Hey folks. Right now we are using Fleet (fleetdm) ...
# fleeta
arod
03/31/2021, 1:38 PMHey folks. Right now we are using Fleet (fleetdm) and the regular Osquery.
What are the benefits to switching over to "Orbit osquery". I tried looking for some docs but couldn't find any.
w
wkleinhenz
03/31/2021, 1:55 PMorbit is pretty new so that might be why the docs are lacking rn, id look at launcher for the time being
g
Gavin
03/31/2021, 1:55 PMI believe the target audience for Orbit is as an alternative for kolide/launcher and something to help reduce the management overhead of vanilla OSquery config management using a sidecar for those who don’t feel comfortable with traditional Config Management.
For example, people use launcher as a quick way of deploying OSquery and getting machines enrolled in the server but now their use case grows and they want to use additional extensions or use advanced runtime flags that is genuinely a PITA with launcher also the fact is uses GRPC as a transport mechanism can also introduce breaking behaviours over vanilla.
Gavin
03/31/2021, 1:57 PMMy personal OSquery tech journey was as follows.
• Doorman + OSquery + Puppet
• Fleet + OSquery + Puppet
• Fleet + Launcher
• Kolide SAAS + Launcher
• Fleet + Launcher
• Fleet + OSquery + Puppet
We may use orbit in the future since we don’t own puppet.
a
arod
03/31/2021, 2:27 PMThank you!
If I'm understanding things correctly, I can auto update my osquery agents with either launcher or orbit? All remotely?
Have not used either. I would prefer orbit since it's created for fleetdm fleet usage.
@Gavin
@wkleinhenz
arod
03/31/2021, 2:29 PMThe kolide website says this...
Copy code
That's why we built Kolide Launcher, an open-source project aimed to remove the hurdles of installing, updating and using osquery at scale.g
Gavin
03/31/2021, 2:42 PMyes orbit will auto update based upon a release channel and promotion level managed by the FleetDM team if you want to host / manage your own auto update frequency it will be a pro feature AFAIk.
a
arod
03/31/2021, 2:46 PMOooo. That is good to know @Gavin
Thanks.
z
zwass
03/31/2021, 3:25 PM
Yeah thanks Gavin doing my job for me! Orbit is quite new and we do need to further document the motivations. There will be more features coming in Fleet that will be supported only by Orbit, though we expect Launcher to remain compatible. (I wrote substantial portions of Launcher and basically all of Orbit).
zwass
03/31/2021, 3:31 PM
If you need something that has Windows support and is production ready today, I would recommend Launcher. If you can wait/help test while we stabilize things in Orbit over the next few weeks then I'd definitely go with Orbit -- will save you a migration later when you want to take advantage of the new features offered by Orbit.
r
Ryan
03/31/2021, 5:01 PMWill it support custom extensions as vanilla osquery does?
Ryan
03/31/2021, 5:02 PM(just reading the website, looks interesting!)
z
zwass
03/31/2021, 5:03 PM
Yes, Orbit currently lets you set any osquery flags you like, including to set up extensions. The packaging tooling doesn't currently bundle additional files such as extensions but you could make your own package that did so. Definitely planning to add that support though.
👍 1
zwass
03/31/2021, 5:04 PM
Our self-managed update server functionality coming to the paid product will also support updating custom extensions.
a
arod
04/02/2021, 10:20 PMAwesome. Thank you.
8 Views