Since you are installing software onto your servers, security is extremely important. We have a number of features, safeguards and architectural decisions that were made with security in mind. These are outlined below:
- All our agent source code is open source and freely available so you can browse and see exactly what is running. If you prefer, you can run the agent direct from source rather than our prebuilt packages.
- Our packages for Linux installed via yum/apt are provided through the OS package distribution system which means you have full control over updates and everything is digitally signed just like any other package you have installed. This allows you to ensure the integrity of the agent.
- The Windows installer is also digitally signed with our Microsoft Code Signing Certificate.
- The agent only ever communicates one way - from your server to us. No data is ever sent from us to your server.
- By default, all communication is via outbound port 443 over HTTPS, so is SSL encrypted. You can change the agent to post over non-SSL encrypted HTTP through port 80 if you need to.
- If you use our manual installation on Linux/FreeBSD/Mac updates are performed via the update command, which must be manually triggered.
- The Linux/FreeBSD/Mac agent does not require root access and can run as any user. If you use our OS packages it will run as the sd-agent user. It does not require any special permissions.
If you have any questions about these points or anything else, get in touch!