# Replica Implementation Guide

### Overview

Replica provides secure, isolated virtual environments delivered in the browser. Users can browse, research, analyze, or run automated tasks without exposing their identity, device, or infrastructure to the public internet. All traffic exits through a configurable egress point.

Replica is a SaaS application. It runs over the public internet. No special hardware or local software is required. Users sign in at their instance URL and get a full desktop experience over VDI in the browser.

```mermaid
flowchart LR
    user1[User's Browser]
    user2[User's Browser]
    user3[User's Browser]
    vpn1[Commercial VPN Egress]
    vpn2[Cloud VPN Egress]
    vpn3[Residential Proxy Egress]
    internet([Public Internet])
    subgraph Replica
        direction LR
        subgraph ve1[Virtual Environment]
            os1[OS/Applications/Browser/Files]
        end
        subgraph ve2[Virtual Environment]
            os2[OS/Applications/Browser/Files]
        end
        subgraph ve3[Virtual Environment]
            os3[OS/Applications/Browser/Files]
        end
    end
    ve1 --- vpn1 --- internet
    ve2 --- vpn2 --- internet
    ve3 --- vpn3 --- internet
    user1 -- VDI stream --- ve1
    user2 -- VDI stream --- ve2
    user3 -- VDI stream --- ve3
```

Each user's browser connects to a Virtual Environment over VDI. Internet traffic leaves through a separately configured egress point. The user's real network is never exposed to the public internet.

Common deployment patterns include:

* **Research and OSINT teams** who need attribution-managed workspaces
* **Security teams** running malware analysis or dynamic execution in isolated environments
* **Operations teams** automating recurring data collection via scheduled Jobs
* **Training environments** for analysts working in a contained space

Talk with your Replica representative early. They can help map your workflows to the Operational View that fits your organization.

### Things to Think About Before You Start

Replica is quick to deploy. A few early decisions will make onboarding smoother:

#### Who will use it, and how?

Identify your user types and what they will do in Replica. That will shape the environments you provision and the roles you assign. Also decide who will act as Platform Admin. That person will manage users, groups, and settings over time.

#### Access structure

Replica uses role-based access control. Plan that structure before you provision users.

Questions to answer:

* Which users need standard access (Core role) vs. API/automation access vs. admin access?
* Do you have multiple teams or operational units that should be organized into groups?

Groups make resource visibility and assignment much easier to manage at scale.

See [Roles and Permissions](/admin-guide/user-management/roles-and-permissions.md) for more.

#### Egress strategy

Egress determines where your environments' internet traffic appears to originate. That directly affects how your team can operate online. Replica supports several egress types, each with tradeoffs in geography, attribution, and performance. You'll review this with your Replica representative during onboarding . See [Egress](/admin-guide/egress.md).

<figure><img src="/files/ggeIASdd93tC777UEnhl" alt=""><figcaption></figcaption></figure>

#### VE lifecycle policy

There is no fixed expiration on Virtual Environments. They can run for minutes or for months. Best practice is to delete a VE when its task is complete. Decide the policy that works best for your goals before users start creating environments. Cleanup habits are easier to establish early. See [Virtual Environment Lifetime and Best Practices](/faqs/virtual-environment-lifetime-and-best-practices.md).

#### Any integrations?

If you need SSO, external log storage, or telephony features, flag that early. These features have prerequisites that should be in place before onboarding. Your Replica representative can help you plan them.

### Technical Requirements and Considerations for IT Teams

Replica runs entirely in the browser. There is no software to install and no on-premise infrastructure to manage. IT teams still play a key role during rollout.

#### Technical requirements

For the best experience, each user's connection should meet these requirements:

| Requirement       | Specification                                                        |
| ----------------- | -------------------------------------------------------------------- |
| Connection speed  | Broadband (≥ 25/3 Mbps)                                              |
| Latency           | < 100ms (required) / < 50ms (recommended) / < 25ms (preferred)       |
| Connection method | Direct internet connection (public preferred)                        |
| Firewall          | Allow all HTTPS, WebSocket, and QUIC to the Replica instance address |
| Browser           | Latest stable version of Chrome or Edge                              |

Users should connect directly to Replica. They should not connect through a corporate VPN, remote browser, virtualized desktop, or another VDI solution such as Citrix. Those layers duplicate Replica functionality, add latency, and can cause compatibility issues. If your organization uses traffic inspection or filtering software, such as ZScaler or Akamai, allowlist the Replica instance address.

#### Single Sign-On

Replica supports SSO through SAML 2.0 and OpenID Connect. You can require SSO for some users or all users. You can also map roles automatically from your identity provider to Replica roles, so users receive the right access without manual assignment.

Replica's team handles SSO setup. If your organization requires it, contact support early. It should be in place before users are provisioned. If you are not using SSO, Replica manages authentication natively with configurable password and session policies. See [User Policies](/admin-guide/user-management/user-policies.md).

