Configure DeltaStream as Private SaaS using Bring your own cloud (BYOC) model
With the private SaaS model, DeltaStream provides the same serverless user experience that the customers love but with the guarantee that data remains within the customer cloud private network.
Supported Clouds
Amazon Web Services (AWS)
Azure
Oracle Cloud Infrastructure (OCI)
Customers will need to provide details about their cloud provider accounts and the regions they plan to use. These requirements vary by cloud provider. In the following sections, you’ll find the specific information the DeltaStream Support team needs for each cloud before you can deploy DeltaStream as a BYOC solution.
Amazon Web Services for Private SaaS
Provide following details to DeltaStream if you use AWS as your cloud provider:
AWS Region
AWS Region where deltastream private dataplane will be deployed
us-west-2
AWS Account ID
12 digit AWS Account
VPC CIDR
DeltaStream Platform will create a new VPC in the AWS Account using provided CIDR. CIDR range support using prefix length /16 or /20
Choose a CIDR that does not conflict with any future peering requirements, Example CIDR:10.20.0.0/16 DeltaStream platform will create an isolated new VPC in the provided AWS Account and region.
Base Domain
Domain name suffix used to host DeltaStream Platform URLS for * Console * Web API * Downloads for CLI
Example: deltastream.acme.com Using this base domain customer will be able to connect to DeltaStream web console as console-{unique-deltastream-id}.deltastream.acme.com where unique-deltastream-id is a random 6 alpha-numeric character (e.g. njehv2)
User Authentication Option
DeltaStream platform supports following options * User Name + Password * OKTA SAML * Google Single sign-on
For example, if customer has OKTA as IDP they will select OKTA SAML.
Public or Private Access To DeltaStream Platform over Internet
Options: * public - DeltaStream console and API endpoints are exposed on public internet * private - DeltaStream console and API endpoints are only available as a private (VPC) endpoints
When using private option customer will need to configure access via their own VPN solutions, e.g. AWS VPN or Zscaler. DeltaStream platform supports both options.
Customer's Administrator Workstation Platform that will be used to setup DeltaStream Private SaaS
Supported Platform: * MacOS (Apple Silicon) * Linux/Ubuntu
Azure for Private SaaS
Provide following details to DeltaStream if you use Azure as your cloud provider:
Location
Azure Location/Region
eastus2
Azure Tenant ID
Tenant ID
aabbcc9a-1234-4163-9fad-c288fc3b1234
Azure Subscription ID
Subscription ID
12346667-cc90-66e5-8ef7-25e28cad3100
Resource Group
Azure Resource Group name under which all DeltaStream infrastructure will be provisioned, this resource group will be created by customer as pre-requisite
deltastream-private-stack
VNet CIDR
Virtual Network CIDR, supported Range /16
Choose a CIDR that does not conflict with any future peering requirements, Example CIDR: 10.22.0.0/16 Note that DeltaStream platform will create an isolated new VNet.
Base Domain
Domain name suffix used to host DeltaStream Platform URLS for * Console * Web API * Downloads for CLI
Example: deltastream.acme.com Using this base domain customer will be able to connect to DeltaStream web console as console-{unique-deltastream-id}.deltastream.acme.com where unique-deltastream-id is a random 6 alpha-numeric character (e.g. njehv2)
Console and API web endpoint Certificate
Customer will need to provide Certificate and private key that they will upload to a vault secret prior to starting DeltaStream Setup
Customer will need both certificate chain and certificate private key, the certificate should be using Subject/SAN that uses either wildcard *.deltastream.acme.com
or following individual endpoints:
api-{unique-deltastream-id}.deltastream.acme.com
console-{unique-deltastream-id}.deltastream.acme.com
downloads-{unique-deltastream-id}.deltastream.acme.com
User Authentication Option
DeltaStream platform supports following options * User Name + Password * OKTA SAML * Google Single sign-on
For example, if customer has OKTA as IDP they will select OKTA SAML.
Public or Private Access To DeltaStream Platform over Internet
Options: * public - DeltaStream console and API endpoints are exposed on public internet * private - DeltaStream console and API endpoints are only available as a private (VPC) endpoints
When using private option customer will need to configure access via their own VPN solutions, e.g. AWS VPN or Zscaler. DeltaStream platform supports both options.
