Agent Architecture
The BindPlane OP collector supports operating in two modes: Agent and Gateway. The mode is not configurable, it is implicit based on the sources configured. For example, a collector configured with the Nginx source is running in agent mode, while a collector configured with the OTLP source (receiving telemetry from multiple collectors) is running in aggregation mode.
Agent
Agent mode is used for collecting telemetry from an individual system (e.g. Database host, API server). Agents are used for collecting, processing, and shipping telemetry from an individual host to a destination. This destination may be your monitoring backend or an additional set of collectors (Gateways) which may perform additional processing and routing.
Collectors running in agent mode do not require additional configuration. Once a collector is installed, you can attach a configuration which gathers local logs, metrics, and traces from the system.
Use Cases
A collector is running in agent mode anytime it is deployed to an endpoint system. The following are examples, and do not cover all use cases.
- NGINX web server
- PostgreSQL database server
Gateway
Gateway mode is used for receiving telemetry from one or more collectors over the network, optionally performing additional processing, and routing to a destination. Gateway collectors are optional, as agent collectors can ship telemetry directly to your telemetry backend.
Use Cases
1. Isolating Backend Credentials
Instead of deploying credentials to all of your agent systems, you can keep credentials exclusively on the gateway collectors. This simplifies credential rotation and reduces the security attack surface as credentials are deployed to a subset of your systems.
2. Offloading Processing Overhead
Generally, you want your agent collectors to perform as little work as possible. If you have heavy processing requirements, it can be useful to offload that processing to a fleet of gateway collectors.
For example, instead of filtering telemetry with an expensive regex operation, you can have the gateway collectors perform that task. Generally, gateway collectors are running on a dedicated system. The processing overhead can be justified because it does not rob the compute power of other services running on the same system, unlike an agent collector that may be running on a database server.
3. Network Security
Gateway collectors could be located within a DMZ, firewalled from the internal network. You can configure your network to allow your agent collectors to forward to the gateway collectors while blocking the gateway collectors from reaching into your application network. This will allow you to send telemetry to a cloud-based backend without granting your endpoints access to the internet.
Supported Source Types
Collectors are running in gateway mode when they are configured with a source type that receives telemetry from multiple remote systems.
Gateway source examples:
- OTLP
- Syslog
- TCP / UDP
Any source type which handles telemetry from one or more remote agents is considered to be n gateway.