# Configure DeltaStream as Private SaaS using Bring your own cloud (BYOC) model
## Supported Clouds
* Amazon Web Services (AWS)
* Azure
* Oracle Cloud Infrastructure (OCI)
Customers will need to provide details about their cloud provider accounts and the regions they plan to use. These requirements vary by cloud provider. In the following sections, you’ll find the specific information the DeltaStream Support team needs for each cloud before you can deploy DeltaStream as a BYOC solution.
### Amazon Web Services for Private SaaS
Provide following details to DeltaStream if you use AWS as your cloud provider:
| AWS Account Info | Description | Example |
| ------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| AWS Region | AWS Region where deltastream private dataplane will be deployed | us-west-2 |
| AWS Account ID | 12 digit AWS Account | |
| VPC CIDR |
DeltaStream Platform will create a new VPC in the AWS Account using provided CIDR. CIDR range support using prefix length /16 or /20
|
Choose a CIDR that does not conflict with any future peering requirements, Example CIDR:10.20.0.0/16
DeltaStream platform will create an isolated new VPC in the provided AWS Account and region.
|
| Base Domain |
Domain name suffix used to host DeltaStream Platform URLS for \* Console \* Web API \* Downloads for CLI
|
Example: deltastream.acme.com
Using this base domain customer will be able to connect to DeltaStream web console as console-{unique-deltastream-id}.deltastream.acme.com where unique-deltastream-id is a random 6 alpha-numeric character (e.g. njehv2)
|
| User Authentication Option |
DeltaStream platform supports following options \* User Name + Password \* OKTA SAML \* Google Single sign-on
| For example, if customer has OKTA as IDP they will select OKTA SAML. |
| Public or Private Access To DeltaStream Platform over Internet |
Options: \* public - DeltaStream console and API endpoints are exposed on public internet \* private - DeltaStream console and API endpoints are only available as a private (VPC) endpoints
| When using private option customer will need to configure access via their own VPN solutions, e.g. AWS VPN or Zscaler. DeltaStream platform supports both options. |
| Customer's Administrator Workstation Platform that will be used to setup DeltaStream Private SaaS |
| |
### Azure for Private SaaS
Provide following details to DeltaStream if you use Azure as your cloud provider:
| Azure Account Info | Description | Example |
| ------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Location | Azure Location/Region | eastus2 |
| Azure Tenant ID | Tenant ID | aabbcc9a-1234-4163-9fad-c288fc3b1234 |
| Azure Subscription ID | Subscription ID | 12346667-cc90-66e5-8ef7-25e28cad3100 |
| Resource Group | Azure Resource Group name under which all DeltaStream infrastructure will be provisioned, this resource group will be created by customer as pre-requisite | deltastream-private-stack |
| VNet CIDR | Virtual Network CIDR, supported Range /16 |
Choose a CIDR that does not conflict with any future peering requirements, Example CIDR: 10.22.0.0/16
Note that DeltaStream platform will create an isolated new VNet.
|
| Base Domain |
Domain name suffix used to host DeltaStream Platform URLS for \* Console \* Web API \* Downloads for CLI
|
Example: deltastream.acme.com
Using this base domain customer will be able to connect to DeltaStream web console as console-{unique-deltastream-id}.deltastream.acme.com where unique-deltastream-id is a random 6 alpha-numeric character (e.g. njehv2)
|
| Console and API web endpoint Certificate | Customer will need to provide Certificate and private key that they will upload to a vault secret prior to starting DeltaStream Setup |
Customer will need both certificate chain and certificate private key, the certificate should be using Subject/SAN that uses either wildcard \*.deltastream.acme.com or following individual endpoints: api-{unique-deltastream-id}.deltastream.acme.com console-{unique-deltastream-id}.deltastream.acme.com downloads-{unique-deltastream-id}.deltastream.acme.com
|
| User Authentication Option |
DeltaStream platform supports following options \* User Name + Password \* OKTA SAML \* Google Single sign-on
| For example, if customer has OKTA as IDP they will select OKTA SAML. |
| Public or Private Access To DeltaStream Platform over Internet |
Options: \* public - DeltaStream console and API endpoints are exposed on public internet \* private - DeltaStream console and API endpoints are only available as a private (VPC) endpoints
| When using private option customer will need to configure access via their own VPN solutions, e.g. AWS VPN or Zscaler. DeltaStream platform supports both options. |
