On-Premises Deployment
This section explains how to deploy and run Cyberhaven capabilities within customer-controlled cloud environments. An on-premises deployment is used when policy, data locality, or integration requirements require that components run within your cloud account while still being managed by Cyberhaven's SaaS.
The Cyberhaven on-premises solution runs on Kubernetes clusters and is compatible with major cloud providers such as Google Cloud, Amazon Web Services, and Microsoft Azure.
Architecture
The core services, including the scanner, coordinator, and workers, run in your Kubernetes cluster. The deployment securely communicates with the Cyberhaven SaaS platform for policy, keys, and telemetry. It uses your cloud storage for cache buckets, with support for GCS, S3, or AzBlob. The system uses a single, consolidated identity, such as a service account, managed identity, or role, which is a best practice.
Responsibilities
- Customer: The customer is responsible for managing the cluster's lifecycle, identity and permissions, ingress and TLS configuration, storage, and upgrades.
- Cyberhaven: Cyberhaven provides the Helm charts, container images, release guidance, and support
Operations flow
The standard operational flow for the deployment involves these key steps:
- Prepare the environment by setting up the Kubernetes cluster, identity, storage, and ingress.
- Install the solution using the provided Helm chart and configuring the values/customer-values.yaml file.
- Verify the installation by checking that all pods are running and the ingress is reachable.
- Use the helm pull and make upgrade commands to update the charts, with options to preview changes and perform a dry run.
- Monitor and troubleshoot the deployment by reviewing logs and checking status.