# Choosing Your Deployment: Qplane vs Qtap When deploying Qpoint, you have two main options: **Qplane** (cloud-managed control plane) or **Qtap** (self-managed with YAML configuration). This guide helps you decide which deployment model fits your requirements. ## Quick Decision Matrix | Factor | Qplane (Cloud-Managed) | Qtap (Self-Managed) | | -------------------------- | ------------------------------ | ------------------------------------ | | **Setup Time** | 10 minutes | 5-50 minutes (depends on complexity) | | **Management** | Centralized dashboard | YAML configuration files | | **Infrastructure** | Managed control plane | No control plane needed | | **Data Storage** | Your choice (can use S3) | Your choice (can use S3) | | **Configuration** | Web UI | YAML files (version controlled) | | **Multi-Environment** | Built-in support | Manual coordination | | **Air-Gapped Deployments** | Not supported | Fully supported | | **Team Collaboration** | Built-in RBAC | Via GitOps workflows | | **Best For** | Teams wanting managed solution | Teams needing full control | ## Understanding the Components ### Qtap: The eBPF Agent **Qtap** is the core eBPF agent that runs on your Linux hosts (bare metal, VMs, or containers). It: * Captures network traffic at the kernel level using eBPF * Provides process-aware visibility (knows which process made each request) * Sees inside TLS/HTTPS before encryption happens * Can run standalone or connected to Qplane **Every deployment needs Qtap agents** - it's the component that actually captures traffic. ### Qplane: The Control Plane (Optional) **Qplane** is an optional cloud-managed control plane that provides: * Centralized configuration management * Dashboard for visualization and exploration * Multi-environment orchestration * Team collaboration features **Qplane is optional** - Qtap agents work perfectly without it, configured via YAML files. ## Choose Qplane If You Want: ### 1. Centralized Management **Problem Qtap Alone:** Managing YAML config files across dozens of hosts/environments **Qplane Solution:** Single web UI to configure all agents across all environments ### 2. Quick POC or Evaluation **Problem Qtap Alone:** Requires understanding YAML structure and options **Qplane Solution:** 10-minute guided setup with dashboard for immediate insights ### 3. Multi-Environment Visibility **Problem Qtap Alone:** Each environment logs separately; correlating is manual **Qplane Solution:** Unified view across dev, staging, prod with environment filtering ### 4. Team Collaboration **Problem Qtap Alone:** Sharing YAML configs and log outputs via Slack/email **Qplane Solution:** Role-based access, shared dashboards, built-in collaboration ### 5. Dynamic Configuration **Problem Qtap Alone:** Config changes require updating YAML + agent restart **Qplane Solution:** Push config changes to agents dynamically via web UI ## Choose Qtap (Standalone) If You Want: ### 1. Air-Gapped or Isolated Environments **Benefit:** No external connectivity required; agents run completely offline **Use Case:** Government, finance, healthcare with strict network isolation requirements Qtap operates entirely within your infrastructure without any outbound connections. Perfect for environments where internet access is restricted or prohibited for security/compliance reasons. ### 2. GitOps Workflows **Benefit:** Configuration is version-controlled code, with CI/CD and rollback **Use Case:** Platform teams managing infrastructure as code YAML configurations integrate seamlessly with Git-based workflows. Track changes, review via pull requests, automate deployments with CI/CD pipelines, and roll back configurations with `git revert`. Configuration becomes auditable infrastructure-as-code. ### 3. Building Block for Custom Observability Solutions **Benefit:** Use Qtap as a data plane in your own observability architecture **Use Case:** Teams building custom monitoring, security, or compliance platforms Qtap serves as a powerful data collection layer that feeds into your own systems. Route captured traffic to your data lake, SIEM, custom analytics platform, or internal dashboards. Full control over how traffic data is processed, stored, and analyzed. **Examples:** * Feed Qtap output to your existing log aggregation pipeline (Fluent Bit, Logstash) * Build custom analytics on top of Qtap's structured JSON output * Integrate with internal security tools and compliance systems * Create domain-specific observability tailored to your business needs ## Migration Between Deployment Models ### Start with Qtap → Add Qplane Later **When:** Self-managed becomes complex as you scale to many environments **Process:** 1. Sign up for Qplane 2. Connect existing Qtap agents to Qplane (change agent connection settings) 3. Reconfigure stacks and plugins in Qplane UI 4. Gradually migrate management to Qplane UI **Note:** You'll need to manually recreate your Qtap YAML configurations in the Qplane UI, as automatic import is not yet supported. ### Start with Qplane → Move to Qtap **When:** Production requirements change (e.g., need air-gapped deployment) **Process:** 1. Export YAML configuration snapshot from Qplane dashboard 2. Deploy Qtap agents with the exported YAML config 3. Disconnect agents from Qplane **Note:** Qplane provides YAML configuration snapshots that can be used directly with standalone Qtap agents. This makes migration straightforward - just export and deploy. ## Common Misconceptions ### "Qplane stores my traffic data" **False.** Qplane only stores: * Agent configuration * Connection metadata (which process called which endpoint) * Dashboard state and queries **Sensitive HTTP/HTTPS payload data** is stored where YOU configure (typically your S3 bucket), whether using Qplane or standalone Qtap. ### "Qtap standalone can't scale" **False.** Qtap scales horizontally to thousands of agents. The difference is **how you manage them**: * Qplane: Centralized web UI * Qtap: Configuration management tools (Ansible, Terraform, Kubernetes ConfigMaps) ### "I have to choose one permanently" **False.** You can switch between deployment models as your needs change: * **Qplane → Qtap:** Export YAML snapshots from Qplane and use directly with standalone agents * **Qtap → Qplane:** Connect agents to Qplane and manually recreate configurations in the UI Migration from Qplane to Qtap is straightforward with configuration export. Migration from Qtap to Qplane requires manual reconfiguration (import not yet supported). ## Real-World Examples ### Startup Evaluating Qpoint **Situation:** 10-person engineering team, want to try Qpoint **Recommendation:** **Qplane** - Get running in 10 minutes, explore with dashboard, decide later **Path:** [POC Kick Off Guide](/guides/qplane-guides/poc-kick-off-guide.md) ### Enterprise with Compliance Requirements **Situation:** Healthcare company, HIPAA compliance, data cannot leave infrastructure **Recommendation:** **Qtap standalone** with S3 storage in your VPC **Path:** [Complete Guide: Hello World to Production](/guides/qtap-guides/getting-started/getting-started-complete-guide.md) ### Platform Team Managing 100+ Microservices **Situation:** Large org, many environments (dev/staging/prod), multiple teams **Recommendation:** **Qplane** for centralized visibility and team collaboration **Path:** [POC Kick Off Guide](/guides/qplane-guides/poc-kick-off-guide.md) ### Security Team for Incident Response **Situation:** Need to capture traffic during security incident, ephemeral setup **Recommendation:** **Qtap standalone** (minimal setup, no account needed) **Path:** [Production Debugging](/guides/qtap-guides/debugging/production-debugging-with-https-visibility.md) ## Next Steps **Ready to get started?** * **Qplane (Cloud-Managed):** [POC Kick Off Guide](/guides/qplane-guides/poc-kick-off-guide.md) * **Qtap (Self-Managed):** [Complete Guide: Hello World to Production](/guides/qtap-guides/getting-started/getting-started-complete-guide.md) * **Just Exploring:** [Production Debugging](/guides/qtap-guides/debugging/production-debugging-with-https-visibility.md) (30-second setup, no commitment) **Still have questions?** * [Architecture Overview](/readme/architecture-overview.md) - Understand how the components fit together * [How It Works](/readme/how-it-works.md) - Technical deep dive into eBPF and TLS visibility * [Use Cases](/readme/use-cases.md) - See how other teams use Qpoint --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.qpoint.io/readme/choosing-your-deployment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.