#### Log export and SIEM integration

Replica can export log data to Splunk or to an external S3-compatible bucket. An external bucket can feed a SIEM or another log pipeline. If your organization has log retention requirements, set this up before go-live. See [Logging](/admin-guide/logging.md).

### Compliance & Audit

Replica is designed for auditability. This section summarizes what compliance teams and auditors should know.

#### What Replica logs

Replica captures a broad range of platform activity. That includes authentication events, user and environment actions, file transfers, clipboard usage, DNS queries, and select network traffic. Retention varies by category, from 1 day for packet captures to 180 days for authentication and API activity. See [Logging](/admin-guide/logging.md) for the full schedule.

#### The Audit role

Users with the Audit role have read-only access to logs and the monitoring dashboard. They cannot modify platform configuration or user data. Assign this role to compliance or audit staff who need visibility without admin privileges. See [Roles and Permissions](/admin-guide/user-management/roles-and-permissions.md).

#### Data and egress privacy

Replica does not log or retain egress traffic in transit. The platform routes traffic through egress, but it does not inspect or store the content. In production environments, all Replica Cyber system access to your instance is audited. Access occurs only when needed for support, maintenance, or security response. See [Can Replica Cyber see our activity?](https://docs.replicacyber.com/faqs/can-replica-cyber-see-our-activity)

#### Security posture

Replica undergoes regular security audits and penetration testing. Full trust and compliance documentation is available at [trust.replicacyber.com](https://trust.replicacyber.com/).

### Preparing Your Users

Before first login, a little preparation prevents a lot of support friction.

#### Connection requirements

Users should connect to Replica directly. Traffic inspection or filtering software should be configured to allowlist all traffic to your Replica instance address without filtering overhead. See [Technical Requirements](#technical-requirements).

#### Troubleshooter Portal

Have trial users run the [Troubleshooter Portal](/user-guide/troubleshooter.md). It checks system and network configuration and surfaces issues early. It takes a few minutes and saves a lot of back-and-forth.

#### Set expectations before go-live

Send a short note before first login that covers:

* What Replica is and what they'll be using it for
* The correct instance URL (`https://[instance].replicacyber.com`)
* What to expect on first login, such as any preconfigured images or environments, and custom configurations
* Where to go if something doesn't work

### Onboarding

#### Admin readiness

Your Platform Admin should be comfortable with the [Admin Guide](https://docs.replicacyber.com/admin-guide/) before supporting end users. They should know how to manage users and groups, and access monitoring and logs.

#### End user training

Operators should be comfortable with four things:

1. Logging in and navigating to their Virtual Environments
2. Launching, using, and deleting a VE
3. Using file and clipboard transfer (if applicable)
4. How to reach out for support

The [User Guide](https://docs.replicacyber.com/user-guide/) covers all of this. Share it directly with operators.

#### Developers and automation users

Users working with Jobs or Enclave Scripts should review the [Developer Guide](https://docs.replicacyber.com/developer-guide/) before building production workflows.

#### Consider a pilot

If you are onboarding a larger team, run a small pilot first. Have that group work through real workflows before full rollout. Pilot feedback often surfaces configuration tweaks and training gaps that are much easier to fix early.

### Go-Live Checklist

Use this as a final check before cutting over to full deployment.

**Access and Users**

* [ ] Platform Admin identified
* [ ] All user accounts created with correct roles assigned
* [ ] Groups created and populated
* [ ] Audit role assigned to compliance/security owner

**IT & Security**

* [ ] Network allowlist confirmed (Replica instance address reachable without traffic inspection interference)
* [ ] SSO configured and tested (if applicable)
* [ ] Log export configured and verified (if applicable)

**Environments**

* [ ] VE images assigned to users/groups
* [ ] VE lifecycle and best practices communicated to users

**User Readiness**

* [ ] Test/trial users have run the Troubleshooter Portal
* [ ] Orientation/onboarding completed

**Support**

* [ ] Support contact shared with all users (`support@replicacyber.com`)
* [ ] Internal escalation path documented

***

### Sustaining the Deployment

A few areas are worth reviewing regularly after go-live:

**User management:** Add users, adjust roles as responsibilities change, and disable departing users promptly. Replica retains disabled users for audit history rather than deleting them.

**VE hygiene:** Reinforce your VE lifecycle policy. Environments that outlive their purpose accumulate unnecessary risk.

**Egress:** Review your egress configuration periodically as operational needs evolve.

**Monitoring and audit:** Make sure your compliance owner has access to logs and is reviewing them on a regular cadence.

**Stay in touch with your Replica representative:** Replica is actively developed. Your account manager is the best source for new features and how they might support your workflows.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.replicacyber.com/implementation-guide/replica-implementation-guide.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.