Tessell Hosting Choices

Rajnikant Rakesh

Bakul Banthia

March 6, 2024

Introduction

In today's digital landscape, the core of every business operation revolves around data and software infrastructure. However, many organizations grapple with realizing the full potential of the digital economy. Since the inception of Tessell, we've recognized that data engineers encounter significant hurdles in managing data effectively:

Productivity and Time-to-Market: The demand for heightened productivity and quicker time-to-market is hindered by inflexible database management systems, which are ill-suited to modern code structures and impose intricate interdependencies among engineering teams.
Data Management Challenges: Organizations struggle to harness and derive insights from the vast and swiftly expanding volume of data generated by modern applications, encompassing diverse data types such as time series, geospatial, and polymorphic data.
Legacy Data Infrastructure: Outdated, monolithic, and fragile architectures impede the widespread transition to distributed systems. These systems fail to provide the resilience and scalability demanded by digital businesses and do not adequately comply with evolving regulatory requirements for data privacy.
Convergence of Workloads: Transactional, analytical, search and mobile workloads are converging to create sophisticated data-driven applications and customer experiences. However, traditionally, each workload has relied on its separate database, resulting in duplicated data silos interconnected through fragile ETL pipelines and accessed via disparate developer APIs.

To tackle these challenges, Tessell began with the vision of revolutionizing database management by providing a better, more flexible solution. The goal is to become the standard for data management, regardless of the database engine or cloud platform being used. Tessell initially focused on relational databases like Oracle, Microsoft SQL Server, PostgreSQL, and MySQL, and has now expanded to include NoSQL databases like MongoDB and vector databases like Milvus. Tessell provides the flexibility to run databases anywhere, in your choice of cloud. This eliminates vendor lock-in.

Tessell solves several problems in the realm of database management. Firstly, it simplifies the process by offering a managed solution that takes care of infrastructure management, provisioning, backups, patching, upgrades, and monitoring. This allows users to focus on their business requirements rather than the complexities of database management. Tessell addresses scalability and reliability challenges by offering a fully managed virtual machine environment for running databases. This ensures that applications can scale confidently and that the underlying infrastructure is taken care of, reducing architectural complexity.

Tessell Deployment Architecture

Tessell allows you to manage the databases seamlessly by bifurcating the management layer (control plane ) and storage/data layer (data plane). Tessell offers you multiple options for hosting a data plane and a control plane. In a previous blog, we explored all the deployment options available for the data plane. In this article, we will dive deep into various options for the control plane and corresponding benefits and limitations.

Control Plane

Nestled within the heart of our Database-as-a-Service (DBaaS) platform is a robust control plane, meticulously designed as a microservice-based architecture. This architecture serves as the foundation for our comprehensive database management services, allowing the control plane to seamlessly navigate the intricate landscape of database operations on behalf of our customers.

Rooted in an API-first philosophy, the control plane effortlessly integrates into our customer’s systems, enabling fluid API invocation for a range of database tasks. From the initial provisioning of databases to the ongoing orchestration of scaling, performance optimization, and data integrity, the control plane takes center stage in overseeing the complete database lifecycle.

Terraform access further amplifies our capabilities, allowing us to define, refine, and enforce security measures, access controls, and configurations through code. Within this harmonious ecosystem, our microservice-driven control plane stands resolute, illuminating a path toward unmatched database management solutions for our customers.

At a high level, there are two variations in which Tessell control plane is offered to customers - Dedicated (single tenant) and Shared (multi-tenant).

Dedicated Control Plane

Our dedicated offering epitomizes exclusivity. Crafted around the dedicated microservice paradigm, each customer's database ecosystem enjoys an entire suite of microservices exclusively at its disposal. This approach ensures uncompromised performance, security, and customization, as each microservice caters solely to the customer it serves. Moreover, this orchestration layer comes with a dedicated PostgreSQL-based metadata repository for database management with a singular focus on customer-specific requirements, guaranteeing unparalleled precision.

To summarize, a dedicated control plane offers the following benefits:

A dedicated API gateway for the users of the tenant to log into the account.
A dedicated microservice set for the tenant which in turn provides a superior Quality of Service (QoS).
A dedicated database server instance as the metadata repository for the tenant.
Custom maintenance schedule for the control plane itself.

Based on where it is hosted, there are two flavors for a dedicated control plane: Tessell-hosted, or Customer-hosted.

