By Gabe Kafity, Solutions Engineer – SingleStore
By Saurabh Shanbhag, Sr. Partner Solutions Architect – AWS
Data security is a critical concern for both businesses and individuals. With the increasing volume of data being generated and stored in the cloud, it’s more important than ever to protect sensitive information.
Many enterprises are bound by their compliance policies to have their data interaction between application and services stay within a private network. This is especially critical to customers in the financial services industry who hold sensitive data. With AWS PrivateLink, you can prevent your sensitive data from traversing the public internet and maintain compliance with regulations.
In this post, we’ll discuss how SingleStoreDB Cloud on Amazon Web Services (AWS) provides private connectivity using AWS PrivateLink integration.
SingleStore is an AWS Specialization Partner and AWS Marketplace Seller with the Data and Analytics Competency Partner. It’s SingleStoreDB Cloud is a fully managed, cloud-native database that powers real-time workloads needing transactional and analytical capabilities.
At SingleStore, nothing is more important than the security of their customer’s data. SingleStore’s team has worked diligently to ensure security is architected, designed, implemented, and audited at multiple layers of the technology stack. As part of its ongoing commitments to security, SingleStore has attained the AWS PrivateLink Ready specialization for SingleStoreDB Cloud on AWS.
SingleStoreDB Cloud automatically manages data across a three-tiered storage architecture comprised of memory, persistent cache, and storage. It intelligently tiers data between the storage layers based on data access patterns, ensuring data is always on the correct storage tier and delivering high performance at scale.
- Memory: SingleStoreDB stores data in memory when using rowstore, when caching data for columnstore, and for operations which utilize the high performance characteristics of system memory.
- Persistent cache: This tier is comprised of high performance block storage and serves columnstore data and persists rowstore data. For optimal performance, a SingleStoreDB deployment should be sized so the working dataset fits within the persistent cache.
- Storage: This is a durable and persistent layer stored within the cloud object storage. On AWS, SingleStoreDB regularly pushes data to Amazon Simple Storage Service (Amazon S3) object storage, which provides a cool tier of data and allows for long-term retention beyond the lifetime of a deployment. It also serves to enable features such as point-in-time-recovery.
SingleStoreDB is based on a distributed SQL architecture and allows SingleStore nodes to scale horizontally to satisfy needs of enterprises with large datasets. Built on a “shared nothing” design principles, SingleStoreDB provides a robust parallel execution engine for read and write queries delivering ultra-fast performance.
Figure 1 – SingleStore for transactional and analytical workloads.
Using AWS PrivateLink with SingleStoreDB Cloud
AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and on-premises networks without exposing traffic to the public internet. Interface VPC endpoints, powered by AWS PrivateLink, connect you to services hosted by AWS Partners and supported solutions available in AWS Marketplace.
SingleStoreDB Cloud provides service endpoints needed for PrivateLink creation. Customers can easily setup SingleStore Cloud private connectivity using AWS PrivateLink.
With any database solution, the most critical consideration is securing the flow of data between the database and peripheral technologies (applications, analytics, artificial intelligence, etc.). SingleStoreDB Cloud on AWS has built-in security controls that make it a secure environment to run customer workloads. The default configuration includes encryption at rest, encryption in transit, removal of public access, and deployment within strong network boundaries.
Customers have shared responsibility for configuring the necessary levels of control based on the security posture of their organization. By using private connectivity, customers can protect network traffic by avoiding the public internet, ensuring data never leaves the AWS network.
Figure 2 – SingleStoreDB Cloud private connectivity using AWS PrivateLink.
Private connectivity with SingleStore is not limited to customer applications running on an AWS account. Customers running on-premises applications can set up private connectivity through AWS Direct Connect and/or AWS Site-to-Site VPN to connect securely to SingleStoreDB Cloud on AWS, as shown in the hybrid cloud architecture.
Figure 3 – SingleStoreDB Cloud private connectivity with on-premises applications.
Using SingleStoreDB Cloud with AWS PrivateLink offers several benefits:
- Security: Private connectivity to access SingleStore Cloud using AWS PrivateLink significantly reduces security risk. Data stays within the AWS network and reduces the attack surface.
- Performance: AWS PrivateLink offers low-latency and high-bandwidth connectivity, which improves the performance real-time data processing or large data transfers.
- Cost: AWS PrivateLink is a cost-effective way to securely access SingleStoreDB Cloud, since it doesn’t require the use of a network access translation (NAT) gateway or virtual private network (VPN). It also eliminates unnecessary egress data transfer costs.
- Simplicity: AWS PrivateLink simplifies network management, requiring no changes to route tables or concerns of overlapping IP address space.
Customer Success Story: Proof
Proof is a joint customer of AWS and SingleStore whose fintech software-as-a-service (SaaS) closes the gap between market principles and the actual trading experience for long-term investors. As an execution-only broker dealer, Proof builds algorithms to navigate the market on behalf of institutional clients. The company provides unprecedented levels of transparency, ensuring products are highly accountable and highly performant.
We asked Proof CTO Marcio Moreno about their experience connecting to SingleStoreDB Cloud using AWS PrivateLink:
“AWS PrivateLink is a great tool for keeping traffic inside the AWS data centers, so we can avoid the public internet. This is great for our security posture. We don’t need to keep adding IPs to firewalls to access our databases; we configure AWS PrivateLink on our VPC and it just works. Once it’s configured, we can securely connect to SingleStore from native AWS services. Now, we don’t have to worry about constant network security maintenance or having traffic compromised on the public internet. This solution is perfect for us.” ~ Marcio Moreno, CTO at Proof
Setting Up AWS PrivateLink with SingleStoreDB Cloud
You can connect SingleStoreDB Cloud to AWS services and applications in your Amazon VPC via AWS PrivateLink in the same region. To make the process seamless, SingleStoreDB Cloud has automated the private connectivity setup with SingleStore Private Connections (Preview).
SingleStoreDB Cloud also supports AWS PrivateLink for outbound requests, where SingleStoreDB Cloud makes the request (usually via SingleStore Pipelines, but it can also be via
SELECT … INTO …).
The most common pattern we see here is for the SingleStore Pipeline to ingest data from Apache Kafka clusters. SingleStore supports self-managed Apache Kafka on AWS, Amazon Managed Streaming for Apache Kafka (Amazon MSK), and Confluent Cloud on AWS.
Check out the documentation for detailed prerequisites and steps to connect out from SingleStoreDB Cloud workspaces to private networks/services via AWS PrivateLink.
To make the outbound AWS PrivateLink process as seamless as possible, it’s recommended to gather all necessary details for your request before sharing with SingleStore support.
AWS PrivateLink provides a convenient and simple way to access SingleStoreDB Cloud databases without exposing data to the public internet, improving security, performance, and cost-efficiency. By following this post and SingleStore documentation, you can easily set up AWS PrivateLink for SingleStoreDB Cloud on AWS and enable its many benefits.
SingleStore – AWS Partner Spotlight
SingleStore is an AWS Partner and fully managed, cloud-native database that powers real-time workloads needing transactional and analytical capabilities.