Architecture

Standard Deployment

The following image displays the communication between components in the Standard deployment:

Standard

Connection Source and Destination Traffic Protocol Default Ports

  • Ingress Controller → Controller UI
  • Controller UI → Ingress Controller
UI Calls and Responses HTTPS 443

Agents → Ingress Controller APM Reported Data HTTPS 443

Hybrid Deployment

The following image displays the communication between components in the Hybrid deployment:

Note: In a hybrid deployment, configure agents to send traffic to the Virtual Appliance Ingress endpoint instead of directly to the On-Premises Controller. For Controller HA deployments, point agents to the Virtual Appliance Ingress and configure the Virtual Appliance to communicate with the Controller HA pair through a load balancer or virtual IP address.
Standalone Controller
Hybrid Deployment for the Standalone Controller
Controller HA with Virtual IP
HA-with-Virtual-IP-address
Controller HA without Virtual IP
Note: If you use a load balancer with a virtual IP address, make sure to open 3388, 443, 32101, 32102, 32103 ports so the Virtual Appliance can send and receive traffic. For more information, see Load Balancer Requirements and Considerations.
Connection Source and Destination Traffic Protocol Default Ports

  • Ingress Controller in Kubernetes → Controller UI
  • Controller UI → Ingress Controller in Kubernetes
UI Calls and Responses HTTPS 443

Agents → Ingress Controller in Kubernetes APM reported data / Agent traffic HTTPS 443

MySQL Service → MySQL Database of the standalone Controller

Controller Database calls HTTPS

3388

Note:
  • If you have set up the Virtual Appliance without a load-balancer or virtual IP address, the connection will not automatically switch to the active node during high-availability failover.

    Therefore, update the IP address, edit hybrid.controller.domainName and hybrid.mysql.dbhost in the global.yaml.gotmpl file after failover.

  • If you have set up the Virtual Appliance with a load-balancer (virtual IP address), enter the load-balancer's domain name and port in the hybrid.controller.domainName, hybrid.controller.port, and hybrid.mysql.dbhost sections of the global.yaml.gotmpl file.

    This domain name should resolve to the load-balancer's virtual IP address.

Standalone Controller → Kafka Service in Kubernetes Kafka Calls for Anomaly Detection and Root Cause Analysis HTTPS

32101

32102

32103

Note: Secure Application requires HTTPS/TLS connectivity between the Virtual Appliance and the On-Premises Controller. Secure Application is not supported over HTTP.