slide

Cloud field day – sysdig

Ned Bellavance
4 min read

Cover

I will be a delegate for Cloud Field Day 5 on April 10-12. During the event we will be attending presentations from several vendors, which will be livestreamed. Before I leave on this grand adventure, I wanted to familiarize myself with each of the presenters and consider how their product/solution integrates with cloud computing. I’m also interested to hear from you about what questions you might have for each vendor, or topics you’d like me to bring up. As a delegate, I am meant to represent the larger IT community, so I want to know what you think! In this post I am going to consider Sysdig and what they have to offer in the cloud world.

Much like my previous Datrium post, I have heard the name Sysdig before and even seen them at a conference, but I’d be hard-pressed to tell you exactly what they do. Based on the name, I would assume that they specialize in data and analytics, or logging of some kind. The name is evocative of syslog, that venerable logging solution, and digging into it in some way. Fortunately, their website makes it really clear what they do. The main page probably says it best:

Sysdig is the first unified approach to monitor and secure containers across the entire software lifecycle.

Okay. I get it. They monitor and secure containers. I’m sure there’s a lot more to it than that. But I want to pause. Take a moment. And really appreciate the fact that they were able to sum up what they do in a single sentence. As someone who is exposed to enough marketing slicks to choke a wildebeest, it is refreshing to have something so concise and direct.

[Brief period of reflection over, we now return to the regularly scheduled blog post]

Cool. Now how do they accomplish this modern miracle of monitoring acumen? From what I can tell on their site, and here’s where things get a little hazy, it looks like they run a container on each host in your container cluster. The assumption is that you are probably already using an orchestrator, like Kubernetes, and you’ll use that same orchestrator to deploy the sysdig agent on each host. There is also a manual install process if you aren’t using an orchestrator. There’s also a support group out there for you while you come to grips with the choices you’ve made in life that left you without an orchestrator to lean on.

Once you have your agents provisioned and configured, they will start reporting information back to Sysdig. Now I’m not sure if Sysdig is a SaaS platform, or if each agent is part of a larger Sysdig deployment that collects and analyzes the information from your containers and services. The architecture here is not exactly clear. A cursory glance at the docs seems to point to a SaaS offering if you want it, or an on-prem deployment if you need it. Maybe on-prem isn’t the right word, more like you can host the backend if you want, or have Sysdig host it for you.

It’s also not entirely clear how Sysdig agents are pulling information from all the other containers running on the host. That seems like a security issue. Obviously you need to be careful about exactly what Sysdig is collecting and whether it passes muster with your security and compliance folks.

Once the Sysdig agents are pulling the info, they appear to put it to work in multiple contexts. If you’re worried about metrics and monitoring, then you have Sysdig Monitor. If your concern is with security, then you have Sysdig Secure. There are also some open-source projects with Sysdig Inspect, Falco, and Sysdig + Prometheus.

All in all it seems like a good concept. I’d like to dig deeper into how the solution works and integrates with the various cloud platforms out there. Here are the questions I have:

  • Do you currently support or plan to support container deployments using AWS Fargate or Azure Container Instances?
  • Is Sysdig a marketplace item in AWS or Azure today to simplify deployment?
  • How are you handling balancing open-source and paid products? Are there plans to open-source the whole solution like Chef just did?
  • What are you doing with all the aggregated monitoring data you are getting from clients?
  • What are the major security concerns with your solution and how are you addressing them?

Do you have questions for Sysdig? LMK and I’ll be happy to ask them too.