Sidecar components and communications

Q: What are the components of the Cyral sidecar, and what parts of my infrastructure do they communicate with?

A: The components of the Cyral sidecar are shown in the illustration below and explained in the text that follows.


Sidecar component interactions


Sidecar components and systems they communicate with


Component

Function

Communication Mechanisms

Interceptor

Intercepts client connections at network Layer 4


Handles TLS for client and data endpoint

TCP + mTLS with client and data endpoint


Unix Domain Sockets with Analyzer

Analyzer

Decodes data endpoint’s comm protocol


Parses request grammar


Analyzes requests


Monitors responses

In-memory library APIs with Policy Engine


gRPC with Authenticator and Alerter

Policy Engine

Evaluates requests and responses for policy violations

The policy engine contacts the Cyral control plane to load the latest policy. The sidecar sends non-sensitive reporting information to the Cyral control plane. For details, see cyral.com/docs/privacy

Authenticator

Validates users’ access tokens


Looks up SSO groups and maps to data endpoint accounts


Reads data endpoint account credentials from Vault

mTLS with Identity Provider and Vault

Alerter

Sends policy violation alerts to configured messaging service

mTLS with messaging service

Logs Shipper

Sends logs to configured SIEM

mTLS with SIEM

Metrics Shipper

Send metrics to configured APM

mTLS with APM





Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.