Communication

Secure Communication and Traffic Management

  • Communication between the Manager and all Sites is SSL encrypted to ensure secure data transmission and effective management.

  • The API gateway endpoint is reserved for exchanging control data and API requests from users and Sites, ensuring optimal performance and service level agreements (SLAs).

  • The Ingress controller, integrated into the Manager, functions as the primary entry point for all requests, encompassing APIs, logs, and metrics. Requests are directed either to the API gateway or the Metric server depending on the path. Additionally, the Ingress controller serves as a load balancer, distributing incoming traffic effectively.

Data Sent from Site to Manager

Customer logs are processed local to an Observo Site and are not transmitted to Observo Manager, ensuring data remains within the customer's environment. Observo Site service logs and metrics are transmitted for analytics, monitoring, and debugging purposes.

Below is an itemized description of data sent out from a Site to Observo Manager:

  1. Service logs & metrics: The data sent to the Observo Manager includes service logs and metrics related to data processing and cluster health, which are specific to the operation of the Observo services within the Site. These metrics provide customers with insights into their data processing pipelines, such as CPU and memory consumption, processing statistics, and Site health.

  2. Log patterns and insights: Observo extracts patterns and insights from the source logs for each source that a customer creates. These patterns are then transmitted from the Agent to the Manager. The log patterns enable customers to obtain a comprehensive view of the most frequently occurring patterns in their observability data and can be leveraged to establish noise reduction policies.

As mentioned earlier, all data sent between the Site and Manager is encrypted using TLS. This ensures that no MiTM attack is possible and ensure secure communication between Site and Manager.

Data Sent from Manager to Site

The Manager functions as a control plane for customers and is accessible through a web interface. Customers can utilize this platform to create new Pipelines, add Sources/Destinations, and gain insights into data processing. The updated configuration resulting from customer actions on the Observo Manager is transmitted to the customer's Site via an API poll initiated by the Site, querying the Manager for any changes. This way, the Site's configuration can stay up-to-date with the customer's desired setup.

Endpoints

Applicable for Hybrid Deployment

Observo Agent and Observo Manager communicate with each other to share control data such as configuration updates, notifications, and metrics. Additionally, the deployment of the Observo Site requires Docker images to be pulled from AWS ECR (note - if your organization uses a private repository to host Docker images, please reach out to us). More details on what data is exchanged can be found in the section on Data Flow. The customer’s network must permit outbound traffic to the following addresses to enable this exchange.

  • p01-metrics.observo.ai:443

  • p01-logs.observo.ai:443

  • p01-api.observo.ai:443

  • p01-proxy.observo.ai:443

  • p01-auth.observo.ai:443

  • public.ecr.aws:443

  • *.cloudfront.net:443

PreviousData SecurityNextData Reliability and Scalability

Last updated

Was this helpful?