Skip to main content

Security and best practices for agents

The agent is the foundation of your secure connection, designed with a zero-trust architecture. This page covers both the agent's built-in, automatic security features and the essential best practices you should follow during deployment to ensure a secure and reliable connection to your services.

Agent security

  • Cryptographic identity: Each agent receives a unique, cryptographic identity that can't be spoofed or replicated.
  • Outbound-only connectivity: Agents only make outbound connections, eliminating the need for inbound firewall rules
  • Secure tunneling: All traffic between agents and NetFoundry infrastructure is encrypted end-to-end.
  • Token aecurity: Bootstrap tokens are time-limited and attempt-limited to prevent unauthorized use.

Deployment best practices

  • Strategic placement: Install agents close to your backend services to minimize latency while considering network topology and bandwidth constraints when planning deployment locations. Deploy multiple agents across different locations to ensure high availability and effective load distribution.
  • Resource planning: Ensure adequate system resources are available for optimal agent operation by monitoring performance and resource utilization continuously. Plan for scaling requirements based on expected traffic patterns and usage growth to maintain service quality.
  • Security hardening: Follow established system security best practices for agent host systems, including regular software updates to the latest agent versions. Monitor agent logs consistently for security events and anomalies that may indicate potential threats or operational issues.
  • Bootstrap token management: Generate bootstrap tokens immediately before agent installation and use them promptly before expiration to maintain security. Distribute tokens securely only to authorized personnel and implement monitoring for token usage and expiration to prevent unauthorized access.