RCS system architecture

Introduction

RCS is installed at the operating center and proprietary authority's tapping rooms. It can come with special devices (hardware and software) installed at remote organizations such as Internet providers or remote servers.

Architecture layout

Software components are installed on several server. The architecture layout is provided below:

RCS architecture: logical layout

Architecture components

Architecture components are provided below:

Component Function Installation
Agent

Software bugs tap and communicate the investigation target's data and information to an Anonymizer.

  • target devices
  • data sources

Anonymizing chain

Anonymizer

Geographically distributed Anonymizer groups that guarantee Collector anonymity and redirect collected data to protect servers from remote attacks. Transfers agent and Network Injector data to servers. Several Anonymizers can be set up in a chain to increase the level of protection. Each chain leads to one Collector.

VPS (Virtual Private Server)
Collector

One per Anonymizing Chain. Three services are installed in each:

  • Collector: collects agent data sent to the last Anonymizer in the chain and Network Injectors sent to the set Anonymizer.
  • Carrier: sends data to Shards and Master Node
  • Network Controller: receives Anonymizer status and logs and sends them updates and new settings.

It requires a single license.

one or more servers in front end environment
Firewall

Optional but highly recommended, it protects the trusted environment (where data is processed and saved) from the untrusted environment (where data is collected).

RCS server
RCS console

Setup, monitoring and analysis console used by operating center workers.

  • RCS server
  • internal network
Master Node

Heart of the RCS server, it manages data flows, component status and includes the first Shard database. It includes Worker service to decode data before it is saved to the database and Monitor service to monitor all architecture components, including Master Node and sends e-mail in the event of alarms.

RCS server
Network Injector

(optional) Fixed hardware component (Appliance) or notebook (Tactical), it runs sniffing and injection operations on the target's HTTP connections. Communicates with the Collector via an Anonymizer (and its chain) to send data and receive rules and settings.

  • ISP
  • Wired or Wireless LAN (homes, hotel)
Shard x

Additional RCS distributed database partitions. Shard 0 is included in Master Node. It includes Worker service to decode data and enter it in the database.

one or more servers in back end environment
Target

Investigation targets. Each device owned by the target is a data source and can be monitored by an agent.

-