Deployment
Various modes of deployment & setup of Haltdos appliances
Last updated
Was this helpful?
Various modes of deployment & setup of Haltdos appliances
Last updated
Was this helpful?
Haltdos platform supports a variety of deployment options depending upon customer need and infrastructure:
Offline Mode (detection only)
Read from Tap / SPAN port
Read from IPFIX, Netflow v5/v9, SFlow
Inline Mode
Transparent Layer 2 Mode
Bridge Mode
Layer 3 Mode
Out-of-Path Mode
Route injection upon attack
Supported Routing: BGP, OSFP, RIP v1/v2
In this mode of deployment, Haltdos appliance will run in detection mode only (passive / promiscuous). The device will receive traffic either via SPAN port in which the Router (or Switch) will send mirrored traffic via Span port onto Haltdos appliance for detecting application layer attacks.
In this mode, Haltdos appliance will receive mirrored traffic via Span port / Netflow / IPFIX / Sflow records periodically from Router (or Switch) for detecting attacks. Upon detecting an ongoing attack, Haltdos appliance will use configured routing protocols to re-route to traffic to iteself for inspecting and mitigating of the attack. Subsequently the filtered clean traffic will be injected back into the network for regular processing.
In this mode, the Haltdos appliances will be placed inline in the network in Transparent Layer 2 mode. The solution can be configured in Transparent Proxy mode (stateful) or Direct Server Return mode (stateless). In Transparent Proxy mode, all traffic coming in and going out of the network will pass through Haltdos appliance whereas in DSR mode, only the incoming traffic from ISP may be passed through Haltdos appliance. The solution can be flexibly changed to operate in Proxy or DSR mode without requiring any network architecture change.
​In this mode, the Haltdos appliance will be placed inline in the network. It can be configured to run in Reverse Proxy mode (in case of WAF) or as Gateway (in case of LLB / DDoS), all incoming and outgoing traffic will pass through the solution and can inspect both incoming request and outgoing responses.
The appliance can be configured in one arm mode as a reverse proxy. In one arm mode, all incoming and outgoing traffic will pass through the appliance and can inspect both incoming request and outgoing responses. All the traffic will pass through the same network interface.
The appliance can also be configured in n - arm mode as a reverse proxy. For example, when n=2 (two arm mode), all incoming and outgoing traffic will pass through the appliance and can inspect both incoming request and outgoing responses. All the communication between the client and the WAF will be handled by one network interface and the communication between the WAF and server will be handled by other network interface.
Regardless of the mode of deployment, Haltdos appliances supports high availability cluster deployment. It is a recommended practice to ensure smooth uninterrupted operations even under stressed environments. Haltdos appliances use VRRP protocol for High Availability (N+1) where one device can run in Active mode while the other devices is run in standby mode. Haltdos appliances can also be configured to run in Active-Active mode with support for cluster deployment with all appliances running in Active mode and handling application traffic while sharing information with each other at the same time.
In case of high availability deployment, Haltdos appliances need to coordinate and share data between them. This requires a central management server (Hardware or VM) that provides a GUI for operators to configure and disseminate policy across all Haltdos appliances and coordinate data sharing between them. Haltdos Central Management solution also provides multi-tenancy support incase the customers wish to have two or more clusters of Haltdos appliances that have separate policies and manage different applications. The same capability also allows customers to configure single central management for monitoring and configuring Haltdos appliances in DC & DR.
A Cluster is the physical building block that combines multiple instances that have the same set of policy deployed. Each instance in a cluster is running in High Availability (active or passive).
An Instance in hdPlatform refers to a VM / Bare-metal compute instance running the workload it is configured for by the platform. The instance can be of multiple types, running a specific kind of App. For example, an instance can be created for running the Web Application Firewall (WAF) app for a single tenant.
