How are resources isolated?

Have more questions? Submit a request

Each Atlan customer has their own isolated set of nodes within Kubernetes.

  • Our deployments isolate all running services. This includes the metastore and its persistence in Cassandra and Elasticsearch.
  • The backing persistence for these services is also isolated through distinct AWS VPCs.

Single-tenant SaaS

For single-tenant SaaS deployments:

  • The underlying Kubernetes control plane and networking layer (coredns) are shared between tenants. We use Loft's virtual clusters to isolate these logically.
  • The compute resources (nodes, nodegroups) and storage are physically isolated between tenants.
  • Only Atlan's cloud team is able to manage the AWS resources across these levels of isolation.

Single-tenant SaaS in dedicated subaccount

For single-tenant SaaS deployments in a dedicated subaccount:

  • The underlying compute resources are isolated through distinct AWS EKS clusters. In addition to compute resources and storage, this also physically isolates the control plane and networking.
  • Distinct AWS sub-accounts are also used to further isolate the AWS VPCs used for backing persistence.
  • Only Atlan's cloud team is able to manage the AWS resources across these sub-accounts.

Related articles

Was this article helpful?
1 out of 1 found this helpful