Image Removed

https://www.coalfire.com/insights/resources/video/getting-started-with-threadfix-3-0

Installation

Installation Checklist

Preparing your environment

System Recommendations

Prepare

External Database

How would Support for open-source components included in Coalfire’s Helm Charts, but not developed by Coalfire (e.g. Kong) work? Support for 3rd party applications/services is provided/ limited as they apply to TF

Install with Helm

Scaling ThreadFix Services
How would we handle future version upgrade? What is the process?

Image Added

Frequently Asked Questions

1. What are the requirements to deploy ThreadFix?
   
   ThreadFix has varying environment System Recommendations depending on the scale the user intends to deploy in:

   • Small Self-Contained Installations

   • Small Production Environments

   • Medium Production Environments

   • Large Scale Production Environments
     

2. How is ThreadFix Installed and how is it upgraded?
   

   • To begin with, users should consult the Installation Checklist in order to prepare their Kubernetes environment Installation

   • Once the environment is ready, users can prepare their external database as well install with Helm

   • When updates are available, users can followed straightforward Upgrade & Migration steps and updating guides
     

3. Can ThreadFix be scaled up or down after deployment?
   
   Yes, users can adjust their service’s scale. Note not all services in ThreadFix can be safely scaled, please consult the Configurations and Tuning Guide for more information on what services can be scaled and what values may be appropriate for the user case.
   

4. Can ThreadFix Support assist with third-party components, applications, tools, and/or services?
   
   Yes, however ThreadFix Support’s assistance with third-party components, applications, tools, and/or services is provided/ limited to what is necessary to install, upgrade, troubleshoot ThreadFix.
   

5. What API is available for users to integrate with?
   
   ThreadFix offers a robust list of API for customers to integrate into their environments.
   

6. 
   

disregard below

Getting Started with ThreadFix 3.X

How to handle cycling of certs/secrets (pod recycling)?1) Capacity sizing of clusters and other resources PVs, DBs, in consideration with Navy Federal needs

1. capacity sizing of clusters and other resources PVs, DBs

2. Recovery approach of persistent data for Stateful sets, if any node goes down or in upgrade / patching scenarios

   1. nothing to change, its transient data. Data stored in sql server, recommend to scale it up.

   2. if node goes down persistent volume should be fine and the node will remap onto a new node.

3. Design of High availability setup of the application within the same region

4. Any performance testing indicators required

5. Integration endpoints to other applications and any networking changes required

6. Enable Authentication / SSO functionality

7. Any specific concerns or issues (known) of having ThreadFix deployed in a separate Namespace while other tools to be deployed in their own namespaces and in the same AKS cluster

8. Product updates/ tool security patches update with helm charts and impact on the downtime

9. Active-Passive application configuration (if any)

10) DB sync if active-passive model HA deployment model
11) Heartbeat kind of utilities support HA deployment (if any)
12) Custom extension APIs and Certificate Transparency, if we will use TLS 1.2/ 1.3