Hosted and Managed by Tessell

The most opted option by customers is to have a dedicated account managed by Tessell. In this scenario, the control plane infrastructure is meticulously set up on a cloud account exclusively owned by Tessell. The entire lifecycle of the control plane is automatically managed by Tessell, guaranteeing its smooth operation and optimal performance. It's vital to emphasize that this cloud account is exclusively reserved for the single tenant preventing any possible sharing with other tenants and ensuring the highest level of privacy and security. This account can be hosted in any region of your choice ensuring data localization requirements are met.

NOTE: Although the figure above represents the Tessell architecture on AWS however, Tessell is a multi-cloud platform, and a similar architecture would be applicable on Azure as well.

Deployment

Tessell provides a dedicated cloud account, for the exclusive use of a single customer, where the control plane is deployed in the region preferred by the customer. This deployment ensures the isolation of the control plane infrastructure from other tenants, thereby providing dedicated resources.

Management

Tessell handles all the duties related to updates, patching, and maintenance with the utmost efficiency and reliability, ensuring the smooth functioning of the system.

Benefits

Enhanced Isolation: Dedicated resources ensure consistent performance, improved security, and stronger compliance adherence.
More Control: Customers gain a level of control over infrastructure configuration within the dedicated environment.
Simplified Security and Compliance: Dedicated resources facilitate meeting stringent security and compliance requirements.
Automatic Updates and Maintenance: Enjoy seamless control plane operation with automated updates and proactive maintenance.

Considerations

Higher Cost: A dedicated account typically incurs higher hosting fees than the shared hosting model (explained later).

Hosted by the Customer

Even with the Tessell-hosted control plane, the communication between the data plane and the control plane happens over a secure private network. However, for some of the highly regulated companies, it’s imperative all infrastructure and communication must remain within their own cloud account. For such customers, the entire control plane can be moved to their cloud account so that it is co-located with the data plane.

There are two choices for such a control plane depending on how much access Tessell has over the control plane to manage it.

Hosted by the Customer, Automatically Managed by Tessell

In this scenario, the infrastructure for the control plane is deployed on a cloud account owned by the customer. The control plane's lifecycle is automatically managed by Tessell, which will have access to the customer's control plane cloud account.

Deployment

The customer is responsible for deploying the control plane infrastructure within their cloud account environment with the assistance of Tessell. Following deployment, Tessell assumes responsibility for remotely managing the control plane lifecycle. This management necessitates access to the customer's cloud account.

Management

Tessell remotely manages updates, patching, and maintenance tasks within the customer's cloud account with the help of specific access provided by the customer while customers retain complete control over the underlying cloud infrastructure.

Benefits

Complete Control: Customers maintain full control over both the control plane infrastructure and data, aligning with stringent governance and security policies.
Leverage Existing Infrastructure: Customers can utilize existing cloud infrastructure and investments instead of incurring additional hosting costs. Customers can burn their MACC/EDB contracts for the same as well.
Automatic Updates and Maintenance: Tessell takes care of releasing updates and take care of monitoring the ecosystem in case of any maintenance requirement. Tessell team jointly works with the customer team to resolve any issue.

Considerations

Limited Support: Remote management poses challenges for troubleshooting and complex tasks, potentially impacting support response times.

Hosted by the Customer, Manually Managed by Tessell

This particular option has been specifically designed for customers whose work involves handling highly sensitive data and who do not wish to engage in any form of communication with the Tessell ecosystem. Here, the control plane infrastructure will be deployed on a cloud account owned by the customer, while the lifecycle of the control plane will be managed by an Account Manager on behalf of Tessell. It is important to note that Tessell will not have direct access to the control plane cloud account of the customer. The designated Account Manager will undertake all lifecycle operations such as upgrades and patching. In this hosted model, the control plane hosted on the customer account will remain completely disconnected. However, outbound access to a predefined set of Tessell endpoints will be necessary to pull the bits required for the upgrade and patch activities in the control plane administered by the tenant’s Account Manager.

Deployment

Control plane infrastructure will be deployed on a cloud account owned by the customer by Tessell as a one-time activity.

Management

Customers are responsible for all the tasks related to control plane lifecycle management such as updates, patching, and maintenance. Tessell, on the other hand, offers guidance and assistance on these tasks, as well as on troubleshooting, through an Account Manager. It is worth noting that customers retain full control over their cloud account and do not grant Tessell access to it.

Benefits

Absolute Control: Customers retain complete control over both the control plane infrastructure and data, ensuring maximum autonomy and security.
No Outside Access: Eliminates the need to grant Tessell access to your cloud account making it compliant with stringent security standards
Leverage Existing Infrastructure: Customers can utilize existing cloud infrastructure and investments instead of incurring additional hosting costs.

