Standard Production (Cribl.Cloud/Hybrid)
The Standard Production blueprint is the foundational architecture for both Cribl.Cloud and self-managed environments. It is designed for high availability, predictable scaling, and centralized management within a single environment.
Depending on your infrastructure needs, you can implement this blueprint in one of three ways:
- Cribl.Cloud (fully Cribl managed): A turnkey solution where Cribl hosts and manages both the Leader and the Worker Nodes.
- Hybrid: A managed Cribl.Cloud Leader provides centralized orchestration for Worker/Edge Nodes hosted within your own VPC or on-premises data center.
- On-Prem (fully customer managed): You maintain full control by hosting and manage both the Leader and the Worker/Edge Nodes within your own environment.
CVA Baseline Topology
This blueprint is built upon the Distributed (Single Worker Group) topology. It separates the control plane (management) from the data plane (processing) to separate management tasks from data throughput.
- Leader (Control plane) In Cribl.Cloud): Managed by Cribl. You handle configuration while Cribl handles the infrastructure management.
- Customer-managed: A dedicated (customer-managed) Leader Node handles configuration, Git versioning, and monitoring.
- Worker Group (Data plane): A cluster of Worker/Edge Nodes sharing a single configuration. These can be Cribl-managed or Customer-managed (hybrid) Nodes running in your own VPC or data center.
- Load Balancing: A Network Load Balancer (NLB) or DNS load balancing is used to distribute incoming data streams across the Worker Group/Fleet.
Overlays
This pattern frequently incorporates the Cribl Edge and Stream Overlay to bridge local and Cribl.Cloud environments.
- Secure Communication: Customer-managed Worker/Edge Nodes connect to the Leader (Cribl.Cloud or On-prem) via a secure management port (usually
443) for heartbeats and configuration updates. - Proximity Processing: Worker/Edge Nodes are deployed as close to the data Sources as possible (such as placing them in same AWS region or physical data center) to minimize latency and egress costs.
For details, see Vanilla Cloud, Vanilla On-Prem, Vanilla Hybrid.
Operational Guardrails
To maintain a validated state, your deployment must adhere to the specific resilience and connectivity standards defined for your environment type.
Vanilla Cribl.Cloud (Fully Cribl Managed)
In this model, Cribl assumes responsibility for the resilience and scaling of the infrastructure.
- Capacity management: Treat Cribl-managed Worker Groups as your primary building block. Design Pipelines and Routes around the ingest limits and Worker Process caps enforced by your license tier rather than treating processes as unbounded resources.
- Connection reliability: Avoid pinning outbound traffic to a single endpoint. Use Destination-side load balancing or round-robin DNS to spread connections across multiple IPs.
For details, see Vanilla Cloud Guardrails.
Vanilla On-Prem (Fully Customer-Managed)
When hosting the Leader Node in your own environment, you assume full responsibility for system resilience.
- Leader High Availability (HA): For strict requirements, you must implement a secondary Leader behind a load balancer to ensure seamless failover and simplified routing on ports
9000and4200. - Configuration Recovery: If full HA is not implemented, use a Remote Git repo or Packs to rapidly reconstruct the primary Leader Node in the event of host failure.
For details, see Vanilla On-Prem Guardrails.
Vanilla Hybrid (Cribl.Cloud Leader with Customer-Managed Nodes)
Success in a hybrid model depends on robust connectivity and firewall discipline between your Workers and the Cloud Control Plane.
- Firewall Allow-listing: You must allow-list the Cribl.Cloud Leader NLB IPs on port
4200to ensure Worker/Edge Nodes can reliably reach the Control plane. - Egress Path Simplification: Keep the network path simple and uniform per site. You can use a single TLS/mTLS path to reduce operational friction.
For details, see Vanilla Hybrid Guardrails.