Customer's Administrator Workstation Platform that will be used to setup DeltaStream Private SaaS
Supported Platform: * MacOS (Apple Silicon) * Linux/Ubuntu
Oracle Cloud Infrastructure (OCI) for Private SaaS
Provide following details to DeltaStream if you use Oracle Cloud as your cloud provider:
Region
Oracle Cloud Region
us-phoenix-1 (We support regions with at least three availability domains, e.g. us-ashburn-1, us-phoenix-1)
tenancy OCID
Oracle Tenancy OCID
We recommend creating a separate child tenancy for isolated DeltaStream Private SaaS deployment, Example: ocid1.tenancy.oc1..aaaacccdfdf343on3yfvkxbopzhrudyadf34ofeswsbwk67gracd2342izwt3432a
tenancy Namespace
Oracle Tenancy namespace
axz0f8c0sn2, this can be retrieved using OCI CLI oci os ns get
parent Compartment OCID
parent compartment OCID where DeltaStream stack will create child compartments hosting all DeltaStream Infrastructure
Create a separate compartment, e.g. at root level.
Example OCID: ocid1.tenancy.oc1..aaaaaa342afdasfon3yfvkxbadf23423udygadmofeswsbwk67asdf345hyuizwt7fhjkdsa
VCN CIDR
Virtual Cloud Network CIDR, supported Range /16
Choose a CIDR that does not conflict with any future peering requirements, Example CIDR: 10.170.0.0/16 Note that DeltaStream platform will create an isolated new VCN.
Base Domain
Domain name suffix used to host DeltaStream Platform URLS for * Console * Web API * Downloads for CLI
Example: deltastream.acme.com Using this base domain customer will be able to connect to DeltaStream web console as console-{unique-deltastream-id}.deltastream.acme.com where unique-deltastream-id is a random 6 alpha-numeric character (e.g. njehv2)
Console and API Web Endpoint Certificate
Customer will need to have access to Certificate and private key that they will upload to a vault secret during DeltaStream Platform Setup
Customer will need both certificate chain and certificate private key, the certificate should be using Subject/SAN that covers either wildcard *.deltastream.acme.com or following individual endpoints:
api-{unique-deltastream-id}.deltastream.acme.com
console-{unique-deltastream-id}.deltastream.acme.com
downloads-{unique-deltastream-id}.deltastream.acme.com
User Authentication Option
DeltaStream platform supports following options * User Name + Password * OKTA SAML * Google Single sign-on
For example, if customer has OKTA as IDP they will select OKTA SAML.
Public or Private Access To DeltaStream Platform over Internet
Options: * public - DeltaStream console and API endpoints are exposed on public internet * private - DeltaStream console and API endpoints are only available as a private (VPC) endpoints
When using private option customer will need to configure access via their own VPN solutions, e.g. AWS VPN or Zscaler. DeltaStream platform supports both options.
Customer's Administrator Workstation Platform that will be used to setup DeltaStream Private SaaS
Supported Platform: * MacOS (Apple Silicon) * Linux/Ubuntu
Once these details have been provided to DeltaStream, the customer will receive an installation tool along with prerequisites and instructions for running it. Note that each cloud requires its own pre-requisites, e.g. for AWS we require AWS cli to be present. Additionally, the installation tool requires Administrator‑level privileges within the respective cloud environment. For instance, in an AWS account the tool needs Administrator permissions in order to create IAM roles, policies, VPCs, and other infrastructure components required by the DeltaStream platform.
Here is an example command-line that customer will use for installing DeltaStream platform as a BYOC:
Here environment variables ${MGMT_PLANE_ACCOUNT_ID}, ${DATAPLANE_INFRA_ID}, and ${DATAPLANE_TOKEN} are specific to a customer deployment and provided by DeltaStream at the time customer is ready to configure DeltaStream Private SaaS.
The installation tool execution time depends on the cloud, it typically takes about ~30-60 minutes.
Following is an example screenshot of the client tool execution:
Once the client tool execution is completed, additional platform configuration continues in the background, this include provisioning a Kubernetes cluster and deploying necessary micro-services required to operate the DeltaStream platform. This phase can take an additional 1–2 hours to finish.
Last updated