Considerations

Personnel Requirement: Control plane management is a shared responsibility with customers requiring significant technical expertise and resources.
Lifecycle Management: Troubleshooting and complex tasks (Lifecycle Management) might require coordination with Tessell's Account Manager, introducing potential delays.

Shared Control Plane

A shared control plane is always hosted and managed by Tessell in a shared cloud account. Our shared offering embodies versatility and scalability. Here, microservices operate synergistically, serving multiple customers with a shared pool of resources. This dynamic arrangement optimizes resource utilization, scalability, and cost for customers while maintaining a robust security framework. The shared PostgreSQL metadata repository further enhances agility by facilitating efficient database management across a diverse customer base, promoting harmonious coexistence.

Deployment

Tessell deploys customer control planes on a shared cloud infrastructure enabling the benefit of full multi-tenant resources.

Management

Tessell is solely responsible for managing the control plane lifecycle. This includes all the tasks that come with it, such as updates, patching, and maintenance. Customers do not need to handle any operational overhead associated with the control plane infrastructure.

Benefits

Reduced Operational Burden: Customers offload control plane management, freeing up resources for core activities.
Minimal Upfront Costs: Reduce the upfront infrastructure setup and maintenance expenses
Automatic Updates and Maintenance: Enjoy seamless control plane operation with automated updates and proactive maintenance.

Considerations

Shared Resources: Sharing resources among tenants that share the same control plane cloud account and a few common services may result in performance variations, albeit minimal, and can cause potential compliance and security policy concerns necessitating careful evaluation.
Limited Control: Customers do not have absolute control over infrastructure configuration within the shared environment. However, the Tessell team keeps a tight eye on it with its 24*7*365 monitoring.
Compliance Implications: Sharing resources might not be suitable for strict compliance requirements, necessitating careful evaluation.

Comparisons

In all our offerings, our control plane's prowess remains unwavering. Rooted in an API-first architecture and fortified by Terraform access, it orchestrates the complete database lifecycle with expertise and finesse, regardless of the chosen offering. Whether dedicated or shared, our control plane enables exceptional database management solutions, setting new standards for performance, flexibility, and customer satisfaction. Tessell releases regular updates in all variants enabling the customer to get the latest features as per their choice.

Below is a quick comparison of all hosting models available in Tessell.

Benefits	Hosted and managed by Tessell (shared)	Hosted and managed by Tessell (dedicated)	Hosted by the customer, managed automatically by Tessell	Hosted by the customer, managed manually by Tessell
Upfront Cost	Low	Medium	High	High
Management Overhead	Low	Low	Medium	High
Lifecycle Management	Automated	Automated	Partially Automated	Manual
Customer Control	Regular	High	Very High	Extremely High
Cloud Access for Tessell	Yes	Yes	Yes	No
Tessell Support	Mission Critical	Mission Critical	Critical	On Call

Security

Security is paramount in any Database as a Service (DBaaS) platform, where the integrity and confidentiality of data are top priorities. One crucial aspect is ensuring data security through robust encryption methods, both during transmission and while at rest. By encrypting data, organizations can safeguard sensitive information from unauthorized access, mitigating the risk of data breaches. Additionally, implementing stringent access controls and authentication mechanisms helps regulate user access to the database, ensuring that only authorized individuals can retrieve or modify data. These measures not only protect against internal threats but also bolster defenses against external attacks.

Moreover, secure connections play a pivotal role in maintaining the integrity of a DBaaS platform. Utilizing technologies like Transport Layer Security (TLS) or Secure Sockets Layer (SSL) ensures that data is transmitted securely over networks, safeguarding it from interception or tampering by malicious actors. By establishing secure connections between client applications and database servers, organizations can instill confidence in their users regarding the safety of their data transactions. Overall, prioritizing data security and secure connections within a DBaaS platform is essential for instilling trust, meeting compliance requirements, and safeguarding sensitive information in today's digital landscape.

In this section, we will take a closer look at how Tessell secures the data plane, the control plane, and the communication between the two.

Control Plane Security Measures

Tessell ensures that the security of the control plane is upheld through a series of stringent measures.

