At phData, the threat of data product instability or downtime is what keeps us up at night. All aspects of phData’s services are designed to ensure that our customer’s data platforms and data products are available and performant, 24×7. To this end, we must ensure that phData’s worldwide teams of certified Solutions Architects and Engineers must have secure access to customer environments.
While phData supports multiple methods for secure access, the phData Virtual Cleanroom provides the best results. The phData Virtual Cleanroom provides a secure and fully-audited mechanism for phData to provision and maintain access to customer environments.
Teams of this size provide important benefits to our customers:
phData supports three approaches to secure network access for our customers:
Of these approaches, we have found that the phData Virtual Cleanroom is most efficient at reducing cost, reducing the effort to maintain access, and better meets the security requirements of our customers.
For customers that still prefer that phData use customer “named accounts” or VDI access to their environment, we do support this method. However, customers should be aware that this requires significant coordination and time. In addition, some companies are slow to provision new accounts or balk at the number of accounts needed to support the environment 24×7. For this reason, “named account” access does incur a price premium and we strongly recommend and prefer the phData Cleanroom.
phData will work with customer’s Network and Security teams to establish a Site-to-Site VPN. phData will use customer’s IP space to setup the VPN. The VPN will only have access to Cloudera infrastructure and required administrative portals. phData maintains a Windows jump host that all phData access will be managed from. The host will have the highest security standards applied (patching, Anti-virus, video recording, named accounts, no internet access (provided through VPN)). The VPN network will only have this Windows host. Access to the host will be limited to only members of phData that have been communicated to work on your account. The list will be provided when anything changes. You can access for audits and video recordings of the jump host at any time.
phData is using non-publicly-routed public-address space to connect to the Jumpbox. We use this non-publicly-routed public-address ensure we don’t conflict with address space provided by the customer. Customers can provide us with public address space or RFC1918 private address space for our side of the VPN.