1. Home
  2. Docs
  3. Administrator’s Guide
  4. GUARDARA Architecture

GUARDARA Architecture

This page discusses the architecture of GUARDARA, the deployment options and considerations.


GUARDARA is a multi-user testing platform that is made up of the following key components.

Component Description
Manager The user interface that allows running tests, viewing test results and managing the entire testing infrastructure. This interface is supported by a set of microservices forming the API that can be used to automate tests and to integrate GUARDARA with automation frameworks and into CI/CD pipelines.
Engines The Engine is a service responsible for performing the tests configured via the Manager. Each Engine is capable of testing one or more targets.

A GUARDARA deployment consists of a Manager and one or more Engines. The Manager Deployment page provides guidance how to install GUARDARA Manager, while the Engine deployment instructions can be found on the  Engine Deployment page.

Deployment Options

Single-host Deployment

It is possible to deploy GUARDARA Manager and an Engine on a single host. This setup is suitable for security consultants providing services to their customers. The installer script deploys GUARDARA Manager and an Engine (built-in Engine) on a single host. Please refer to the Manager Deployment page to learn how to deploy GUARDARA Manager.

The built-in Engine is running within one of the Docker containers shipped with GUARDARA Manager. While having this Engine pre-configured allows new users to get familiar with GUARDARA without having to deploy an (external) Engine, it is configured to refuse to run tests. Therefore, users must deploy an external Engine in production environments. Please refer to the Engine Deployment page for more information.

Even with a single Engine deployed it is possible to test multiple targets at the same time. The test targets can be applications and services deployed locally or remotely.

Distributed Deployment

A distributed deployment is suitable for enterprise organizations with products across multiple test labs or networks. Test labs or networks can each have one or more Engines deployed to run tests, managed from a central location, the Manager.

In a distributed deployment scenario users or some sort of automation (e.g., CI/CD pipeline) interact with a central deployment of GUARDARA Manager either via the user interface or the API. The Engines deployed in the different test labs/networks connect to the Manager via an encrypted (TLSv1.2) WebSocket connection. The authentication between the Manager and Engines is based on mutual certificate validation.

For such a distributed deployment to be functional, any firewalls must configured appropriately. The table below discusses the different network connections required by GUARDARA.

Source Destination Port Number Protocol Description
GUARDARA Manager licensing.guardara.com 5000 HTTP over TLSv1.2 Only required when activating a GUARDARA license.
Users / Automation GUARDARA Manager 8443 HTTP over TLSv1.2 Access to the user interface and the API.
Engines GUARDARA Manager 8444 WebSocket over TLSv1.2 Communications channel required so that GUARDARA Manager can communicate with the Engines.

In addition to the above, the connection between the Engines and the test targets should be set up as appropriate for the environment.

Once the network is ready for GUARDARA, the installer script can be used to deploy GUARDARA Manager. Please refer to the Manager Deployment page to learn how to deploy GUARDARA Manager.

Similarly to the single-host deployment, the administrator must deploy an external Engine to run tests. Please refer to the Engine Deployment page for more information.

Was this article helpful to you? Yes 1 No