- 14 Feb 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Traceable deployment
- Updated on 14 Feb 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Traceable provides you with varied deployment options. The purpose of deploying Traceable components is to collect data from your environment. This data is sent to the Traceable Platform for further processing to detect anomalies and attacks, generate reports based on data, etc. Traceable provides you with flexible and wide-ranging options to collect data. For example, Traceable can be deployed to gather data using a mirroring agent or by deploying an agent at the edge of your infrastructure or from your application (language agents). Traceable allows you to deploy its components both inline and out-of-band. The mirroring setup would be an example of out-of-band deployment.
The following illustration, at a high level, shows how the data can be collected and where Traceable can be deployed.
Data collection journey
The data collection journey starts with deploying the following two components:
Tracing agent
Traceable Platform agent
The Tracing agent could be an agent or a policy that you deploy, for example, a policy in your API gateway like Mulesoft. The Tracing agent collects the request and response data and sends it to the Platform agent. The Tracing agent generates spans and traces, and blocks (if enabled) or allows the requests to your application server.
Traceable’s Platform agent is an agent that receives data from different Tracing agents. This acts as an aggregator of data received from the Tracing agents. The Platform agent is deployed between a Tracing agent and the Traceable Platform. It also functions to classify and redact the data. The Platform agent makes sure that no sensitive information reaches the Traceable Platform. The Platform agent gets the latest blocking rule information from the Traceable Platform and sends it to the Tracing agent. You can deploy the Platform agent using Terraform, Helm Chart, or an installation script.
Apart from the Platform agent and Tracing agent, Traceable’s Backend (SaaS) is where the data from all the agents is analyzed using Traceable’s analytics engine. The analytics engine's output is to identify attacks, anomalies, vulnerabilities, generate reports, notifications, and so on.
Note
You can deploy the entire Traceable setup on-prem also. For more details on on-prem deployment options with sizing information, contact your sales representative or send an email to support@traceable.ai.
Deployment options for Tracing agent
Edge and sidecar
You can deploy a Tracing agent at the edge of your network with a load balancer to capture the ingress or egress traffic (east-west traffic). Alternatively, you can deploy Traceable closer to your application as a sidecar for complete visibility in your traffic, that is, traffic going east-west and north-south. For example, if you have a multi-pod deployed application, deploying Traceable closer to the application helps Traceable better understand the traffic.
Language agents
You can also deploy the Tracing agent within your application using Traceable’s language agents, like Java, Go, Python, Node.js, and so on. When you deploy Traceable within your application, it captures data going in and out and across your application and traffic going to your backend services, like databases and third-party APIs. This helps you get a complete picture of how your application is behaving.
Agentless and serverless
Traceable also provides you the option to deploy as agentless, for example, as Daemonset mirroring, for PCF, etc. You can also deploy Traceable as serverless using Node.js lambda or Python lambda.
Gateways and load balancers
Traceable supports a wide range of API gateways and load balancers. For example, Apigee, Akana, Azure, CA Layer7 API gateway, Citrix ADC, etc. For a complete list of documents, see Gateways.
Note
The artifacts are signed by Traceable. The signature is publically verifiable by anyone to ensure that the artifacts are from Traceable and has not been altered in anyway while transporting it to the destination through any distribution channel. For more information, contact support@traceable.ai.
Where to start?
Start your deployment by deploying the Traceable Platform agent. For complete details on deployment, see Platform agent. After you have deployed the Traceable Platform agent, deploy the Tracing agent based on your requirements. You can visit one or more links to get the instruction set for Tracing agents: