Some of the most common questions we, Satorians, encounter are about the many Satori deployment options, whether or not this is a fully SaaS solution, and whether or not you can host your own Satori Data Access Controller (DAC). In this article, I’d like to answer these questions and explain some of the specific reasons behind the design.When we first created Satori, we came with experience building both large-scale, multi-tenant SaaS services and on-premises products. We came prepared and we're not biased towards a specific approach. We knew that there would be some organizations that prefer the advantages of a multi-tenant SaaS solution and others that prefer to host their own private Satori DACs.
The main advantages of a multi-tenant solution are:
Satori takes care of all of the DevOps and Infrastructure involved.
Satori frequently updates our SaaS multi-tenant DACs, so customers do not need to do the upgrades themselves.
This deployment option has a better Total Cost of Ownership (TCO), as Satori is in charge of the computation, storage, and other infrastructure expenses and also provides upgrades and administration.
On the other hand, a private DAC ensures that the entire DAC only processes data from the specific organization. This is sometimes necessary to satisfy compliance or security requirements.
Satori’s Three Deployment Options
We thus designed Satori with three different deployment options in mind:
SaaS: where the entire infrastructure is maintained by Satori and shared across customers. These DACs are receive updates as soon as they are available, and the customers don’t need to do anything to maintain the product itself.
Private SaaS: where the DAC is deployed by Satori on dedicated resources for that customer. This option fits customers who require separation from other customers due to compliance or security requirements but prefer not to maintain the infrastructure.
Customer Hosted: where the customer installs Satori on a Kubernetes cluster in their VPC and is responsible for the network and infrastructure of the deployment.
Taking Frustration Out of Maintenance
The biggest challenge with deploying a dedicated resource is maintaining its network and infrastructure. This is especially true for products like Satori which are critical parts of the data infrastructure and for which updates need to be performed without any downtime. For these reasons, we have enhanced Satori’s DataSecOps platform to ensure that, even if customers deploy Satori on their premises, the experience will be as simple as possible.
To solve this challenge, we created three options for customers managing their own Satori DACs.
1. Download Packages Directly from Our Management Console with Satori DAC Manager
The first option is for customers to download updated packages, in most cases for the recommended version, and to run the installer. While this process does not require a lot of effort, it still takes some effort, and, in most cases, an automated deployment is preferred. The manual download is primarily used for specific use-cases or as an initial installation. Version upgrades are done as a hot-swap with no downtime.
2. Deploy a New Version with Satori DAC Manager
This option takes away the manual labor involved in downloading the package, copying it to the production environment, and installing it. Instead, you click a single button, and Satori is automatically upgraded to the latest version. Throughout the process, you will get status notifications and will know which version is deployed at each of your DACs. Deployment of a new version is completed without any downtime.
3. Schedule Automated Updates with Satori DAC Manager
The third option is the most convenient one for ongoing operations. In this option, you set a scheduled window during which your Satori DAC is automatically updated. This update is usually done in maintenance windows when there are fewer data consumers accessing your data. Regardless of when you schedule the updates to be deployed, the updates are completed without any downtime.
Zero Downtime Updates with Satori DAC Manager
As emphasized for each of the three deployment options, Satori is updated without taking the data access controller offline. This is performed as Satori is deployed on Kubernetes clusters, and the nodes are updated gradually without “dropping the ball” on any ongoing data access requests.
When it comes to streamlining access to data in an organization, Satori provides unparalleled capabilities. Since Satori is a critical component of your data stack, we built it in a way that minimizes any risk of downtime and minimizes the necessary DevOps efforts for maintenance. These benefits are true regardless of whether you deploy Satori in your environment or in Satori’s environment.
To learn more, book a meeting with one of our experts.
Ben is an experienced tech leader and book author with a background in endpoint security, analytics, and application & data security. Ben filled roles such as the CTO of Cynet, and Director of Threat Research at Imperva. Ben is the Chief Scientist for Satori, the DataSecOps platform.