Upsolver Security Overview

Regardless of whether you choose to deploy Upsolver on your virtual private cloud or ours, Upsolver clusters read data from S3, process it in-memory and write back to the S3 bucket. We never store any of your data, but you can choose where our processing, serving and streaming clusters will reside.

Your VPC or Ours? Upsolver offers two basic deployment models: Upsolver VPC or Private VPC. This determines where we process data and store the local API.

Fully Secure

Upsolver VPC

Data storage is done only on your Amazon S3, but data processing is done on EC2 clusters residing in Upsolver's AWS account

Shockingly Easy

Private VPC

Data never leaves your AWS account and Upsolver employees have no access to it. We'll remotely manage EC2 clusters in your account,

Unlock the value of your data.

Prepare to be astounded by how easy it is to prepare your data streaming.

Private VPC: Frequently Asked Questions

Does Upsolver maintain any security certifications?

Upsolver is certified as SOC 2 Type II compliant. A SOC 2 Type II report details the controls a cloud-based services company has in place to keep customer data safe and how well those controls are operating.

upsolver soc 2

How is Upsolver deployed on private VPC?

When deploying Upsolver on private VPC, it is deployed entirely in your AWS account. In this option, Upsolver is unable to access any of your data, and is restricted to managing compute clusters on your AWS account.

Where is the Upsolver web app deployed?

The Upsolver web interface (accessible via is hosted on a public Amazon S3 bucket. It connects to the public Upsolver API, which redirects it to the private API that is hosted on your AWS account. The public API is unable to access any data in your account.

How are data access and management separated?

Upsolver creates two separate roles in your account:

  • Management role – can manage servers but cannot access data. This role can be assumed by Upsolver’s AWS account for troubleshooting or configuration purposes.
  • Data role – has access to data in S3 and Kinesis. This role is only assumable within your AWS account and cannot be assumed by Upsolver.

Who can access my account?

You control who can access your account by defining allowed and disallowed IP addresses. You can choose to permit Upsolver’s support team to access your web UI instance for troubleshooting and configuration purposes.

What internet traffic does the API use?

In private VPC, Upsolver does not require any inbound internet access. The private API does require outbound internet access, used for the following:

  • Reading system configuration details
  • Sending system metrics to Upsolver to ensure uptime and availability
  • Sending logs (optional)
  • AWS SDK calls (Athena, S3, Glue)

How does Upsolver handle troubleshooting and support?

Troubleshooting is done based on system logs and metrics. Upsolver support might ask for additional information or access, which the customer can choose to share but is not obligated to do so. Access can be granted and removed instantly by modifying the security group IPs.

data lake ETL Demo

Batch and streaming pipelines.

Streaming plus batch in a single pipeline platform

No Airflow – orchestration inferred from data

$99 / TB of data ingested | unlimited free pipelines

Get Started Now


All Templates

Explore our expert-made templates & start with the right one for you.