...
Breeze runs as a scheduled task on Windows and Linux hosts every 15 minutes. Breeze agent Agent retrieves list of plugins to execute from the Breeze server Server and then executes these plugins every time it runs. Each plugin includes additional logic.
Breeze Server
Is Breeze Server is part of the CMDB and acts as a classifier to Breeze Agents agents by returning the list of the Breeze Plugins plugins available for each Breeze Agentagent. Breeze Server also acts as a certificate authority by issuing, revoking and verifying certificates used for server agent communications.
...
There is a bi-directional authentication between Breeze Agent and the Breeze Server. First Breeze Agent must present a valid certificate signed earlier by the Breeze Server. If the agent authenticated successfully, Breeze Server also presents its own server certificate and the agent has to match it to the certificate that has been included with the installer. Pair The pair can continue to communicate only if both certificates have matched and both parties have authenticated each other successfully.
...
All operations between Breeze Agent and Server are additionally cryptographically signed to ensure data and request authenticity and eliminate man-in-the-middle attacks where an attacker can modify plugin code, add new plugins or alter plugin execution response.
...
Extensive logging is enabled by default on the Breeze serverServer. All agent communications are logged and stored for 18 months. Agent supports 3 levels of logging verbosity which can be configured in agent.conf.
Change Control
Cloudaware maintains separate version for each Breeze Plugin, Breeze Agent Installer and Breeze Server. We cryptographically sign each new version of Breeze plugin and the agent. Cloudaware maintains separate teams with isolated privileges and responsibilities in order to ensure secure operation and distribution of Breeze software.
...
Agent can run on the operating system either as root or under specific identity selected by the user. However if customer wishes to use Breeze Agent to deploy security plugins, the agent must run under root or Administrator privileges. For discovery purposes alone, Breeze agent Agent does not need to operate under root.
...
In order to build better transparency and trust between software vendor and customer, Cloudaware does not ship any binaries. Customer can review all the code for the installer, agent and plugins. Customers can additionally request read-only access to the breeze server Breeze Server software as well.
Directory Structure
...