The Upwind Platform is a hybrid solution, enabling a best of both worlds approach with agentless deployment options for rapid time-to-value and a sensor for industry-leading realtime and runtime security. While we’ve previously covered our agentless cloud sensors, this post focuses on how quickly you can deploy the Upwind sensor and gain deep, real-time visibility into your infrastructure and applications.

“Within minutes of deployment we had real-time protection of our entire infrastructure. The entire process using Upwind was incredibly simple.” – Alon Reznik, Chief Architect, Rivery

What is the Upwind Sensor?

The Upwind sensor is lightweight, high performance, easy to deploy, and simple to operate. It provides real-time and runtime visibility into system calls, process executions, file access, and networking traffic at layers 3, 4, and 7 of the OSI model. 

Powered by eBPF, the sensor is engineered for efficiency. It uses less than 1% CPU and under 1 GB of RAM, even when scanning large container images. For example: at h2O.ai, it successfully scanned a 30GB container image using just ~3% of the image size in memory

The Upwind Sensor enables granular, process-level insight into containers and VMs –  without adding operational drag.

A table describes the 7 OSI layers: Application, Presentation, Session, Transport, Network, Data Link, and Physical, including each layer’s function and example protocols or devices such as HTTP, TCP, and Ethernet.
The Upwind Sensor enables visibility into layers, 3, 4, and 7 of the 7-layer OSI Networking Model.

The Upwind Sensor is also secure, requiring mutual, certificate-based authentication to connect to the Upwind Console. The Upwind Sensor’s capabilities are limited to getting policies from Upwind Console and sending event data to the Upwind Console. The Upwind Sensor has no ability to interact with Upwind Console beyond the websocket –  a design choice that enhances security and minimizes blast radius risk.

A LinkedIn post by James Berthoty praising Upwind Securitys onboarding process, detailing steps like account setup, connecting services, triggering alerts, and MDR SOC checks, all completed quickly. He expresses high satisfaction.

How to Install the Upwind Sensor

When we built the Upwind Platform, we understood the need to make it easy to install. Exact deployment steps vary slightly, depending on environment – you can read about your specific scenario in our documentation here. For this guide, we’ll walk through deploying the Upwind Sensor in a Kubernetes cluster using a Helm operator. 

Step 1. Generate Credentials

Only needed if you want to create new client credentials. If you already have client credentials, you can skip this step.

Select the + (plus) symbol at the top of the screen and select “Connect Kubernetes Cluster.” Select “Generate a new one” to create a new client ID and client secret. Provide a name and select “Generate”. Alternatively, you can generate credentials in the Credentials page in the console. For more information, review the documentation on Credentials.

After you have generated credentials, they will automatically be copied into step three and inserted into the UPWIND_CLIENT_ID and UPWIND_CLIENT_SECRET fields.

Step 2. Add Upwind Helm Repository

To add Upwind to the Helm repository, execute:

helm repo add upwind https://charts.upwind.io/ && helm repo update

Copied

Step 3. Deploy Upwind Operator

With the Upwind Helm repository added, you can now deploy Upwind to your cluster. If you are re-using a credential be sure to add it into the UPWIND_CLIENT_ID & UPWIND_CLIENT_SECRET fields.

To install the helm chart, execute the install command as follows:

For containerd:

helm install upwind-operator upwind/upwind-operator \
    --namespace upwind \
    --set credentials.clientId="${UPWIND_CLIENT_ID}" \
    --set credentials.clientSecret="${UPWIND_CLIENT_SECRET}" \
    --create-namespace

Copied

For CRI-O:

helm install upwind-operator upwind/upwind-operator \
   --namespace upwind \
   --set credentials.clientId="${UPWIND_CLIENT_ID}" \
   --set credentials.clientSecret="${UPWIND_CLIENT_SECRET}" \
   --set agent.values.containerd.enabled=false \
   --set agent.values.crio.enabled=true \
   --create-namespace

Copied

Step 4. Test Connectivity

It is recommended to validate that none of the resources deployed by Upwind are in a Pending/Failed or any other error state, which will prevent the Upwind sensor from operating as expected.

Run the following command to validate that all the resources are in a Running state:

kubectl get agent,clusteragent --namespace upwind

Copied

That’s it. Your Upwind Sensor is now running and you’re collecting real-time signals and runtime context from your environment –  all in under 5 minutes. For troubleshooting, see the troubleshooting pages corresponding to your deployment scenario in the Upwind documentation.

Learn More

Sensor deployment may differ slightly by environment, but the core idea remains: installation should take minutes, not hours. To prove our point, you can view the video of our sensor being deployed on an Amazon EC2 instance in 5 minutes in the video linked in this blog. 

Get full-stack runtime visibility and protection, starting today. Schedule a demo, or drop us a line at [email protected] to find out how.