Ready to get started?
Try it free, or book a demo with an expert to learn how you can deliver internal apps 10x faster with Superblocks.
Internal applications, workflows, and jobs read and write to production databases and APIs, accessing your most sensitive data. In regulated industries such as finance, healthcare, insurance, aerospace, and government it can be challenging to quickly build internal tooling while also meeting stringent data security and compliance requirements.
When deciding whether to DIY or build using Superblocks to accelerate developer time, 3 groups have requirements to satisfy:
- Application Developers want easy deployment along with the latest tooling available to aid in their development
- Security teams want to ensure customer data stays inside their VPC
- DevOps teams want minimal deployment and maintenance overhead
This is where the Superblocks On-Premise Agent comes in. The on-prem agent architecture allows customers to take advantage of Superblocks Cloud, “the control plane,” for authentication, permissions, and application definitions, while the on-prem agent executes code and queries, “the data plane,” from inside the customer’s private network or VPC.
In this post, we'll cover the key benefits across data security, ease of deployment, an always-up-to-date platform, open source code auditability, developer extensibility, and more.
A false dichotomy: Cloud vs On-Premise
In the market today, internal tooling vendors typically offer either a Cloud or On-Premise deployment option, sometimes both. Let’s dive into each to understand the trade-offs for background before we dig into the on-prem agent benefits in more detail.
Cloud-hosted
You have zero-management experience and a platform that is always up-to-date, offloading reliability and scalability to the vendor. This is how Superblocks Cloud works. Though for security teams in high-compliance industries, exposure of customer data outside of their VPC is a requirement that cannot be met.
Legacy on-premise installation
Similar to software from the ‘90s, this option secures customer data within your network, but comes with a large burden of overhead and costs, including exorbitant vendor platform fees, training and maintenance costs, scheduled downtime for upgrades, and vendor database migrations. As a result of these high deployment and maintenance costs, upgrades are often deprioritized by DevOps teams, so on-prem software can become months or years out-of-date. In the end, developers miss out on the latest improvements, bug-fixes, and features that they are using the software for in the first place.
As you can see, the Cloud Managed option is superior in almost every decision criteria, except for when there is a data security requirement to keep all customer data in-network or VPC. Those customers were forced onto an expensive on-prem installation to adopt an internal tooling platform, until now.
The best of both worlds: Superblocks On-Prem Agent
The Superblocks On-Prem Agent is architected to take advantage of the benefits of modern cloud software with the security benefits offered by on-prem software. By decoupling the control plane in the cloud and data plane within your private network or VPC, customers can achieve the security benefits they desire, without inheriting the full set of on-prem software drawbacks.
Customer Benefits across Developers, Security, and DevOps Teams
#1 Customer data never leaves your network or VPC
With data plane operations handled by the on-prem agent, like querying databases and code execution, your data never leaves your private network. You control network rules and can restrict access to only in-network browsers or servers. Requests are made to the agent via HTTPS and TLS 1.3 so data is always encrypted in transit. And since the agent executes APIs server-side, you control what data is returned to the browser, eliminating the opportunity for unauthorized access to data used between API steps by ensuring the only data returned is the data needed for display.
#2 Always up-to-date Superblocks platform
Get access to the latest features in the Superblocks platform in the cloud without upgrading in order to access the latest Superblocks Editor and Admin features where every new component, platform feature, security update, and bugfix is instantly available. This minimizes the need to upgrade your on-prem agent as the surface area is small in comparison.
#3 Fast deployment, scalability, and zero-downtime upgrades
Superblocks On-Prem Agents run as stateless Docker containers enabling you to:
- Deploy in minutes using the Terraform module or Helm chart and easily manage future deployments using infrastructure-as-code
- Achieve high availability by horizontally scaling the agent with automatic load balancing across agents and take advantage of auto-scaling via an exposed metric interface
- Vertically scale the agent if required for an intensive use case to allocate additional CPU or memory
#4 Auditable by security teams
The Superblocks Agent is open-source and available on GitHub, unlike most software that is installed as binary that is closed source. This offers an added layer of security, letting your Security team audit the agent’s dependencies and source code at any time. You can use your own vulnerability scanning tools on the agent. If a vulnerability is found, the community can report and even open a PR and Superblocks will merge in a patch immediately.
