IBM Proventia Network Enterprise User Manual - What Is Perspective?

Chapter 9: Understanding Scanning Processes in SiteProtector

124

IBM Internet Security Systems

What is Perspective?

Introduction

When you scan a group of assets, you anticipate and interpret results based on the 

location of your agent relative to the location of the assets. Scanning a group of assets from 

inside a firewall, for example, produces different results than scanning the same group of 

assets from outside the firewall. 

Perspective 

identifies network 

location

With Enterprise Scanner, you use perspective to define logical locations on your network. 

When you add an agent to SiteProtector, you assign it to a perspective that identifies the 

agent’s location on the network. When you configure a scan, you choose the perspective 

from which you want to scan the IP addresses or the assets in the group. 

Default perspective

Enterprise Scanner contains one predefined perspective—Global. If you plan to scan from 

just one location on your network, you may use the default perspective. Or, you may 

create a user-defined perspective to use instead of the default. 

Technical 

requirements 

The network location that a perspective represents must meet the following technical 

requirements: 

●

A perspective is a set of subnets from which you expect the same results from 

scanning or monitoring your network regardless of where you connect the agents 

within that set of subnets.

●

Within that set of subnets, no network traffic is blocked and no network address 

translation occurs. 

Use for distributed 

scanning

Perspective makes it possible to easily distribute the workload among multiple agents:

●

If you have just one agent in a perspective, that agent performs all the scans that run 

from that perspective. 

●

If you have two or more agents in a perspective, Enterprise Scanner automatically 

balances the distribution of tasks among the agents in that perspective. 

Flexibility

Identifying agents by perspective instead of by a specific name or IP address makes it 

easier to respond to changes in your scanning environment. If you add an agent to a 

perspective, that agent automatically shares the workload with the other agents in that 

perspective. Likewise, if you remove an agent from a perspective that contains multiple 

agents, the remaining agents continue to run the scans assigned to that perspective. In 

either case, no additional configuration is required, and there is no interruption to your 

scanning cycles. 

Use meaningful 

perspective names

The name you use for a perspective should reflect the implications of scanning from that 

location. Using the example of setting up agents inside and outside a firewall, descriptive 

perspective names would be Atlanta-InsideFirewall and Atlanta-OutsideFirewall.

Placing agents in 

the correct 

perspective

A perspective name has no inherent meaning to Enterprise Scanner. You must make sure 

that the agents you add to each perspective make logical sense there. If you add an agent 

to a perspective that is not logical for that agent, Enterprise Scanner is not able to 

determine that you have made a mistake.