Each network you create will have its own CIDR blocks for both IPv4 and IPv6.
When setting up a ClickHouse or Kafka cluster, it will be created directly within your VPC. You will have full control over the instances there. Also all S3 Buckets needed for backups or hybrid storage will also be created in your AWS environment.
All infrastructure tasks will be done completely within your AWS account. That means resizing, backup or other commands will be started from DCs controlplane via VPC peering directly within your environment.
Why is DoubleCloud’s BYOA important?
First of all, it may not be useful or even desirable to everyone.
This is a specific feature that was requested from a few clients who wanted a greater degree of control over their data due to GDPR and other compliance issues they were facing, as well as certain security certifications that needed to be met.
Others just wanted the ability to be able to configure all their network elements themselves.
Normally when using an external network, you’d manage the computational resources, storage, and data over on the AWS side.
DoubleCloud would then shoulder all the manual, day to day tasks such as backups, monitoring, logs, and anything else that would make the resource management side of things more convenient for our clients.
However, if you use our BYOA option we’ve made available, you’ll handle all network management within AWS, including VPC, subnets, security groups, ALBs, and other elements, as well as any AWS related costs.
Speaking of costs, one of the big benefits of our BYOA model is that if you’ve any special pricing plans, contracts or deals from AWS then they can all still be applied, thus potentially saving you money.
Clusters in external networks will have two levels of protection…
- AWS VPC Security Measures: When you add an external network, DoubleCloud automatically creates several entities under your AWS account. The entities list includes VPC, security groups, ACLs, route tables, and others, depending on your network configuration. These predefined parameters prevent unauthorized access to your network.
- Allow Lists In DoubleCloud: The main manually configurable access management measure is using allow lists for each separate cluster. The allow list prohibits access to the cluster from each IP address except the ones explicitly specified as allow lists entries.
To activate that feature, just follow the instructions here >>
- ClickHouse® is a trademark of ClickHouse, Inc. https://clickhouse.com
- Apache® and Apache Kafka® are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries.