Each Atlan customer has their own isolated set of nodes within Kubernetes.
- Our deployments isolate all running services. This includes the metastore and its persistence in Cassandra and Elasticsearch.
- The backing persistence for these services is also isolated through distinct AWS VPCs.
For single-tenant SaaS deployments:
- The underlying Kubernetes control plane and networking layer (coredns) are shared between tenants. We use Loft's virtual clusters to isolate these logically.
- The compute resources (nodes, nodegroups) and storage are physically isolated between tenants.
- Only Atlan's cloud team is able to manage the AWS resources across these levels of isolation.
Single-tenant SaaS in dedicated subaccount
For single-tenant SaaS deployments in a dedicated subaccount:
- The underlying compute resources are isolated through distinct AWS EKS clusters. In addition to compute resources and storage, this also physically isolates the control plane and networking.
- Distinct AWS sub-accounts are also used to further isolate the AWS VPCs used for backing persistence.
- Only Atlan's cloud team is able to manage the AWS resources across these sub-accounts.