doc.overops.com

Hybrid Deployment Overview

In Hybrid mode, data collected from your JVMs is locally redacted for PII and encrypted using your private encryption key before it is stored in a server that resides behind your firewall. The central analysis engine is only used to aggregate metrics and correlate events between different JVMs in your environment.
The on-premises storage server does not need to connect to the cloud and can be completely separate from the public internet.

In Hybrid mode data collected by the JVM agents is redacted for PII and privately encrypted before it
is stored on premise. When viewing an error analysis, information is retrieved directly into the user’s
web browser from the on premise storage server without leaving your firewall and domain.

The local Storage Server does not connect to or get accessed from the cloud and can be completely separate from the public Internet.

Storage of sensitive information only within a local network allows for compliance with data residency regulations. During error analysis, information is retrieved by the user browser directly from the local Storage Server.
The hybrid installation includes installing a Storage Server and one or more Agents behind a private network for additional privacy and compliance. By default, the communication takes place over an HTTP transport layer, in this model the objects transferred remain encrypted as they were at the Collector and get unencrypted at the browser. For additional security and to avoid browser warnings, use HTTPS for this transport to allow for server signature certification.

OverOps Hybrid Architecture

OverOps Hybrid Architecture

OverOps offers multiple layers of security to protect the privacy of the collected source code, the variables and data relating to your application. All code and variables are encrypted using the secret encryption key. This encryption is applied on the Agent/Collector by the source JVM and the code is sent to the Storage already encrypted. The code is decrypted at the browser for user display.

The code and variables are encrypted via AES 256-bit.

At startup, the Agent/Collector asks the web application where to store data, therefore, the Storage Server must be installed before the Collector/Agent to avoid having to generate a new key. For more details about OverOps security features, see:

Related Articles

On-Premises Deployment Overview
OverOps Security Protocols
Managing Data Redaction