[Website]: Diagram Missing Key Info: Agent Initiates Long Polling to Fleet Server (Security-Relevant Detail) #3427
Description
Type of issue
Missing information
What documentation page is affected
https://www.elastic.co/docs/reference/fleet/fleet-server
What happened?
Issue Summary:
The diagram titled “how Elastic Agents communicate with Fleet Server to retrieve agent policies” is missing a critical technical detail: Elastic Agent always initiates the connection to Fleet Server using an HTTP long polling request to retrieve its configuration.
Why This Matters:
This detail is especially relevant from a security and networking perspective. Customers often need to understand and verify that:
- There is no inbound connection from the Fleet Server to the Elastic Agent.
- The Elastic Agent is the client, initiating the communication over HTTP(S).
- This model supports firewall-friendly architecture and reduces attack surface, since only outbound connections from the Agent need to be allowed.
While this behavior is described in the accompanying textual documentation, the diagram alone can be misleading. We’ve received feedback from customers who mistakenly believed the Fleet Server was initiating connections, based solely on the diagram’s flow and lack of annotations.
Proposed Change:
Please update the documentation and the diagram to explicitly show or mention that:
- The Elastic Agent initiates the HTTP long polling request to the Fleet Server.
- Optionally, annotate the flow (e.g., “agent initiates connection”) or add a note near the “enroll” and “get policy” arrows to clarify the directionality.
Additional info
No response