Skip to main content

Datafold deployment options

Datafold is a web-based application that can be deployed and accessed by your team in two major modes:

Datafold SaaS Cloud

Multi-tenant deployment hosted on AWS in us-west-2 (Oregon) region. This is a great cost-efficient option for most teams that you can sign up today for.

For additional security, the following options are available:

  1. IP Whitelisting – only allow access to your databases and other resources to specific IP addresses
  2. AWS PrivateLink - AWS PrivateLink allows you to set up a limited network point to access your RDS in the same region
  3. VPC Peering - VPC Peering joins two networks together
  4. SSH Tunnel – set up a secure tunnel between your network and Datafold with the SSH server at your side
  5. [Reverse] SSH Tunnel – set up a secure tunnel between your network and Datafold with the SSH server at Datafold's side
  6. IPSec Tunnel – an IPSec tunnel setup

Datafold Dedicated Cloud

A single-tenant dedicated deployment of the Datafold application in a dedicated Virtual Private Cloud (VPC) region.

The VPC region can be:

  1. Customer-owned
  2. Datafold-owned (with a VPC peering set up to the customer's VPC)

Datafold Dedicated Cloud can be deployed to all major cloud providers:

Datafold Dedicated Cloud FAQ

What is the benefit of a Dedicated Cloud deployment?

Dedicated Cloud deployment may be the preferred deployment method by customers with special privacy and security concerns and in highly regulated domains. In a Dedicated Cloud deployment, the entire Datafold stack runs on dedicated cloud infrastructure and network, which usually means it is:

  1. Not accessible to public Internet (sits behind customer's VPN)
  2. Uses internal network to communicate with customer's databases and other resources – none of the data is sent using public networks

How does a Customer-owned Dedicated Cloud deployment work?

Datafold is deployed to customer's cloud infrastructure but is fully managed by Datafold. The only DevOps involvement needed from the customer's side is to set up a cloud project and role (steps #1 and #2 below).

  1. Customer creates a Datafold-specific namespace in their cloud account (subaccount in AWS / project in GCP)
  2. Customer creates a Datafold-specific IAM role with permissions to deploy the Datafold-specific namespace
  3. Datafold Infrastructure team provisions the Datafold stack on the customer's infrastructure using fully-automated procedure with Terraform

See cloud-specific instructions here:

After the initial deployment, the Datafold team uses the same procedure to roll out software updates and perform maintenance to keep the uptime SLA.

How does Datafold-owned Dedicated Cloud deployment work?

Datafold is deployed in the customer's region of choice on AWS, GCP, or Azure that is owned and managed by Datafold. A VPC peering is set up to securely connect customer's VPC and Datafold's VPC that is running the dedicated deployment.

Can Datafold be deployed and managed by the customer's internal team?

Please inquire with about customer-managed deployment options.