A Deep Dive into Single and Multi-Tenant Architectures within Cortex
A region comprises both single and multi-tenant architectures, establishing a clear separation of resources and data within the Cortex ecosystem.
The US and EU regions host multi-tenant services, encompassing shared and global resources for efficient operation and scalability across different geographical locations.
Customer-facing multi-tenant projects, designed for shared access, are primarily deployed within the US region for optimal user experience and accessibility.
Most other multi-tenant projects, particularly those with shared resources, are located in the EU region, catering to diverse operational needs and data requirements.
The Gateway service, operating as a multi-tenant component in the US region, serves as the initial access point to the Cortex UI for seamless user interaction.
Each client is allocated a dedicated single-tenant GCP project, ensuring resource isolation and data privacy, excluding the metro tenant setup for optimized resource utilization.
Shared projects are synonymous with multi-tenant projects, offering resource sharing, while single-tenant projects maintain complete isolation for enhanced security and customization.
The Gateway acts as the sole entry point to the single-tenant Cortex UI, controlling access and authentication for authorized users through a secure channel.
The Gateway utilizes a Spanner DB for storing user credentials and managing authentication processes, ensuring reliable and scalable user management within the Cortex environment.
The Gateway is responsible for creating, maintaining, and authenticating users, streamlining the user management process and providing a secure entry point to the system.
Direct access to single-tenant environments is restricted; all requests are routed through the multi-tenant Gateway hosted in the US region, enhancing security and control.
License information is securely stored in Filestore, providing a centralized repository for managing and tracking licenses associated with Cortex deployments and services.
Single-tenant services are powered by GKE, VMs, GCS, BQ, and Pub/Sub, utilizing Google Cloud Platform resources for scalability, reliability, and performance optimization.
Cortex Agents, deployed within single-tenant projects, are responsible for collecting security data, providing valuable insights into potential threats and vulnerabilities.
Broker VMs monitor the health of Cortex Agents deployed in single-tenant projects, ensuring continuous data collection and immediate detection of any agent-related issues.
The Agent Gateway service determines the appropriate single-tenant project for each Cortex Agent request, ensuring efficient data routing and preventing cross-tenant data leakage.
Palo Alto regions are distinct from GCP regions, requiring careful consideration when deploying and managing Cortex services across different geographical locations and infrastructures.
Cortex is fully hosted within GCP, leveraging the platform's robust infrastructure, scalability, and security features for reliable service delivery and operational efficiency.
A single customer can have multiple single-tenant projects based on region, IT department, or environment (e.g., development and production), providing flexibility in resource allocation.
Data within each single-tenant environment is isolated and not shared with other single-tenant environments, ensuring data privacy and compliance with regulatory requirements.
All multi-tenant services, except for the Gateway, expose APIs for consumption by single-tenant projects, enabling seamless integration and communication between different components.
Each customer or tenant is represented by a single tenant project, ensuring dedicated resources and isolation for each user within the Cortex environment.
Multi-tenant regional services are designed to serve single-tenant services in close proximity, minimizing latency and optimizing performance for regional workloads.
Global services, part of the multi-tenant architecture, serve all single-tenant services across various regions, ensuring consistent functionality and access regardless of location.
Global services are hosted in both the US and EU regions, providing redundancy and ensuring service availability for single-tenant projects across different geographical areas.
Most multi-tenant services are duplicated across Palo Alto regions, ensuring high availability and minimizing the impact of regional outages on overall service performance.
Shared services, primarily related to DevOps activities, are hosted in the EU region, providing centralized resources for development, testing, and deployment processes.
Customer-facing global services, exemplified by the Gateway, are hosted in the US region, ensuring optimal user experience and accessibility for customers worldwide.
The Metro project (Metro Host) is a single GCP project hosting multiple small single-tenant services, optimizing resource utilization through namespace-based isolation within a shared GKE cluster.
Within the Metro Host, each tenant is assigned a dedicated namespace, providing logical separation and ensuring that resources and data are isolated from other tenants.
The Cortex Gateway MT project provides a common UI for all customers, simplifying access and management of Cortex services through a centralized and intuitive interface hosted in the US.
Each customer is provisioned with single-tenant projects, including XDR (basic license), XSIAM clients (App Hub), and XSPANSE/XSIAM/XSOAR clients (Engine project), catering to specific needs.
A single customer can have a maximum of three single-tenant projects, optimizing resource allocation and ensuring that each tenant has the resources required for their specific use case.
The single-tenant frontend service of the XDR project serves as the authentication point for the single tenant, ensuring secure access and managing user authentication for all related services.
Consolidating multiple smaller tenants into a single Metro Host cluster enhances resource efficiency and reduces operational overhead, maximizing the use of available resources.
The Gateway, residing in the US, acts as the initial point of contact, authenticating users and routing requests to the appropriate single-tenant environments.
Regional multi-tenant services serve single-tenant projects in their respective regions, minimizing latency and optimizing performance for regional workloads.
Filestore securely stores licensing information, ensuring compliance and enabling proper authorization for accessing Cortex services and features based on license entitlements.
Cortex leverages various GCP services like GKE, VMs, GCS, BQ, and Pub/Sub, taking advantage of Google Cloud's robust infrastructure and scalable resources for reliable operation.
Cortex Agents, deployed within single-tenant projects, collect security data and send it back for centralized analysis and threat detection, enhancing overall security posture.
Single-tenant architecture provides strong isolation, ensuring data privacy and compliance for each customer, while multi-tenant architecture offers resource sharing and scalability.
Regional services optimize performance for specific geographical areas, while global services ensure consistent functionality and accessibility across multiple regions.
The Gateway serves as the central entry point to Cortex, providing secure authentication, managing user access, and routing requests to the appropriate single-tenant environments.
Cortex offers flexible deployment options, allowing customers to choose single or multi-tenant configurations based on their specific requirements, security needs, and budgetary constraints.
Cortex relies on Google Cloud Platform's robust infrastructure and scalable services, providing a reliable and secure foundation for data processing, storage, and analysis.
Thank you for your time and attention. We appreciate the opportunity to present the Cortex Architecture overview.
For any further questions or clarifications, please do not hesitate to reach out.
We encourage you to explore further resources and documentation for a deeper understanding of Cortex capabilities.
We look forward to collaborating with you on leveraging Cortex to enhance your security posture and operational efficiency.
Thank you once again for your engagement. We hope this presentation was informative and helpful.