| Customer's Administrator Workstation Platform that will be used to setup DeltaStream Private SaaS |
| |
### Oracle Cloud Infrastructure (OCI) for Private SaaS
Provide following details to DeltaStream if you use Oracle Cloud as your cloud provider:
| Oracle Cloud Info | Description | Example |
| ------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Region | Oracle Cloud Region | us-phoenix-1 (We support regions with at least three availability domains, e.g. us-ashburn-1, us-phoenix-1) |
| tenancy OCID | Oracle Tenancy OCID | We recommend creating a separate child tenancy for isolated DeltaStream Private SaaS deployment, Example: `ocid1.tenancy.oc1..aaaacccdfdf343on3yfvkxbopzhrudyadf34ofeswsbwk67gracd2342izwt3432a` |
| tenancy Namespace | Oracle Tenancy namespace | axz0f8c0sn2, this can be retrieved using OCI CLI `oci os ns get` |
| parent Compartment OCID | parent compartment OCID where DeltaStream stack will create child compartments hosting all DeltaStream Infrastructure |
Create a separate compartment, e.g. at root level. Example OCID: ocid1.tenancy.oc1..aaaaaa342afdasfon3yfvkxbadf23423udygadmofeswsbwk67asdf345hyuizwt7fhjkdsa
Choose a CIDR that does not conflict with any future peering requirements, Example CIDR: 10.170.0.0/16
Note that DeltaStream platform will create an isolated new VCN.
|
| Base Domain |
Domain name suffix used to host DeltaStream Platform URLS for \* Console \* Web API \* Downloads for CLI
|
Example: deltastream.acme.com
Using this base domain customer will be able to connect to DeltaStream web console as console-{unique-deltastream-id}.deltastream.acme.com where unique-deltastream-id is a random 6 alpha-numeric character (e.g. njehv2)
|
| Console and API Web Endpoint Certificate | Customer will need to have access to Certificate and private key that they will upload to a vault secret during DeltaStream Platform Setup |
Customer will need both certificate chain and certificate private key, the certificate should be using Subject/SAN that covers either wildcard \*.deltastream.acme.com or following individual endpoints: api-{unique-deltastream-id}.deltastream.acme.com console-{unique-deltastream-id}.deltastream.acme.com downloads-{unique-deltastream-id}.deltastream.acme.com
|
| User Authentication Option |
DeltaStream platform supports following options \* User Name + Password \* OKTA SAML \* Google Single sign-on
| For example, if customer has OKTA as IDP they will select OKTA SAML. |
| Public or Private Access To DeltaStream Platform over Internet |
Options: \* public - DeltaStream console and API endpoints are exposed on public internet \* private - DeltaStream console and API endpoints are only available as a private (VPC) endpoints
| When using private option customer will need to configure access via their own VPN solutions, e.g. AWS VPN or Zscaler. DeltaStream platform supports both options. |
| Customer's Administrator Workstation Platform that will be used to setup DeltaStream Private SaaS |
| |
\
\
Once these details have been provided to DeltaStream, the customer will receive an installation tool along with prerequisites and instructions for running it. Note that each cloud requires its own pre-requisites, e.g. for AWS we require AWS cli to be present.\
\
Additionally, the installation tool requires Administrator‑level privileges within the respective cloud environment. For instance, in an AWS account the tool needs Administrator permissions in order to create IAM roles, policies, VPCs, and other infrastructure components required by the DeltaStream platform.
Here is an example command-line that customer will use for installing DeltaStream platform as a BYOC:
```
./mgmt-client setup-dataplane \
--server https://mgmt-api.prod.deltastream-internal.name/v1 \
${MGMT_PLANE_ACCOUNT_ID} \
${DATAPLANE_INFRA_ID} \
--token ${DATAPLANE_TOKEN}
```
Here environment variables `${MGMT_PLANE_ACCOUNT_ID}, ${DATAPLANE_INFRA_ID}, and ${DATAPLANE_TOKEN}` are specific to a customer deployment and provided by DeltaStream at the time customer is ready to configure DeltaStream Private SaaS.
The installation tool execution time depends on the cloud, it typically takes about \~30-60 minutes.
Following is an example screenshot of the client tool execution:
Once the client tool execution is completed, additional platform configuration continues in the background, this include provisioning a Kubernetes cluster and deploying necessary micro-services required to operate the DeltaStream platform. This phase can take an additional 1–2 hours to finish.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.deltastream.io/how-do-i.../configure-deltastream-as-private-saas-using-bring-your-own-cloud-byoc-model.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
