Skip to main content
Version: 2.15.0

Glasswall Halo FAQs

When submitting a request to Glasswall Halo, what steps does a file go through?
  1. The file is sent to the REST API.
  2. The file is stored on a persisted volume within the cluster.
  3. A message is sent to the Engine service to process the file.
  4. The Engine service receives the message to process a file.
  5. That file is read from the persisted volume and is then processed by the Glasswall Engine.
  6. The clean file and analysis report are then stored in the persisted volume.
  7. A message is sent to the report extractor so the Engine report can be generated.
  8. A message is then sent back to the API from the Engine service.
  9. The API receives the message from the Engine and reads either the clean file, report, or both from the persisted volume and generates the correct response to the client.
  10. A message is then sent to the report extractor from the API.
  11. The report extractor receives this message and generates a report from the analysis file and the API.
  12. Metric data is then generated.
  13. Finally the original file, clean file, and analysis report are deleted from the persisted volume.
What types of files can Glasswall Halo process?

Glasswall Halo supports a wide range of file types including PDFs, Office documents (Word, Excel, PowerPoint), images, and more. It ensures that all processed files are safe and retain their original functionality.

How are files stored?

Original files, clean files, and analysis reports are stored in a persisted volume backed by either Azure File Share (Azure) or Amazon Elastic Block Store (AWS).

Reports can be stored in Azure Blob Storage (Azure), S3 (AWS), or a persisted volume.

How is the system configured and deployed?

Glasswall Halo can be deployed in a Kubernetes environment, leveraging Helm charts for easy setup and configuration. Detailed deployment instructions are provided in the documentation. You may also deploy via an OVA.

How does Glasswall Halo handle file types that it cannot process?

An error report is returned to the user.

How long does the file persist in shared storage?

Original files, clean files, and analysis reports are stored until the report generation is complete.

What are the maximum nested levels of archives?

A maximum of 5 levels of nested archives are supported by Glasswall Halo.

What are the archive types?

The following archive types are supported in Glasswall Halo: Zip, Tar, Zip, 7Zip, Rar.

What are the Content Management Flags?
  • Allow – 0
  • Sanitise – 1
  • Disallow – 2
What does the code mean in the error response?

Within the error response, Glasswall Halo returns a "code" which indicates a particular scenario.

Error codes start with the HTTP response code and include a number to indicate the specific error.
For more information please refer to our API documentation.

Can I amend the replica count of the rebuild pods to increase performance?

Yes, the current configuration includes contingency for workloads that are more challenging than the average file. Whilst it may be possible to increase the replicas count and observe improved performance, the consequence might be increased errors if the concurrent load depleted the available memory.

Can I use a larger node size to improve performance?

This is possible and would therefore allow the replicas count per node to be amended without necessarily experiencing any scarcity of compute resources.

However, assigning more workloads to a single node increases the blast radius should a node fail. Increasing the node count may achieve the same objective with less risk.

Why are you allocating memory larger than 1 GB if that’s the maximum file size?

The CDR process creates an intermediate representation of the original file, which may be much larger than the original file. Reserve values ensure that multiple large files can be processed.

How does license management work?

Glasswall provides customers with entitlement to process a number of files or a volume of data each day.

Currently Glasswall does not impose a technical limitation on over-consumption, but over-consumption is contractually prohibited.

A license-management layer will be introduced to Glasswall Halo, enforcing limits based on the entitlement.

Does Glasswall limit the number of engine calls?

Currently there is no hard limit on Engine calls beyond those implied by the base Helm Chart configuration.

Future versions may throttle throughput to align hourly and daily licensed capacity.

What is the maximum file size that you support?

1 GB.

Some files may require much more memory to CDR due to their structure or model representation requirements.

Why does Glasswall use some 3rd party services?

Glasswall is the world's premier CDR solution provider and uses select third-party components.

Rigorous static analysis, SCA, and IaC scanning ensure these components do not introduce vulnerabilities.
Glasswall is transparent about dependencies and enforces strict security standards.

Does Glasswall provide a software bill of materials (SBOM) for the deployment?

Glasswall generates SBOMs for the services that comprise the Halo deployment. These can be made available on request.

Do you only support v3 of Helm?

Yes, that is correct.

What information is sent back to Glasswall from my deployment?

Glasswall Halo is designed to run in a secure environment — no data is sent back to Glasswall.

Glasswall may request summary logs to verify license conformance, but no customer data ever leaves the environment without explicit administrator action.

Why do some of your services use Alpine as the base OS?

Most services will move to a hardened Alpine base image following CIS guidelines.
Alpine provides a minimal, security-hardened Linux distribution with a reduced attack surface.

Why am I seeing a 429 status code when Halo hasn't been used for a while? What should I do?

When Halo is overloaded, the request queue may build up and return 429 errors.
The system will eventually consume the backlog automatically.

If this takes too long — and you are comfortable losing queued messages — you can purge the queue:

kubectl exec -ncdrplatform -it RabbitMQ-server-0 -c RabbitMQ -- RabbitMQctl purge_queue engine-request-queue
How is the solution monitored and maintained?

Kubernetes-integrated monitoring tools provide insights into performance, resource usage, and health. Maintenance and updates are handled through Kubernetes to maintain security and stability.

What are the security measures in place to protect the data processed by Glasswall Halo?

Glasswall Halo employs encryption, secure communication protocols, strict access controls, and the CDR process itself, ensuring no malicious content passes through.

What support and resources are available?

Glasswall provides documentation, support services, and training resources for implementing and managing the solution.
Support includes online resources, customer support, and community forums.

What is the expected latency for file processing?

Latency depends on file size, type, and complexity.
Glasswall Halo is optimized to process files quickly to minimise delay.

How is performance and scalability managed?

Kubernetes allows Glasswall Halo to scale automatically based on load.
Using KEDA, Halo dynamically adjusts CDR service instances based on file traffic.

Learn more about Keda

Last updated on