Deployment
Endura Team Server is a centralized management platform that provides policy distribution, real-time telemetry aggregation, and unified security oversight across your infrastructure. This overview covers the available deployment options and technical considerations for deploying the Team Server in your environment.
Deployment Options Overview
Endura offers two primary deployment models for Team Server to meet different organizational needs and operational preferences:
Managed Deployment (Recommended)
Fully managed service operated by Endura Security
- Zero infrastructure management required
- Automatic updates, maintenance, and monitoring
- Global deployment across 10 regions (US, Europe, Asia Pacific)
- Enterprise-grade security and compliance
- 24/7 operational support from Endura
- OIDC integration with major identity providers (Google, Microsoft, CyberArk, Oracle)
Best for: Organizations wanting to focus on security operations rather than infrastructure management, regulated environments requiring specific data residency, teams seeking rapid deployment with minimal operational overhead.
Self-Hosted Deployment
Customer-managed infrastructure using containers
- Complete control over deployment environment
- Flexible infrastructure choices (Docker, Podman, Kubernetes)
- Custom network and security configurations
- Integration with existing infrastructure
- On-premises or private cloud deployment options
Best for: Organizations with specific infrastructure requirements, air-gapped environments, teams with existing container orchestration expertise, deployments requiring custom integrations or configurations.
Choosing Your Deployment Model
Consider these factors when selecting between Managed and Self-Hosted deployment:
| Factor | Managed Deployment | Self-Hosted Deployment |
|---|---|---|
| Operational Overhead | Minimal - Endura handles all infrastructure | High - Customer manages infrastructure |
| Time to Deploy | 1-2 business days | Variable based on complexity |
| Scalability | Automatic scaling by Endura | Manual scaling and capacity planning |
| Customization | Limited to supported configurations | Full control over configuration |
| Data Residency | 10 global regions available | Any location customer controls |
| Compliance | Endura-managed compliance posture | Customer-managed compliance |
| Updates | Automatic with zero downtime | Customer-managed update process |
| Support | 24/7 infrastructure support included | Customer responsible for infrastructure |
Versioning and Release Channels
Semantic Versioning
Both Managed and Self-Hosted deployments follow the same versioning system. Endura Team Server follows semantic versioning (semver) principles:
- Major.Minor.Patch format (e.g., 1.2.3)
- Major versions for breaking changes and major feature additions
- Minor versions for new features and enhancements
- Patch versions for bug fixes and security updates
Release Channels
Three release channels provide different stability and testing levels for both Managed and Self-Hosted deployments:
Latest Channel
- Most recent builds that passed Team Server-specific automated testing
- Equivalent to CI/CD builds
- Managed: Available upon customer request for testing environments
- Self-Hosted: Recommended for development and testing environments
- Fastest access to new features and fixes
Testing Channel
- Builds that passed both Team Server testing and full integration/end-to-end testing with Runtime Sensors
- Rolling release model with regular updates
- Managed: Default channel for most managed deployments
- Self-Hosted: Suitable for staging environments and early adoption
- Balance between stability and feature access
Stable Channel
- Thoroughly tested releases promoted from the testing channel
- Undergoes extensive manual testing and validation
- Managed: Available for customers requiring maximum stability
- Self-Hosted: Recommended for production environments requiring maximum stability
- Traditional release model with slower, more predictable updates
Each channel represents tagged versions of the same builds, allowing easy promotion between channels as testing confidence increases. For Managed deployments, Endura handles channel selection and updates automatically unless otherwise requested.
Performance Considerations
- CPU Overhead: Typically 5-10% CPU utilization under normal workloads
- Memory Footprint: Base memory usage of ~500MB-1GB depending on connected Sensors and policy complexity
- Database Performance: Scales with number of connected Runtime Sensors and telemetry volume
- Network Traffic: Inbound sensor telemetry and policy distribution; outbound integrations (Slack, etc.)
Network Requirements
Inbound Connectivity:
- HTTPS (443/tcp) from Runtime Sensors for telemetry submission and policy retrieval
- HTTPS (443/tcp) for web interface access
- Database connectivity (5432/tcp) if using external PostgreSQL
Outbound Connectivity (Optional):
- HTTPS (443/tcp) to external identity providers for OIDC authentication
- HTTPS (443/tcp) to external services (Slack, webhook endpoints)
- DNS resolution for external service connectivity
Next Steps
Choose Your Deployment Option
Start with Managed Deployment (Recommended):
- Managed Team Server - Fully managed service with zero operational overhead
Or Deploy Self-Hosted Infrastructure:
- Docker Deployment - Docker and Docker Compose deployment with comprehensive TLS configuration
- Podman Deployment - Podman and Podman Compose with rootless container security
- Kubernetes Deployment - Enterprise Kubernetes deployment with Helm charts