<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=315693165909440&amp;ev=PageView&amp;noscript=1">

Upsolver Security Overview

Regardless of whether you choose to deploy Upsolver on your virtual private cloud or ours, Upsolver clusters read data from S3, process it in-memory and write back to the S3 bucket. We never store any of your data, but you can choose where our processing, serving and streaming clusters will reside.

Your VPC or Ours?

Upsolver offers two basic deployment models: Upsolver VPC or Private VPC. This determines where we process data and store the local API.


Upsolver VPC

Data storage is done only on your Amazon S3, but data processing is done on EC2 clusters residing in Upsolver's AWS account

Private VPC

Data never leaves your AWS account and Upsolver employees have no access to it. We'll remotely manage EC2 clusters in your account,

Private VPC: Frequently Asked Questions

How is Upsolver deployed on private VPC?

When deploying Upsolver on private VPC, it is deployed entirely in your AWS account. In this option, Upsolver is unable to access any of your data, and is restricted to managing compute clusters on your AWS account.

Upsolver private VPC deployment

Where is the Upsolver web app deployed?

The Upsolver web interface (accessible via app.upsolver.com) is hosted on a public Amazon S3 bucket. It connects to the public Upsolver API, which redirects it to the private API that is hosted on your AWS account. The public API is unable to access any data in your account.

How are data access and management separated?

Upsolver creates two separate roles in your account:

  • Management role - can manage servers but cannot access data. This role can be assumed by Upsolver’s AWS account for troubleshooting or configuration purposes.
  • Data role - has access to data in S3 and Kinesis. This role is only assumable within your AWS account and cannot be assumed by Upsolver.

Who can access my account?

You control who can access your account by defining allowed and disallowed IP addresses. You can choose to permit Upsolver’s support team to access your web UI instance for troubleshooting and configuration purposes.

What internet traffic does the API use?

In private VPC, Upsolver does not require any inbound internet access. The private API does require outbound internet access, used for the following:

  • Reading system configuration details
  • Sending system metrics to Upsolver to ensure uptime and availability
  • Sending logs (optional)
  • AWS SDK calls (Athena, S3, Glue)

How does Upsolver handle troubleshooting and support?

Troubleshooting is done based on system logs and metrics. Upsolver support might ask for additional information or access, which the customer can choose to share but is not obligated to do so. Access can be granted and removed instantly by modifying the security group IPs.



Still have questions? Let's have a quick chat.

Schedule a free, no-strings-attached demo to discover how Upsolver can radically simplify data lake ETL in your organization.

Get a Demo