Data Center

In a data center deployment, Cequence ASP can be deployed as a virtualized appliance or on a dedicated hardware device of the customer’s choosing, in either a visibility and awareness mode, or in full enforcement mode. In this scenario, CQAI, CQ Connect, the datastore and policy engine are deployed out of band, as a Docker Swarm cluster. The sensor is deployed so that it can receive a copy of the traffic flows for analysis and enforcement by the mitigator.

 

Data Center Deployment

 

Public Cloud

Organizations that are using service mesh or microservices architectures will commonly develop and deploy their applications as self-contained services (e.g., login, registration, shopping cart, checkout, etc.) on AWS, Google Cloud or Microsoft Azure. In these scenarios, the modular, container-based platform architecture enables organizations to bake security into their deployment lifecycle. Out of band traffic analysis and results performed by CQAI are sent back to the mitigator, which in turn, signals the traffic controller to execute policy response.

 

Cloud/Container Sidecar Deployment

 

Cequence ASP can be deployed on any public cloud platform including AWS, Google Cloud Platform and Microsoft Azure.

SaaS

In a SaaS deployment, the Cequence ASP is provisioned as a private, customer-specific “Cloud Security Pod”, in proximity to the customer’s CDN to minimize latency induced by an additional hop. If deployed in the public cloud, the customer environment would be a private, single tenant environment to eliminate any possible data privacy concerns.

 

SaaS Deployment

 

In this deployment model, the Cequence Customer Engineering team is responsible for the provisioning and ongoing operations of the solution, thereby reducing the planning and operational burden. This deployment model allows customers to avail the benefits derived from a managed service while still retaining the privacy and control that they get from a self-managed deployment.