Secure Tenancy is planned to be End-of-Life at the end of 2022 in favor of built-in security enhancements. Existing customers using Secure Tenancy will continue to be supported on Honeycomb Classic until this time.
The following sections detail the recommended infrastructure components and their configurations for Secure Tenancy.
If you use one load balancer, Honeycomb will use it for both encrypting and decrypting data. You may use two load balancers to separate the encryption and decryption paths.
Configure the load balancer(s) with a signed certificate from a Certificate Authority, to serve as the entry point for encryption and decryption.
Configure these instances to allow incoming traffic from applications on the internal network(s) where they are running and so that end users can access the endpoint when tunneled in to the company VPN.
The domain name and SSL certificate should be publicly resolvable, but the endpoint can be on a non-publicly-routable IP accessible from within the VPN.
Your load balancers must support gRPC connections if you intend to use OpenTelemetry SDKs to instrument your applications.
The aforementioned load balancer will forward traffic to these. If possible, place the servers in separate availability zones.
The database should not be accessible by any programs other than the secure proxy.
Here is an example configuration using AWS technology:
If you are planning to deploy using a higher level platform, such as OpenShift, Mesos, Kubernetes, and so on, please contact your Honeycomb representative to get additional, more specific guidance for your platform.
If you plan to use Kubernetes, the Helm guide details the recommended deployment options for Secure Tenancy infrastructure and Kubernetes.
Did you find what you were looking for?