Instaclustr is pleased to announce the release of Private Network Clusters on Google Cloud Platform (GCP). This feature continues Instaclustr’s commitment to security by providing our GCP customers with the option to provision clusters where the nodes do not have publicly routable IP addresses allocated.
This provides enhanced security where it fits with your use case as it reduces the potential attack vectors to compromise servers running back-end services.
Private Network Clusters add to Instaclustr’s ongoing commitment to providing the most secure choice for running open source software in the cloud with existing features including:
- SOC 2 Certification
- Each client cluster is created in its own network environment with no shared instances
- Whitelist monitoring of open ports and running processes
- Instaclustr management infrastructure has no access to data in customer clusters
Visit this page for a complete list of Instaclustr security features
In a Private Network Cluster, all application internode communication and client communication occur over a private network. Instaclustr will automatically provision a gateway server with a public IP to enable cluster management. Only the gateway server retains a public IP. The only service exposed by the gateway server is used for administrative access and is firewalled to only be accessible only from Instaclustr’s Management System.
As part of this release, we have also added GCP VPC Peering which can be set up and configured through the Instaclustr management Console and API. This enables customers to automatically and securely peer their application to an Instaclustr-managed cluster running in GCP.
Private Network Clusters are available as an option on newly provisioned clusters. Existing clusters can also be migrated to a Private Network Cluster. Customers interested in migrating to a Private Network Cluster should go to the Instaclustr Support Portal and contact Instaclustr Support at [email protected]. In addition to GCP, Private Network Clusters are also available for customers using AWS.
The extra security of Private Network Clusters does come with some administrative overhead, so customers should carefully evaluate if a Private Network Cluster is appropriate for their situation. A few important considerations include:
- Any connection with a Private Network Cluster, such as from a client application, requires the application to be in a VPC with network connectivity (through VPC peering or via a customer managed VPN, for example) to the Private Network Cluster’s VPC.
- Multi-data center clusters, even within a single region, require manual configuration by the Instaclustr support team. Cross-region clusters may require a customer-supplied and managed inter-region communication solution.
- In a Private Network Cluster, user-facing applications including OpenSearch Dashboards and Apache Spark Job Server will no longer have a public IP address and will be inaccessible via the public internet. Customers wishing to use these applications in a Private Network Cluster should make appropriate adjustments to their networking to ensure that users can access these applications in a private network.
If you have any questions regarding Instaclustr’s Private Network Clusters please contact Support.