Architecture

VirtualMetric DataStream is architected with enterprise security and data sovereignty as core principles. Unlike traditional solutions that require sending sensitive data to third-party cloud platforms for processing, DataStream keeps all your critical data within your environment while providing centralized management and visibility through a secure cloud control plane.

Security-First Architecture

Data Plane vs Control Plane Separation

DataStream employs a strict separation between data plane and control plane operations, ensuring your sensitive security data never leaves your environment:

Control Plane (VirtualMetric Cloud)

Multi-tenant SaaS platform for centralized management
Pipeline configuration and deployment
Fleet management across all Directors and Agents
Real-time statistics, monitoring, and alerting
Role-Based Access Control (RBAC) for team collaboration
Zero data processing or storage of customer logs

Data Plane (Customer Environment)

All data processing occurs within customer-controlled infrastructure
Director processes, transforms, and routes data locally
Agents collect data and communicate directly with local Director
No customer data transmission to VirtualMetric Cloud
Complete data sovereignty and compliance control

Enterprise Security Benefits

This architecture addresses critical enterprise security concerns:

Data Sovereignty - All sensitive log data remains within your infrastructure, ensuring compliance with data residency requirements, industry regulations (GDPR, HIPAA, SOX), and corporate data governance policies.

Minimal Attack Surface - Only a single HTTPS outbound connection required from Director to VirtualMetric Cloud for management, no inbound connections needed, and agents communicate exclusively with local Director infrastructure.

Zero Third-Party Data Exposure - Raw log data never transmitted to external vendors, eliminates risks of data breaches during transit, and maintains complete control over sensitive security information.

Network Security - Reduced firewall complexity with minimal external connections, no need to open firewall access from cloud to local systems, and simplified network security management.

Bandwidth Optimization - Processes data locally before routing to destinations, eliminates unnecessary raw data transmission, and provides intelligent compression and filtering capabilities.

Deployment Architecture

VirtualMetric Cloud (Multi-Tenant)

The centralized management platform provides:

Management Interface - Intuitive web-based console for pipeline configuration and monitoring
Statistics & Analytics - Real-time performance metrics, data flow visualization, and operational insights
RBAC & Security - Granular access controls, audit logging, and secure authentication
Fleet Management - Centralized deployment and configuration management across distributed environments

Customer Environment Options

VirtualMetric Director can be deployed in multiple configurations to meet diverse enterprise requirements:

Clustered Director (High Availability)

Load Balancing - Distributes processing load across multiple Director instances
Automatic Failover - Ensures continuous operation during maintenance or failures
Scalable Processing - Handles enterprise-scale data volumes with horizontal scaling
Shared Configuration - Synchronized pipeline configurations across cluster nodes

Flexible Deployment Models

On-Premises Deployment

Physical servers or virtual machines within customer data centers
Complete isolation from external networks if required
Integration with existing infrastructure and security controls

Cloud Deployment

Customer-owned Azure, AWS, or other cloud environments
Maintains data sovereignty within customer cloud tenants
Leverages cloud-native services while preserving security isolation

Hybrid Deployment

Directors in both on-premises and cloud environments
Unified management through single control plane
Flexible data routing based on location and requirements

Container and Serverless Support

Docker Containerization

Lightweight, portable deployment across environments
Simplified installation and maintenance
Container orchestration support (Kubernetes, Docker Swarm)
Consistent runtime environment across platforms

Azure Serverless Integration

Director Proxy - Azure Function-based secure data forwarding
Automatic scaling based on data volume
Pay-per-use cost optimization

Network Communication

Simplified Network Requirements

Outbound HTTPS (Director to VirtualMetric Cloud)

Single port 443 connection for management communications
Control plane synchronization and configuration updates
Statistics reporting and health monitoring
Secure token-based authentication

Internal HTTPS (Agents to Director)

Direct communication between Agents and local Director
No external connectivity required for Agents
Secure data transmission within customer environment
Simplified firewall configuration

Zero Inbound Connectivity

DataStream requires no inbound connections from external networks, eliminating common security vulnerabilities:

No firewall rules for external access to internal systems
Reduced exposure to external threats
Simplified compliance and security auditing
Enhanced network security posture

Management Models

Managed (Default)

Centralized Configuration - Manage all pipelines through VirtualMetric portal
Automatic Updates - Seamless deployment of configuration changes and updates
Real-Time Monitoring - Comprehensive visibility across distributed infrastructure
Collaborative Management - Team-based access with RBAC controls

Self-Managed (Air-Gapped)

For environments requiring complete network isolation:

Offline Configuration - Manual pipeline configuration and deployment
Local Management - Direct access to Director management interfaces
Manual Updates - Administrator-controlled updates and maintenance
Complete Isolation - Zero external connectivity requirements

Benefits for Enterprise Environments

Operational Efficiency

Centralized management of distributed telemetry infrastructure
Reduced operational overhead with automated configuration deployment
Comprehensive monitoring and alerting capabilities
Streamlined troubleshooting and performance optimization

Security & Compliance

Data never leaves customer-controlled environment
Simplified compliance with industry regulations
Reduced risk of data breaches and unauthorized access
Enhanced audit trail and governance capabilities

Scalability & Performance

High availability and clustering support for mission-critical environments
Horizontal scaling to handle growing data volumes
Intelligent load balancing and resource optimization
Container and serverless deployment flexibility

Cost Optimization

Eliminates costs associated with third-party data processing
Reduces bandwidth requirements through local processing
Flexible deployment models to optimize infrastructure costs
Pay-per-use serverless options for variable workloads

Security-First Architecture​

Data Plane vs Control Plane Separation​

Enterprise Security Benefits​

Deployment Architecture​

VirtualMetric Cloud (Multi-Tenant)​

Customer Environment Options​

Clustered Director (High Availability)​

Flexible Deployment Models​

Container and Serverless Support​

Network Communication​

Simplified Network Requirements​

Zero Inbound Connectivity​

Management Models​

Managed (Default)​

Self-Managed (Air-Gapped)​

Benefits for Enterprise Environments​