AppSentinels Controller Deployment

The AppSentinels Controller processes API traffic from Sensors, and forwarding it to the Cloud Platform. This enables API discovery, parameter analysis, and AI/ML-driven security insights. As the first line of defense, the Controller detects and mitigates API attacks in real-time, enforcing security policies either directly or through Firewalls and API Gateways to ensure robust application protection.

Prerequisites

The following requirements must be met for deploying the AppSentinels Controller:

System Requirements

Operating System: Ubuntu 22.04 or later / Red Hat 8.6 or later
CPU: 4 cores (x86_64)
RAM: 8 GB
Disk Space: 50 GB of free space in the /var partition

Required Packages

Docker: Version 23.0 or higher
Docker Compose: Version 1.28.6 or higher (if deploying with docker-compose)

Network Connectivity Requirements

Outbound TCP Port 443 must be open in the firewall to enable data transmission to the AppSentinels Security Platform.
TCP Port 9002-9009 must be open to allow the AppSentinels Sensor/Plugin to send traffic logs to the AppSentinels Controller.
Access to Docker repositories is required to download the image. The following domains must be whitelisted:
- docker.io
- auth.docker.io
- registry-1.docker.io
- production.cloudflare.docker.com

Deployment Options

AppSentinels Controller is available as a containerized application and can be deployed in a Docker or Kubernetes environment.

AppSentinels Controller Configuration Parameters

The following table provides details of the essential configuration parameters required for deploying the AppSentinels Controller. These parameters define the controller's connectivity, authentication, and integration with the application environment.

Parameter	Description	Example
SAAS_SERVER_NAME	The fully qualified domain name (FQDN) of the AppSentinels Security Platform.	cloud.appsentinels.com
SAAS_API_KEY_VALUE	The API key used to authenticate the controller.	*******
APPLICATION_DOMAIN	The domain of the application integrated with the controller.	PartnerApps
ENVIRONMENT	The deployment environment where the controller is running.	Production or Staging

Deploying Controller Using Docker-Compose

Use the following YAML configuration:

          
version: "3.3"

volumes:
  appsentinels_onprem_config: {}

services:
  ng-edge-controller:
    container_name: appsentinels-controller
    restart: on-failure:5
    image: appsentinels/ng-controller:latest
    hostname: appsentinels-controller-prod
    environment:
      - APPLICATION_DOMAIN=<App Domain>
      - ENVIRONMENT=<App Environment>
      - SAAS_SERVER_NAME=<AppSentinels-Platform-FQDN>
      - SAAS_API_KEY_VALUE=<API-KEY>
    ports:
      - "9004:9004"
    deploy:
      replicas: 1
      restart_policy:
        condition: on-failure
      resources:
        limits:
          cpus: '4'
          memory: 8192M      
    logging:
      driver: local
      options:
        max-size: 10m
    volumes:
      - appsentinels_onprem_config:/usr/local/appsentinels-onprem/config

To deploy the controller using the above Docker Compose configuration, execute the following command in the terminal:

docker-compose -f docker-compose.yaml up -d

Deploying Controller Using Kubernetes

Use the following Kubernetes Deployment configuration:

          
apiVersion: apps/v1
kind: Deployment
metadata:
  name: appsentinels-controller
  labels:
    app: appsentinels-controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: appsentinels-controller
  template:
    metadata:
      labels:
        app: appsentinels-controller
    spec:
      containers:
        - name: appsentinels-controller
          image: appsentinels/ng-controller:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 9004
          env:
            - name: APPLICATION_DOMAIN
              value: "<App Domain>"
            - name: ENVIRONMENT
              value: "<App Environment>"
            - name: SAAS_SERVER_NAME
              value: "<AppSentinels-Platform-FQDN>"
            - name: SAAS_API_KEY_VALUE
              value: "<API-KEY>"
          resources:
            limits:
              memory: "8192Mi"
              cpu: "4"
          readinessProbe:
            httpGet:
              path: /dp-ready
              port: 9004
            initialDelaySeconds: 180
            periodSeconds: 5
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 3
          livenessProbe:
            httpGet:
              path: /dp-health
              port: 9004
            initialDelaySeconds: 30
            periodSeconds: 5
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 3          
          volumeMounts:
            - name: config-volume
              mountPath: /usr/local/appsentinels-onprem/config
      restartPolicy: Always
      volumes:
        - name: config-volume
          emptyDir: {}
---
apiVersion: v1
kind: Service
metadata:
  name: appsentinels-controller-service
spec:
  selector:
    app: appsentinels-controller
  type: ClusterIP
  ports:
    - name: http-9004
      port: 9004
      targetPort: 9004

To deploy the controller using the above Kubernetes configuration, execute the following command in the terminal:

kubectl apply -f <kubernetes-deployment.yaml>