search close

Installation: Getting Started

access_time Updated May 19, 2022

Installation Introduction

Signal Sciences supports multiple installation methods. You can use Fastly’s Edge Cloud Platform, you can use Signal Sciences’ hosted Cloud WAF solution, or you can deploy directly onto your hosting environment via traditional Module-Agent process. Signal Sciences supports traditional, VM-based architectures as well as modern container-based ones. Integrations with several Platforms-as-a-Service (PaaS) are also available. Below are all the installation options available to get Signal Sciences up and running.

Edge Deployment

Note: This information is part of a Limited Availability release. For more information, see our product and feature lifecycle descriptions.

You can deploy Signal Sciences on Fastly’s Edge Cloud Platform by adding it to new or existing Fastly services. Deploying on Fastly’s Edge Cloud Platform doesn’t require you to install or modify anything on your own hosting environment.

Cloud WAF

Our Cloud WAF solution allows you to deploy Signal Sciences without requiring you to install the Signal Sciences agent and module directly onto your environment.

Module-Agent Installation Process

Signal Sciences can also be deployed directly onto your hosting environment. Getting started deploying Signal Sciences typically takes less than five minutes and is just a few simple steps depending on your web server (NGINX, Apache, etc).

More information about the Signal Sciences Agent and Module can be found in How It Works.

The Signal Sciences installation process is very simple and can be done with three steps:

Step 1: Agent Installation

The Signal Sciences Agent is a small daemon process which provides the interface between your web server and our analysis platform. An inbound web request is passed to the agent, which then decides whether the request should be permitted to continue, or whether it should take action.

Learn how to install an agent

Step 2: Module Installation

The Signal Sciences Module is the architecture component that is responsible for passing request data to the agent. The module deployment is flexible and can exist as a plugin to the web server, a language or framework specific implementation, or can be removed if running the agent in reverse proxy mode.

Learn how to install a module

Step 3: Verify Agent and Module Installation

  1. Log in to the Signal Sciences console.
  2. Select a site if you have more than one site.
  3. Click Agents in the navigation bar near the top of the screen.
  4. Check the module version under Module to confirm the correct version is listed.

Note: Until there has been at least one request since the agent and module were installed, the module information won’t be listed. Once there is traffic the module information will be populated.

Containers and Kubernetes

Signal Sciences supports multiple deployment patterns in Kubernetes. You will likely have to customize configurations for Signal Sciences to work in your own Kubernetes app. The documentation provides several Kubernetes deployment examples, using the Docker sidecar container pattern.

Learn how to install in Kubernetes

Agent-Only Installation

The Signal Sciences agent can work with an optional module to increase deployment flexibility. If you don’t want to install a module, the following agent-only options are available.

Agent Reverse Proxy Mode

The Agent can be configured to run as a reverse proxy allowing it to interact directly with requests and responses without the need for a module. Running the Agent in reverse proxy mode is ideal when a module for your web service does not yet exist or you do not want to modify your web service configuration - for example, while testing the product. In this mode, the agent sits inline as a service in front of your web service.

Learn how to run the Agent in Reverse Proxy

Envoy Proxy Integration

The Signal Sciences agent can integrate directly with Envoy, a cloud-native reverse proxy, to inspect and protect web traffic. Envoy v1.11.0 or later is recommended, however, Envoy v1.8.0 or later is supported with limited functionality.

Learn how to install Envoy Proxy

Istio Service Mesh Integration

The Signal Sciences agent can integrate with Isio Service Mesh to inspect and protect north/south and east/west traffic in microservices architecture applications. Full Istio integration is only possible in Istio v1.3 or later due to the required extensions to EnvoyFilter introduced in that release.

Learn how to install Istio

PaaS

The Signal Sciences agent can be easily deployed by Platform as a Service (PaaS). We worked with multiple vendors to integrate our technologies directly into their platforms to simplify deployment.

View PaaS platforms

Using Signal Sciences

Once Signal Sciences is installed, there are no rules or signatures to configure to get immediate visibility and protection against common attack types.

Now that you have Signal Sciences installed, learn how to use Signal Sciences.