Skip to main content

Control Plane

The Aserto Control Plane provides a central management layer for Topaz authorizers, and brings three important capabilities:

  • Policy lifecycle management: facilitating a policy-as-code workflow, and distributing policy changes to Topaz instances in under a second, using an eventing fabric.
  • Directory management: manifest and data changes to the central directory are distributed to Topaz instances using the same fabric.
  • Decision log aggregation: decision logs gathered by the Topaz instances are collected and transmitted to the Control Plane using exactly-once, in-order semantics. They are then aggregated into a composite decision log interface, which can be streamed or batched into a customer's logging / SIEM system.

Control Plane and Edge Authorizers

When a Topaz instance connects to the Control Plane, we call it an Edge Authorizer. The Control Plane can relay commands to the edge authorizers that are connected to it. See the Control Plane Guide for more information.