Documentation/recommendations on deployment

[Bruce]

Good morning everyone,

I am looking for documentation/recommendations on deploying Velociraptor to over 20,000 endpoints using AWS elastic load balancer. Anything you could provide would be greatly appreciated. 

[Mike Cohen]

Hi Bruce,

   Deployment guide is here https://docs.velociraptor.app/docs/deployment/

Many people are using a load balancer but this actually makes deployment more complicated, costs more and provides no benefit. So I would recommend not using a load balancer if you can avoid it.

Even with multiple frontends the clients do their own load balancing when you add a number of URLs for them to connect to.

A reverse proxy might be useful when offloading TLS encryption but you need to make sure that it disables any caching or buffering. An example is here

https://docs.velociraptor.app/blog/2020/2020-09-28-velociraptor-network-communications-30568624043a/#ssl-offloading

We generally find that when people use the cloud providers load balancer then responsiveness is much degraded due to frequent disconnections

Thanks

Mike

Mike Cohen  Digital Paleontologist,  Velocidex Enterprises E mi...@velocidex.com

On Thu, Sep 5, 2024 at 11:25 PM Bruce <bruce.s...@gmail.com> wrote:

Good morning everyone,

I am looking for documentation/recommendations on deploying Velociraptor to over 20,000 endpoints using AWS elastic load balancer. Anything you could provide would be greatly appreciated. 

--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/5824d1d6-e34f-4acc-a3d7-aa3c372ae7cdn%40googlegroups.com.

[Ken Romer]

Good Morning Mike,

Thank you for your response. I’m currently collaborating with Bruce on our Velociraptor deployment. Our company operates fully remote, leveraging ZScaler ZPA for VPN connectivity along with ZIA for internet filtering on all our client workstations. Given this setup, do you have any recommendations, best practices, or support guides for deploying Velociraptor in a completely remote environment?

Thanks for your time,

Ken Romer

[Mike Cohen]

I'm not familiar with the exact technologies you mention but generally velociraptor clients connect over the internet or internal network so they are suitable for fully remote deployments. 

If the endpoints mandate a proxy for external access you can add that to the client config files if needed. Check the config references on the website

Also take a look at the security guide to see what options are available for you to secure the deployment. 

https://docs.velociraptor.app/docs/deployment/security/

Thanks

Mike

To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/30b551e6-4c8b-4ebb-a90b-bda3cb890e67n%40googlegroups.com.