#5 Infinitely extensible
Since the agent is open-source, it is designed to be highly customizable. Some examples of extensions you can add to your agent include:
- Running sidecar services to handle custom authentication
- Adding security middleware to intercept requests to meet custom rules
- Customizing the agent image to import custom packages from your registry
- Create custom plugins to integrate with legacy databases or proprietary services
Data flow for a deployed application
To illustrate data flow, imagine deploying an application on Superblocks for your Support team to fetch customer data to display in a table in the user interface. Starting from the Support User opening the application URL:
User Authentication, RBAC, and loading the user interface
- A Support user logged into the VPN accesses the app URL and logs into Superblocks by successfully authenticating via username/password or via SSO from your Identity Provider
- Superblocks Cloud checks if the user has the appropriate permissions (RBAC) to use the application and blocks access if they do not
- The Support user’s browser securely retrieves the application definition from the closest cache on the Superblocks Global Edge Network to render the user interface with minimal latency
Executing APIs in-network via On-Premise Agent
- The browser makes a separate secure request to the On-Prem Agents inside of your network to execute an API
- The Agent securely retrieves the API definition from the closest cache on the Global Superblocks Edge Network
- The Agent executes the API inside your private network querying your databases or internal APIs and sends the data directly to the browser
Telemetry for Monitoring and Debugging
- The On-Premise Agent forwards telemetry such as Audit Logs, Observability, and Billing Metrics to Superblocks Cloud where you can enable forwarding to a 3rd party observability solution such as Datadog, New Relic, or Splunk
Get Started with the Superblocks On-Prem Agent
Want to save 100s of engineering hours off your internal tooling roadmap while keeping your data secure?
Getting started with the Superblocks On-Premise Agent takes minutes. Deploy an agent today using the Superblocks Agent Terraform module for ECS and Google Cloud Run, or deploy to Kubernetes using Helm.
To learn more about deploying the agent, head to the Superblocks On-Prem Agent docs or get started today with a free 14-day trial.
Stay tuned for updates
Get the latest Superblocks news and internal tooling market insights.
You've successfully signed up
Table of Contents
Multiple authors
July 9, 2024
Velocity Global: Leading Employer of Record provider achieves efficiencies in time to market, scale, and cost savings with Superblocks
EOR provider Velocity Global is leading the future of borderless work by helping organizations onboard global talent in more than 185 countries. The company offers a full spectrum of HR and payroll solutions, including talent acquisition, payroll administration, benefits management, and vacation time oversight, all while ensuring the highest compliance standards and strict adherence to local governmental regulations.
Multiple authors
July 2, 2024
Introducing Superblocks Multi-Page Apps: Build complex enterprise admin suites
Most enterprises depend on comprehensive, multi-functional administrative suites to support their internal workflows and critical business operations. For example, a payments-focused FinTech company might want a single application for support and ops teams to handle customer onboarding operations, underwrite customers, manage transactions, and respond to support requests.These applications typically span many pages, each serving distinct operational workflows and teams. This segmentation enhances user experience and productivity, but often results in increased maintenance burden as the application continues to grow.Although businesses often look to low-code to accelerate the development of internal tools and reduce maintenance burden, these platforms are often designed for building single-purpose applications. Consequently, end users often have to switch between different tools, limiting their ability to serve customers efficiently and effectively.
Multiple authors
May 17, 2024
3 insights from building Superblocks Layouts: Cranking up the power while keeping things super easy to use
Last week we launched Layouts in Superblocks. It was a huge effort and one of the more challenging engineering projects we've done and we learned a lot along the way.
