Skip to content

On-Prem Deployment Modes

Installation Guide

Installation Guide

Single Node Installation

Single Node Installation

Managed Installation (EKS, AKS, GKE)

Managed Installation (EKS, AKS, GKE)

Security on OpenShift

Security on OpenShift

Health Monitoring (RINC)

Health Monitoring (RINC)

AWS Control Plane Installation

AWS Control Plane Installation

High-Level Architecture Overview

AccuKnox onprem deployment is based on Kubernetes native architecture.

AccuKnox OnPrem k8s components

  • Golang microservices handle streaming data (alerts, telemetry).
  • Python microservices manage control-plane services.
  • PostgreSQL stores relational data.
  • MongoDB stores JSON events (alerts, telemetry).
  • Ceph stores scanned reports, managed by Rook operator.
  • Vault stores internal and user secrets.
  • Service accounts and tokens manage authorization.
  • Horizontal and vertical pod autoscaling enabled for most microservices.
  • Resource limits are set for scaling.
  • Agents run in k8s clusters and VMs for runtime security and forensics.
  • Use eBPF and LSMs for telemetry and attack prevention.
  • SPIFFE/SPIRE handles attestation and certificate rotation.

Onboarding Steps for AccuKnox

The onboarding process for AccuKnox's on-prem security solution consists of four concise steps:

on-prem

  • Verify hardware, email user, and domain configurations.
  • Ensure your environment meets all requirements.
  • Time: Varies, allocate sufficient time for review.
  • Stage AccuKnox container images in airgapped setups.
  • Reconfirm hardware, email user, and domain requirements.
  • Time: ~1 hour.
  • Install AccuKnox system in your environment.
  • Ensure all prerequisites remain satisfied.
  • Time: ~45 minutes.
  • Confirm all steps completed successfully.
  • Validate hardware, email user, and domain configurations.
  • Time: ~1 hour.

AccuKnox onprem deployment is based on Kubernetes native architecture.