Introduction to HawkShield
  • Introduction to HawkShield
  • Deployment
  • On-Prem Deployment
  • Infrastructure Deployment
  • Automation Flow for Updating Services
  • Automation Flow to Update Services
  • Administrative Guide
  • Browser Protection
    • Browser Plug-In Deployment
    • User Guide of Browser Protection
  • Email Protection
    • Admin Policy Creation
    • User Guide of Email Protection (for G-Mail)
      • Connecting G-Mail Accounts to HawkShield
    • Deployment for Outlook
    • User Guide of Email Protection (for Outlook)
      • Connecting Outlook Accounts to HawkShield
  • Introduction to HawkShield DSPM
    • Capabilites
    • Analytics Dashboard
    • DSPM Connectors
      • Setting Up Connectors
      • Managing Connector
      • Connector Dashboard
    • DSPM Findings
      • File by Entities
    • DSPM Reports
      • How to Create New Report
    • DSPM Policy
      • How to Create SaaS Policy
      • How to Create DBaaS Policy
    • DSPM Incident
    • DSPM Entities
      • How to Create New Entities
      • How to Create Categories
    • DSPM Privacy Law
      • How to Create a Privacy Law
    • Data Lineage
    • Security Inventory
  • Settings
    • Add/Edit Notification Channel
    • Default Reason
    • Blocked Domain
    • Request Approval
  • Subscription
  • Logs
Powered by GitBook
On this page
  • 1. Access the StackStorm and Initiate Workflows
  • 2. Infrastructure Setup via Terraform
  • 3. Service Deployment
  • 4. Final Setup Using Python Service:

Infrastructure Deployment

Deployment Guide for HawkShield Data Security

1. Access the StackStorm and Initiate Workflows

  • Log in to StackStorm: Access the StackStorm interface by logging in through the Virtual Machine's IP address.

  • Initiate the Workflow: Enter the required credentials to start the deployment workflow.

  • Run the Workflow: Once credentials are entered, execute the workflow to trigger the infrastructure creation process.

2. Infrastructure Setup via Terraform

The deployment workflow triggers a Terraform action that automates the provisioning and configuration of the infrastructure. This includes the following core steps:

Network Setup

  • Virtual Network: A dedicated virtual network is provisioned, featuring subnets across multiple availability zones or data centers to ensure redundancy and high availability.

  • Network Interfaces: The configuration includes network interfaces for the virtual machines or nodes in the Kubernetes cluster to ensure seamless communication across required services.

  • Security Rules: Firewall and security rules are defined to control inbound and outbound traffic. These rules are configured to allow only authorized traffic (e.g., SSH, HTTP, HTTPS) to access the resources.

Add-ons & Plugins

  • Storage Integration: Necessary Container Storage Interfaces (CSI) or other relevant drivers are installed to support persistent storage integration and enable dynamic provisioning of storage for applications.

  • Cluster Add-ons: Other essential add-ons, such as monitoring tools or logging utilities, are configured as required.

Kubernetes Cluster Setup

The Kubernetes cluster is deployed and configured to handle the required workloads efficiently.

Node Deployment

A total of five virtual machines (VMs) are deployed with the following specifications for the Kubernetes cluster:

  • 4 vCPU per node

  • 32GB Memory (GiB) per node

  • Network bandwidth up to 12.5 Gbps per node

Autoscalers

  • Horizontal Pod Autoscaler (HPA): Configured to dynamically scale the number of pods based on workload.

  • Vertical Pod Autoscaler (VPA): Configured to adjust resource allocations (CPU and memory) for pods to meet performance demands.

  • Load Balancers: Load balancers are set up to evenly distribute network traffic across the deployed services, ensuring efficient traffic management and optimal performance.

3. Service Deployment

The necessary services are deployed across different environments, including

  • Managed Security Service Providers (MSSP)

  • Distributors

  • System Integrators (SI)

  • Direct customer environments

4. Final Setup Using Python Service:

A Python service is implemented to automatically store essential metadata related to the cluster in the database. The stored information includes:

  • Organization Name

  • Cluster Role ARN

  • Service Load Balancers

  • Cluster Name

By following these steps, the infrastructure and services necessary for HawkShield’s data security solution are successfully deployed, ensuring a reliable and secure environment for all users.

PreviousOn-Prem DeploymentNextAutomation Flow for Updating Services

Last updated 5 months ago