Skip to main content
Luumen Enterprise is structured around a single agent that runs inside your environment, a set of managed hosts the agent connects to over SSH or WinRM, and the Luumen API and web application that store data and present findings. This page describes each component and how data moves between them.

Components

Luumen agent

A lightweight executable installed on your Patch server. Connects to each managed host on a schedule, collects system data, and pushes it to the Luumen API.

Patch server

A single host inside your environment that runs the agent. Must have network access to every managed host and outbound HTTPS access to the Luumen API.

Monitored hosts

The Linux and Windows hosts the agent connects to. Each host is added through the Luumen UI with its own credentials, or uses a default credential set you configure once.

Luumen API and web app

Hosted by Apiphani (Apiphani-managed deployment) or inside your environment (self-hosted). Receives data from the agent, evaluates compliance checks, ingests vulnerability data from the NVD (and SAP Security Notes when SAP is in scope), and renders the UI.

How data flows

1

Agent reads its configuration

On each scheduled run, the agent loads its local config.yaml (API endpoint, API key, optional Vault settings) and pulls its remote configuration from the Luumen API. The remote configuration includes the host list, default credentials, and schedule settings — see Agent configuration.
2

Agent connects to each host

The agent opens an SSH session (Linux) or WinRM session (Windows) to each host in its list using the configured credentials. Connections originate from the Patch server.
3

Agent collects properties

For each host, the agent runs a fixed set of read commands and queries to collect OS data, hardware data, installed packages, and any application-specific properties configured for your workspace. See What the agent collects.
4

Agent reports to the Luumen API

Collected properties are sent to the Luumen API over HTTPS using the API key in the local config. Each host’s data is timestamped and persisted.
5

Luumen evaluates checks and alerts

The platform runs every compliance check assigned to each host group, matches hosts against the NVD (via OS and packages), and updates the dashboard. For SAP workspaces, SAP Security Note matching runs in parallel.

Network direction

All traffic originates from inside your environment:
  • Patch server → hosts — outbound SSH (port 22) or WinRM (port 5985/5986) to each managed host.
  • Patch server → Luumen API — outbound HTTPS to the API base URL configured in config.yaml. No inbound connectivity to the Patch server is required from Luumen’s infrastructure.
Luumen never initiates connections into your environment. Adding the agent does not require firewall changes on your managed hosts beyond the SSH or WinRM access your team already uses.

Deployment topology

  • Agent + Patch server: inside your environment, managed by you.
  • Luumen API + web app: hosted by Apiphani.
Most customers use this model. The agent posts to a Luumen-managed API endpoint (e.g., https://ns2-api.apiphani.io/v2/api/v1), and your team accesses the web app at a Luumen-managed URL.

Where the agent fits in your operations

The agent is intentionally separate from the systems it monitors. It runs as a service on a single Patch server, queries hosts over the same protocols your team already uses for remote access, and writes nothing back to those hosts. This means:
  • No additional agent installs on production hosts.
  • No changes to firewall rules on the systems being monitored.
  • No write access required from the agent’s service user — the permissions it needs are read-only (with a small set of sudo exceptions documented in Prerequisites).
If the agent stops running, host data on the dashboard goes stale but no production system is affected.