Upsolver enables many ways to manage and customize the default network infrastructure. This article explains various deployment models.
In Upsolver deployments, compute servers run on Upsolver’s account. The data resides in your Amazon S3 bucket. Data processing takes place within Upsolver's account. Access to data and the data itself is granted from outside of your account. Upsolver processes the data and writes the results back to your Amazon S3 bucket. This is how Upsolver processes can access your data.
You can deploy Upsolver in your own private VPC. We recommend creating a new VPC for the Upsolver deployment. But we also support deploying to an existing private VPC. The Upsolver Compute Servers run in your own AWS account. The private VPC deployment model differs from an Upsolver fully-managed deployment model in three ways:
- 1.You pay for compute time as Upsolver is deployed in your own VPC.
- 2.Setup takes a little longer than it does with Upsolver-managed deployment.
- 3.The location of the servers you spin up differs per model, though you manage the servers the same way and they behave the same way.
When you deploy Upsolver to your private VPC, you have two options:
- Default (recommended): Deploy into a new VPC. The deployment CloudFormation creates all the necessary components to ensure everything works as expected. This option also ensures easier resource management and security configurations.
- Existing VPC:
- Requires additional security configurations.
- You manage Upsolver resources along with existing resources within the VPC.
Data encryption is defined as part of the connection to the Amazon S3 bucket. All communications occur over HTTPS, and all data is encrypted at wire speed using SSL.
As a cloud-native solution, Upsolver does not store any data locally on the server. It stores data only in Amazon S3. You can choose between server-side encryption or client-side encryption within the Amazon S3 connection.
Upsolver integrates with the Cloud provider’s native KMS solutions. You have the following options:
- 1.Default encryption – existing Amazon S3 default configuration.
- 2.Server-side encryption using Amazon KMS (SSE-KMS) – You provide the key’s ARN.
- 3.Server-side encryption using Customer-Managed Keys (SSE-CMK) – You provide the encryption key.