Deploying Satori DataSecOps
Satori provides multiple deployment options to support the operational and security requirements of organizations.
Data Access Controller as a Service
For organizations looking to offload the operational overhead of hosting a DAC, Satori provides a DAC as a service deployment option. Organizations do not have to manage compute, storage or worry about software upgrades and patching, as they are handled by Satori and fully transparent.
Organizations use a DAC in the same public cloud region as the data store, and data never traverses outside of the region. DAC as a service supports any type of data store, IaaS, PaaS and DBaaS.
IaaS and PaaS Data Stores
For data stores hosted in the organization's VPC, like AWS Redshift or AWS RDS.
DBaaS Data Stores
For data stores as a service like Snowflake or Google BigQuery.
The SaaS service provides a 99.99% uptime SLA, the service is fully managed by Satori, all operational aspects are owned by Satori.
Customer Hosted Data Access Controller
Designed for organizations that require ownership for all aspects of operating a Satori DAC, Satori provides a customer-hosted DAC.
Customer-hosted DACs are identical to SaaS DACs. The customer is required to download, deploy and upgrade the software, as well as maintain the infrastructure that the DAC requires.
Before customer-hosted DACs can be deployed in the customer environment Satori must to approve and authorize each DAC. The status of customer-hosted DACs in the customer account can be viewed in the Data Access Controllers page of the Settings section.
On the same page, customers can download available software versions. The deployment package contains a Helm chart that is generated by the management console for each DAC. The package contains a readme.txt document with detailed installation instructions.
Follow these guides for specific details on hosting a Satori DAC based on the cloud provider:
Shared Responsibility Operational Model
The Satori customer-hosted deployment operational model is a shared responsibility model: all aspects of infrastructure, kubernetes control plane, cluster resources and health should be maintained and monitored by the customer. To learn more about advanced and more resilient deployment topologies please see the Advanced Deployment Topologies guide.
In addition to cluster level monitoring, it is strongly encouraged that the service is monitored via an external client such as Pingdom.
Satori Product Health Metrics
The Satori deployment has a built-in prometheus service to report health metrics back to Satori for the purpose of alerting on any applicative health issues, which are being handled proactively by Satori and in cooperation with the customer, when needed. The Satori support team is available to assist with technical issues. See the Support section for more details.
New Satori Product Versions
New versions are made available on a weekly basis. Release notes are available here. Satori recommends that versions are regularly updated to enjoy new features, bug fixes and security patches.
Managing a Customer Hosted DAC
To ease managing customer-hosted Data-Access-Controller Satori provides a management app which enables the user to perform various debug & maintenance operations directly on the Data-Access-Controller.
Accessing the Satori DAC Management Interface
To access the Satori DAC Management interface perform the following tasks:
- Click the Satori Settings Tab
- Select the DAC view from the available options.
- Now, click the hyperlink that appears after the name of your DAC instance in the table.
DAC Management Functionality
- Upload logs - When performing a troubleshooting session with a Satori engineer you may be required to upload your DAC log files to a dedicated storage location. The log files are automatically deleted after 30 days.
- Log Level Change - Satori engineer may also require that you change the log level for one of the modules, the log level will reset itself to the default state.
- Configuration Reload - In the event that the Satori DAC detects an invalid configuration via the Satori Management Console, Satori will maintain the last valid configuration and not update to a newer version. The interface allows you to restore the DAC update mechanism, >
The Configuration Reload operation should only be performed once the Satori engineer has solved the problem that caused the DAC to stop accepting new configurations.