Deployment Methods
Last updated
Last updated
In a standalone installation, Wazuh is installed directly on a Linux server. This method is suitable for smaller environments or testing purposes where the Wazuh manager and agent run on the same system. The server becomes responsible for collecting, analyzing, and storing security data locally.
Simplicity: A straightforward method that requires manual configuration of agents for distributed monitoring.
Limitations: Limited scalability and not ideal for larger, distributed environments.
The all-in-one installation script offers an automated method to deploy both the Wazuh manager and the agent on the same machine. It is typically used for quick deployments where Wazuh is needed on a single server. The script handles the installation and configuration process, ensuring all necessary components are set up automatically.
Speed: Quick deployment with minimal configuration.
Less Customization: Limited flexibility as the installation follows default configurations.
Deploying Wazuh via a Virtual Machine (OVA) template allows for a pre-configured setup that is easy to import and run in virtualized environments. This method is useful for those running hypervisors such as VMware or VirtualBox, as it provides a self-contained environment for Wazuh.
Ease of Use: Ideal for users who need a quick and hassle-free setup.
Resource Consumption: Requires a virtualized environment (VMware, VirtualBox, etc.) and may require additional resources depending on the VM's configuration.
Wazuh provides pre-configured Amazon Machine Images (AMIs) for deployment on Amazon Web Services (AWS). Using an AMI streamlines the process of launching a Wazuh instance in the cloud, as it already includes the necessary configurations for Wazuh manager and agent. This is a perfect option for cloud environments.
Scalability: Easy to scale and integrate with other AWS services.
Cloud-Focused: Best suited for cloud-native environments like AWS.
Docker enables the deployment of Wazuh in a containerized environment. This method provides portability and flexibility, as Docker containers can run on any system that supports Docker, making it ideal for developers and teams that prefer microservices architecture. It simplifies deployment, scaling, and version control.
Portability: Wazuh can run on any system supporting Docker, making it easy to deploy across different platforms.
Isolation: Each Wazuh instance runs in isolation, which may help in multi-environment setups, but may require additional configuration for integration with other services.
Wazuh can be deployed on Kubernetes, which is a container orchestration platform. This is suitable for large-scale environments that require high availability, scalability, and automated management of Wazuh instances across many nodes. Kubernetes offers features like self-healing, scaling, and easy integration with other microservices.
Scalability and Automation: Kubernetes makes it easier to manage and scale multiple Wazuh instances.
Complexity: Requires understanding Kubernetes concepts such as Pods, Deployments, and Services.
Offline installation is useful in environments that do not have direct internet access. It involves manually downloading all necessary Wazuh installation files and transferring them to the target machine. This approach is often used in secure or air-gapped environments where internet access is restricted.
Security and Isolation: Ideal for secure environments with strict network policies.
Manual Management: Requires careful management of dependencies and installation files.
Installing Wazuh from source gives users full control over the installation process. This method allows for greater customization, as users can modify the source code, configure specific options, and optimize Wazuh for their unique requirements. It is ideal for advanced users or developers who need to build a tailored version of Wazuh.
Flexibility: Maximum control over the installation, with the ability to customize configurations and features.
Complexity: Requires a deep understanding of Wazuh and its dependencies.
Ansible is an open-source automation tool used for configuration management. By using Ansible, you can automate the deployment of Wazuh across multiple machines. It allows for repeatable, consistent deployments and can be integrated into an organization's existing automation and DevOps pipelines.
Automation: Ideal for large-scale deployments where you need to manage configurations across many nodes.
Integration: Works well within existing automation frameworks.
Puppet is another automation and configuration management tool that can be used for deploying Wazuh. It allows for automated configuration across multiple systems, ensuring consistent setups and easy management. Puppet uses a declarative language to define system states, making it ideal for large environments requiring regular configuration updates.
Consistency: Ensures consistent configuration across multiple nodes.
Complexity: Like Ansible, Puppet requires knowledge of its language and configuration methods.