phData will work with customer’s Network and Security teams to establish a Site-to-Site VPN. phData will use customer’s IP space to setup the VPN. The VPN will only have access to Cloudera infrastructure and required administrative portals. phData maintains a Windows jump host that all phData access will be managed from. The host will have the highest security standards applied (patching, Anti-virus, video recording, named accounts, no internet access (provided through VPN)). The VPN network will only have this Windows host. Access to the host will be limited to only members of phData that have been communicated to work on your account. The list will be provided when anything changes. You can access for audits and video recordings of the jump host at any time.
phData is using non-publicly-routed public-address space to connect to the Jumpbox. We use this non-publicly-routed public-address ensure we don’t conflict with address space provided by the customer. Customers can provide us with public address space or RFC1918 private address space for our side of the VPN.
- Site-to-Site VPN from a phData Managed Virtual Private Cloud (VPC) to the customer environment.
- phData Managed VPC is limited to accessing only nodes managed by phData and does not have any other network access including the internet.
- phData Managed VPC contains a phData managed jumpbox and nothing else.
- Access to the Jumpbox is restricted to named accounts who need access to the environment.
- Jumpbox authentication follows all standard security mechanisms including strong passwords, rotating passwords, and named accounts.
- Everything phData employees do will be recorded and the recording will be encrypted and accessible only to our General Counsel and Chief Technology Officer. Customers can request recordings at any time.