Skip to content

[v12] Update FAQ for on-prem data collection #24512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
espadolini merged 1 commit into from
Apr 13, 2023
Merged

[v12] Update FAQ for on-prem data collection #24512

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 17 additions & 8 deletions docs/pages/faq.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,19 +116,28 @@ Teleport offers this feature for the [Enterprise versions of Teleport](choose-an

## Does Teleport send any data back to the cloud?

The open source and Enterprise editions of Teleport do not send any information
to our company, and can be used on servers without internet access.
The open source edition of Teleport does not send any information to our
company, and can be used on servers without internet access.

The commercial editions of Teleport can optionally be configured to send
anonymized information, depending on the license purchased. This information
contains the following:

- Anonymized user ID: SHA256 hash of a username with a randomly generated prefix.
- Anonymized server ID: SHA256 hash of a server IP with a randomly generated prefix.

This allows Teleport Cloud and Teleport Enterprise to print a warning if users
are exceeding the usage limits of their license. The reporting library code is
[on GitHub](https://github.com/gravitational/reporting).
- Teleport license identifier;
- anonymized cluster name and Teleport auth server host ID;
- for each Teleport user, the anonymized user name and a per-protocol count of
interactions - Teleport logins, SSH and Kubernetes exec sessions, Application
access web sessions and TCP connections, SSH port forwards, Kubernetes API
requests, SFTP actions.

The anonymization is done by passing names and IDs through HMAC-SHA-256, with a
HMAC key that's randomly generated when the Teleport cluster is initialized for
the first time and is never shared with us; this makes it infeasible for anyone
without access to the cluster to deanonymize the data we store.

The code that aggregates and anonymizes this data can be found [in our
repository on
GitHub](https://github.com/gravitational/teleport/tree/master/lib/usagereporter/teleport/aggregating).

Reach out to `sales@goteleport.com` if you have questions about the commercial
editions of Teleport.
Expand Down