PCE Architecture and Components
This section describes how the PCE functions, and provides an overview of its components and how they function together.
About the PCE Architecture
The PCE has service tiers responsible for various functions.
Description of PCE Components
Tier | PCE component | Description |
|---|---|---|
Front-end | Management interfaces: PCE web console and VEN | Management interfaces include:
|
VEN events | For information, see "VEN Architecture and Components" in VEN Administration Guide. | |
App Router | Directs requests to the proper service. | |
Processing | Login | Central server for authentication. |
Agent Manager | Manages data in the policy domain, such as workload context and policy definitions. Also, manages data for all user and organization authentication and authorization, such as users, organizations, API keys, and roles. | |
Agent Traffic | Provides information about traffic to and from VENs. Serves as the service underlying Illumination. | |
Collector | Aggregates packet and traffic flow information sent from the VEN. Serves as the service underlying Illumination. | |
Audit Events | Creates an overview of auditable system events across the PCE and VENs. | |
Fluentd | Log forwarder service that forwards the flow log files received from VENs. | |
Executor | Backbone for asynchronous job execution, such as report generation and background jobs. | |
Fileserver | Central storage and retrieval for large data files. | |
Search Index | Supports auto-completion in the PCE web console. | |
Service | memcached | Open source component: in-memory cache. |
Background Jobs | Backbone for asynchronous job execution, such as report generation and background jobs. | |
Set Server | In-memory cache to aid in policy calculations. | |
Agent Traffic cache | Stores the traffic flow data and graphs for Illumination. See Agent Traffic. In the PCE architecture diagram, labeled “AT Cache.” | |
Persistence | Policy primary database and replica | Postgres database that contains all the policy and agent related data. The primary and replica databases run on separate data nodes. |
Traffic database primary and replica | Postgres database that contains all the historical traffic flow data. Traffic Explorer is backed by this datastore. The primary and replica databases run on separate data nodes. |
Management Interfaces for PCE and VEN
The following diagram illustrates the logical view of the management interfaces to the PCE and VEN.
This guide focuses on the use of the illumio-pce-ctl control script and related administrative programs on the PCE itself.
Interface | Notes |
|---|---|
PCE web console | With the PCE web console, you can perform many common tasks for managing the Illumio Core. |
PCE command line | Use of the command line directly on the PCE. The |
REST API | With the Illumio Core REST API, you can perform many common management tasks, such as automate the management of large groups of workloads, rather than each workload individually. The endpoint for REST API requests is the PCE itself, not the workload. The REST API does not communicate directly with the VEN. |
VEN command line | The |