1. Atlan
  2. Secure Agent
  3. Architecture and Security

Secure Agent

Updated

The Atlan Secure Agent is a lightweight, Kubernetes-based application that enables secure metadata extraction. It connects internal systems with Atlan SaaS while keeping sensitive data protected and doesn’t require inbound connectivity. Running within an organization’s controlled environment, the Secure Agent ensures compliance with security policies and automates metadata processing.

Secure agent acts as a gateway
Figure 1: The Secure Agent runs in the customer environment and acts as a gateway.

Key capabilities

The Secure Agent is designed for secure, scalable, and efficient metadata extraction.

Security-first architecture

  • Runs entirely within the organization's infrastructure, preventing secrets from leaving its boundary.
  • Uses outbound, encrypted communication to interact with Atlan SaaS.
  • Supports logging and monitoring and integrates with external monitoring systems for auditing and compliance.

Scalable metadata extraction

  • A single deployment of the Agent can connect to multiple source systems.
  • Supports multiple concurrent metadata extraction jobs.
  • Uses Kubernetes-based workloads for efficient resource management.

Flexible deployment

  • Deploys on cloud-based Kubernetes environments (such as Amazon EKS, Azure AKS, and Google GKE) or on-premises clusters.
  • Scales dynamically based on workload demands.

Automated operations

  • Continuously monitors system health and sends heartbeats to Atlan.
  • Captures and uploads execution logs for troubleshooting and auditing.
  • Provides performance insights through metrics and alerts.

How it works

The Secure Agent follows a job-based execution model where metadata extraction tasks are scheduled and executed within the organization's environment. The workflow typically involves:

  1. Atlan triggers a metadata extraction job.
  2. The Secure Agent retrieves job details and extracts metadata using source-specific connectors.
  3. Extracted metadata is shared with Atlan either through cloud storage or direct ingestion.
  4. Atlan workflows process the extracted metadata and publish the assets.
  5. Logs and execution status are sent to Atlan for monitoring and auditing.

See also

Deployment architecture: Learn more about how the Secure Agent integrates with your environment and supports secure metadata extraction.

Related articles

Was this article helpful?
0 out of 0 found this helpful