Skip to content

Frequently Asked Questions

Resource Management

Can Private Locations be deployed on Windows, or are Linux/Kubernetes required?

Kubernetes deployments through the Helm chart provided by Escape is recommended, but not required.

The Private Location can be deployed on Windows as a standalone binary running as a service or directly in a terminal.

If you go to the releases page, you will find the latest version of the Private Location for Windows and MacOS.

You can also clone the repository and build the binary yourself.

Yes, resource requirements scale with traffic volume. While the basic configuration (1 vCPU, 2GB RAM) is sufficient for initial deployment.

You should monitor usage and scale resources based on:

  • Number of concurrent scans
  • Volume of scan requests
  • Integration complexity
  • Network latency

Monitor your Private Location's performance through logging and monitoring and contact our support team if you need assistance with scaling.

How many Private Locations are needed depending on the number of scan profiles?

The important number to record here is not the number of scan profiles, but the number of scans running simultaneously.

  • If you have 50 scans profiles but each of thems run at different times, you will only need one Private Location.
  • If you configured 10 scans to run at the same time, you may need more than one Private Location (depending on the API size and the Private Location resources).

Availability & Connectivity

Does the Private Location restart automatically if it disconnects?

Yes, the Private Location includes automatic restart capabilities. When deployed using Docker Compose or Helm with the restart: always policy, the service will automatically restart if it becomes disconnected or encounters issues.

Does the Private Location turn off after a certain amount of time or lack of connections from Escape?

No, the Private Location remains active as long as it maintains connectivity to the Escape platform. The service continuously pings the Escape platform at regular intervals (approximately every second) to maintain its connection status and availability for scan requests.

What type of traffic goes through port 80, and can it be disabled?

Port 80 is used as a fallback connection method when SSH connections through port 2222 are not possible. This fallback mechanism was primarily used in previous "Repeater" deployments and can be safely disabled without affecting normal operations. All traffic will then go through secure channels (SSH on port 2222), which is the recommended configuration for production deployments.

Health Monitoring

How does Escape determine if a Private Location is alive and operational?

Escape monitors Private Location health through continuous heartbeat mechanisms:

  • Regular Pings: The Private Location sends periodic health checks to the Escape platform (approximately every second)
  • Connection Status: The platform tracks the connection status and availability of each Private Location
  • Response Monitoring: Escape monitors response times and success rates of scan requests

You can monitor your Private Location's health and performance through the Escape platform's Private Locations page and implement additional monitoring using the logging and monitoring capabilities.

Can I restart the Private Location automatically if it disconnects?

Yes, by default on the Helm deployment, a private location will restart automatically if it disconnects. You can update the livenessProbe to customize this behavior.

If you are not using the Helm deployment, you can set the HEALTH_CHECK_PORT environment variable to the port of your choice (>1000 as the container should not run as root).

By hitting the /health endpoint, you can check if the Private Location is alive and operational and restart it if needed.

Troubleshooting

If you experience connectivity issues or need to troubleshoot your Private Location:

  1. Check the deployment configuration and ensure your API key is correctly set
  2. Verify firewall settings allow the necessary outbound connections
  3. Review SSL/TLS configuration if using secure connections
  4. Monitor logs using the logging and monitoring tools
  5. Contact our support team for assistance with persistent issues