Running VividCortex Via An HTTP Proxy

Posted by Baron Schwartz on Dec 1, 2014 2:57:00 AM

Many of VividCortex’s customers have strict policies about Internet access from and to their database servers. As a longtime consultant who worked on many servers that lacked a direct connection to the Internet, I anticipated this. Since the beginning, VividCortex has been designed to work in deployment scenarios without requiring direct Internet access, and requiring no inbound access at all.

HTTP_Proxy

At the same time, the best way to trust what an agent-based system is sending off your servers is to inspect it. But VividCortex is designed for end-to-end encrypted access; our APIs are 100% JSON over HTTPS, with no non-HTTP access permitted anywhere on any of our web properties. How can a customer inspect the traffic from agents to APIs if it’s encrypted?

It turns out that an HTTP proxy is the solution to both of these situations. You simply configure the agents to talk to the proxy, and the proxy relays traffic from and to the API.

First, in cases where database servers lack direct Internet connections, our agents are designed to run through an HTTP proxy transparently. They respect the standard http_proxy and https_proxy environment variables; they can also be instructed to use a proxy with the configuration file. This means that simple, conventional processes can be used to download, install, and run the agents. It’s literally as simple as setting the environment variable and then proceeding as normal.

Secondly, if you want to inspect the API traffic, you can point the agents at an unencrypted proxy, terminating the proxy-to-API encryption at the proxy and leaving it plaintext between the agent and proxy. Then you can snoop or log the traffic for inspection. If you are concerned about other aspects of the agents’ performance, we’ve built in several ways for you to inspect what they do. We’re happy to walk our prospective customers through that if appropriate.

To learn more about how we make installation easy and secure, read our documentation on installation and configuring. You can also read more on how we encrypt data in-flight and at-rest to keep all data secured at all times against a variety of attack vectors.

Pic Cred

Recent Posts

Posts by Topic

see all