How should your infrastructure connect to Red Hat Lightspeed?

Maintaining operational stability while securing infrastructure against an ever-growing list of vulnerabilities is a daily balancing act. Red Hat Lightspeed provides the core services required to manage your infrastructure at scale.

However, getting the most out of these services requires making a strategic decision: How should your infrastructure connect to Red Hat Lightspeed?

The process of choosing a deployment architecture goes beyond engineering; it must also take business strategy into account, as it affects your data privacy, infrastructure costs, and operational agility. Red Hat Lightspeed offers 3 distinct architectural models, outlined in Figure 1.

Figure 1. Lightspeed architectural models

The model you choose will depend on your organization's regulatory requirements and risk appetite. Here’s how to think about the ways each model might align with your business goals.

Hosted (direct): Maximum agility and lowest TCO 

In the hosted model, which is included in your Red Hat Enterprise Linux (RHEL) subscription, every RHEL node in your environment connects directly to Red Hat Lightspeed via the internet.

• The business value: This is the ultimate low-friction approach. It offers the fastest time to value with minimal setup complexity. Your teams gain immediate, real-time access to the full suite of services, including advisor, vulnerability, and compliance services, without any additional infrastructure overhead. This capability is included in your RHEL subscription.
• The trade-off: Every node requires outbound internet access, and telemetry data resides in the Red Hat-hosted cloud.
• The verdict: Ideal for organizations prioritizing speed, minimizing infrastructure costs, and operating in standard commercial environments where public cloud data residency is acceptable.

Proxied via Satellite: The secure middle ground

For organizations that need centralized control over their network traffic, the proxied via Satellite architecture provides an elegant compromise. Internal nodes remain safely isolated from the public internet, routing all Red Hat Lightspeed traffic through a centralized Red Hat Satellite egress gateway.

• The business value: You maintain the real-time cloud sync benefits and full feature availability of the hosted model, but with a significantly enhanced security posture. Your internal network remains dark to the outside world, satisfying the requirements of most internal security and compliance teams.
• The trade-off: Setup complexity is moderate, requiring the management of a Red Hat Satellite infrastructure.
• The verdict: The gold standard for standard enterprise and financial environments. It balances robust internal network security with the power of real-time cloud analytics.

This feature requires a Red Hat Satellite subscription.

On-premise (air-gapped): Absolute data sovereignty

Organizations in industries like defense or critical infrastructure, or in highly regulated public sectors, cannot allow any data to leave their physical networks. For these environments, Red Hat Lightspeed offers a subset of services in an on-premise architecture that uses disconnected Red Hat Satellite syncs and containerized Red Hat Lightspeed services.

• The business value: Uncompromising data residency. Telemetry data is analyzed entirely within your walls. With this model, you can still leverage powerful analytics (advisor) and vulnerability tracking without violating strict air-gap mandates.
• The trade-off: While setup complexity is manageable (moderate), this model requires maintaining locally synced data rather than relying on real-time cloud updates.
• The verdict: The mandatory choice for zero-trust, highly classified, or strictly regulated environments where absolute data sovereignty is the non-negotiable priority.

This feature requires a Red Hat Satellite subscription.

Making the right call

Select the architecture that aligns with your operational capabilities and risk tolerance; there is no universal right choice.

By understanding the differences between hosted, proxied, and on-premise deployments, decision makers can give their teams the tools they need to proactively secure and manage their RHEL fleets, without compromising their organization's compliance and security standards.

Additional reading

• “Red Hat Satellite synchronization with Red Hat Lightspeed:” In-depth blog post on how Satellite interacts with Red Hat Lightspeed (previously known as Insights).
• “Red Hat Lightspeed advisor in Red Hat Satellite:” In-depth blog post on Red Hat Lightspeed configuration with Satellite for on-premise, air-gapped deployments.
• Red Hat Lightspeed information portal