Skip to main content

Datafold deployment options

Datafold is a web-based application that can be deployed and accessed by your team in two major modes:

Datafold SaaS Cloud

Multi-tenant deployment hosted on AWS in us-west-2 (Oregon) region. This is a great cost-efficient option for most teams that you can sign up today for.

For additional security, the following options are available:

  1. IP Whitelisting – only allow access to your databases and other resources to specific IP addresses
  2. AWS PrivateLink - AWS PrivateLink allows you to set up a limited network point to access your RDS in the same region
  3. VPC Peering - VPC Peering joins two networks together
  4. SSH Tunnel – set up a secure tunnel between your network and Datafold with the SSH server at your side
  5. Reverse SSH Tunnel – set up a secure tunnel between your network and Datafold with the SSH server at Datafold's side
  6. IPSec Tunnel – an IPSec tunnel setup

Datafold Dedicated Cloud

A single-tenant dedicated deployment of the Datafold application in a dedicated Virtual Private Cloud (VPC).

The VPC can be:

  1. Customer-hosted
  2. Datafold-hosted

Datafold Dedicated Cloud can be deployed to all major cloud providers:

VPC vs VNet

We use the term VPC accross all major cloud providers. However, Azure calls this concept a Virtual Network (VNet).

Datafold Dedicated Cloud FAQ

What is the benefit of a Dedicated Cloud deployment?

Dedicated Cloud deployment may be the preferred deployment method by customers with special privacy and security concerns and in highly regulated domains. In a Dedicated Cloud deployment, the entire Datafold stack runs on dedicated cloud infrastructure and network, which usually means it is:

  1. Not accessible to public Internet (sits behind customer's VPN)
  2. Uses internal network to communicate with customer's databases and other resources – none of the data is sent using public networks

How does a Customer-hosted Dedicated Cloud deployment work?

Datafold is deployed to customer's cloud infrastructure but is fully managed by Datafold. The only DevOps involvement needed from the customer's side is to set up a cloud project and role (steps #1 and #2 below).

  1. Customer creates a Datafold-specific namespace in their cloud account (subaccount in AWS / project in GCP / subscription or resource group in Azure)
  2. Customer creates a Datafold-specific IAM resource with permissions to deploy the Datafold-specific namespace
  3. Datafold Infrastructure team provisions the Datafold stack on the customer's infrastructure using fully-automated procedure with Terraform
  4. Customer and Datafold Infrastructure teams collaborate to implement the security and networking requirements, see all available options

See cloud-specific instructions here:

After the initial deployment, the Datafold team uses the same procedure to roll out software updates and perform maintenance to keep the uptime SLA.

How does Datafold-hosted Dedicated Cloud deployment work?

Datafold is deployed in the customer's region of choice on AWS, GCP, or Azure that is owned and managed by Datafold. We collaborate to implement the security and networking requirements such that traffic is not crossing the public internet or does it in a secure way. All available options are listed below.

What additional security and networking options are available?

Because the Datafold application is deployed in a dedicated VPC, your databases/integrations are not directly accessible when they are not exposed to the public Internet. The following solutions can be used to securely connect to your databases/integrations without the need to expose them to the public Internet:

Can Datafold be deployed and managed by the customer's internal team?

Please inquire with about customer-managed deployment options.