw event log data for forensic research and compliance mandates.

There is usually just one USM Appliance Logger. However, under some circumstances, two may be used. For information, contact LevelBlue Technical Support.

USM Appliance Deployment Types

You deploy LevelBlue USM Appliance in one of two ways, simple or complex.

Simple Deployment

Deploys all LevelBlue USM Appliance components — Sensor, Server, and Logger — in a single machine called USM Appliance All-in-One.

This deployment model has most applicability for smaller environments, for testing, and for demonstrations.

Complex/Distributed Deployment

This model deploys each LevelBlue USM Appliance component — Sensor, Server, and Logger — as an individual virtual or hardware machine to create a distributed topology.

This deployment model comes in two versions that increase scalability and performance by provisioning dedicated systems for each component.

USM Appliance Standard

Consists of the following

  • USM Appliance Standard Server
  • USM Appliance Standard Sensor
  • USM Appliance Standard Logger

USM Appliance Enterprise

Consists of the following

  • USM Appliance Enterprise Server — includes the Enterprise Server and Enterprise Database
  • USM Appliance Enterprise Sensor
  • USM Appliance Enterprise Logger

Note: The USM Appliance Enterprise solution is not available as a virtual machine.

LevelBlue USM Appliance deployment solutions
  USM Appliance All-in-One USM Appliance Standard USM Appliance Enterprise
User Type Small organizations Mid-size organizations Large organizations
Environment Single-tier deployment Multi-tier deployments & distributed environment Multi-tier deployments and distributed environment
Virtual Appliance x x  
Hardware Appliance x x x

For more details, see the USM Appliance data sheet.

USM Appliance Deployment Examples

This topic provides topology examples for the three USM Appliance deployment options

  • Simple deployment with USM Appliance All-in-One
  • Extended simple deployment with a combination of All-in-One and one or more Remote Sensors
  • Complex deployment for larger corporations with multiple branches