Exclusive Customer Access: Access to the control plane is exclusively granted to customers through a dedicated UI portal for each customer. This restricted access ensures that only authorized individuals have entry, enhancing overall security.
API and Terraform Access: Customers can interact with the control plane programmatically through APIs and Terraform, seamlessly integrating with their DevOps pipelines. Secure API keys are used for authentication, providing a secure and streamlined way to manage resources remotely.
Integrated SSO Authentication: Customers have the flexibility to integrate their authentication provider. This integration enhances authentication protocols, ensuring that only legitimate users can access the control plane. Several authentication providers including Okta, Azure AD, and Google can integrated with Tessell.
RBAC Policies: Tessell not only facilitates AD integration but also provides fine-grained access control through its persona creations. Users can craft various personas within Tessell to align with their needs for governance, reporting, and network access. This capability further enables customers to implement a maker-checker process directly within the control plane.

Control Plane Access for Tessell Support

View-Only Access for Monitoring: Support personnel are given restricted, view-only access to the Tessell Ops Portal bolstering security by constraining their capabilities. This precautionary measure reduces the likelihood of unintentional actions and guarantees stringent control over access. It also enables a layer of security over the data stored in the customer control plane in terms of users, their access, etc enabling full compliance with GDPR requirements
Security Patch Management: Vital security patches are accessible for implementation within one week of their release. Customers can opt for the most suitable timeframe to apply security patches to the control plane in their dedicated environment. All patches undergo rigorous testing and scrutiny by the Tessell team to prevent any incidents in production. This methodical approach guarantees that patches are carefully tested and deployed to mitigate vulnerabilities.
Automated Software Updates: Software updates and patches to the control plane are carried out seamlessly through an automated process. These updates are recorded in a detailed audit log, maintaining a record of every action taken.
Transparent Process Auditing: Every process, including security patches, support, software updates, and patches, is thoroughly documented and available for audit. This transparency ensures that any changes made to the control plane are traceable and accountable.

Incorporating these security measures guarantees that the Control Plane remains a secure and controlled environment. Customers can confidently manage their resources, whether through the UI portal, APIs, or Terraform, knowing that their data and actions are well-protected and subject to rigorous oversight.

Interaction Between Control Plane and Data Plane

Tessell’s architecture places paramount importance on the security of communication between the control plane and the data plane. Several robust security measures are in place to safeguard this interaction:

Ensuring Secure Access with Least Privilege IAM Roles: In our commitment to safeguard your data, we employ IAM roles for secure access. These roles grant access to cloud resources securely and seamlessly. Through a highly restricted role, we provide temporary permissions, eliminating the need for cumbersome long-term access keys. We adhere to the principle of least privilege, ensuring that your access is tailored to your specific needs.
Fine-Grained Access Control with Resource Tagging: To provide you with precise control over your resources, we utilize resource tagging. Our IAM policies are set up to make determinations based on these resource tags. This empowers you to specify individuals or roles that can access particular resources, adding an extra layer of security. The Tessell control plane is restricted to acting only on resources that bear Tessell tags, ensuring a level of separation within your ecosystem.
Limited Access for Microservices: The architecture ensures that only designated microservices, utilizing the authorized service principal, can engage with the data plane. This approach minimizes the potential attack surface by allowing only specific, trusted microservices to interact. All the microservices work via a secure encryption layer preventing any in-transit security attacks.
Inbound Connection Exclusion: Tessell strictly prohibits any inbound connections into resources located within the data plane until and unless explicitly approved. This rigorous restriction fortifies the overall security posture by preventing external entities from initiating connections to data plane resources.
Protected Outbound Connections (SSL): Outbound connections from the data plane to external destinations are meticulously protected through SSL encryption. This encryption layer ensures that data transmitted between the data plane and external components remains confidential and immune to interception or tampering.
Pull-Based Data Retrieval (initiated from the data plane): The communication model follows a pull-based approach, with data requests originating from the data plane. This method ensures that the control plane remains passive until the data plane initiates a data transfer request. By minimizing unnecessary communication, this approach enhances security and mitigates potential risks.
Ticket-Based Access: Tessell Support access to the data plane from the control plane is initiated based on customer approval through support tickets. This approach ensures that only authorized individuals can interact with the data plane, and access is granted for a limited time specified in the ticket.
Audited Support Actions: Any actions carried out by the support team within the data plane are meticulously audited. This audit trail guarantees transparency and accountability, maintaining a comprehensive record of all support-related activities.

Through the implementation of these robust security measures, the architecture establishes a secure and controlled communication channel between the control plane and the data plane. By focusing on microservices and limiting access to authorized entities, the architecture enhances data integrity, minimizes vulnerabilities, and elevates the overall security stance of the system.