Architecture

Qpoint provides deep visibility and control over your external service dependencies through a modern, distributed architecture. This overview explains how the components work together to deliver comprehensive egress observability.

Core Components

Qpoint's architecture consists of four primary components that work together to provide complete visibility into your external service dependencies:

  1. Qtap Agent - The data plane component deployed on your servers

  2. Control Plane - The central management interface (UI/API)

  3. Metrics Storage - For storing anonymized connection metadata

  4. Payload Storage - For storing connection payload data within your environment

Qtap Agent

At the heart of Qpoint's technology is the Qtap agent, which leverages eBPF (Extended Berkeley Packet Filter) to provide granular visibility into application traffic.

eBPF is a Linux kernel technology that allows safe execution of programs within kernel space, enabling:

  • Kernel-level visibility into network events before encryption

  • Efficient execution with minimal overhead

  • Transparent operation without code modifications

  • Safe execution through kernel verification

The Qtap agent uses eBPF to:

  • Monitor network sockets

  • Collect metadata and payloads

  • Attach to specific kernel events

  • Gather detailed connection information

Control Plane

The control plane serves as the management layer for your Qpoint deployment:

  • Web-based UI and API access

  • Team and access management

  • Configuration management

  • Deployment orchestration

  • Single sign-on (SSO) support

The control plane serves as a management interface only and does not store or process sensitive data.

Event Storage

The metrics pipeline consists of two key components that work together to process and store connection metadata:

Pulse Service

Pulse is a specialized service that acts as the gateway for metrics data:

  • Provides authentication and authorization

  • Handles data sanitation and processing

  • Offers a query API for data retrieval

  • Manages data flow into Clickhouse

Clickhouse Database

Clickhouse serves as the analytical database for processed metrics:

  • Optimized for high-performance analytical queries

  • Stores anonymized connection metadata

  • Enables real-time dashboard updates

  • Supports complex data analysis

Deployment options:

  • Managed: Use Qpoint's hosted Pulse service and Clickhouse database

  • Self-hosted: Run your own Pulse service and Clickhouse database (coming soon)

Object Storage

Qpoint uses S3-compatible object storage for maintaining detailed payload data:

  • Stores request and response payloads

  • Supports any S3-compatible storage service

  • Runs within your own environment

  • Configurable through environment variables

Key features:

  • Full control over sensitive data storage

  • Flexible storage provider options

  • Scalable storage capacity

  • Direct access from your environment

PreviousIntroductionNextData Flow

Last updated