Manage Helios BYOC
On this page
After setting up Helios BYOC, you can manage your workspaces, databases, and other SingleStore Helios features via the Cloud Portal.
For information on shared responsibilities of the customer and SingleStore, refer to Shared Responsibility.
Note
The Control Plane must have the required privileges and network access configured during bootstrapping to manage and deploy Helios BYOC via the Cloud Portal.
Authentication
Token-Based Authentication
SingleStore’s Cloud Portal supports token-based secure authentication, which is based on username and password.
Single Sign-On Authentication
The Cloud Portal supports authentication via cloud-native identity providers that support the SAML protocol, such as Okta, Ping, Azure AD for SSO.
Authenticate via JWTs
The Cloud Portal supports authentication via JSON Web Tokens (JWTs).
EKS IRSA
The Helios BYOC running on Kubernetes uses EKS IRSA as a non-static authentication mechanism at the control-plane operational level (backend).
Open ID Connect (OIDC)
The Cloud Portal supports self-service OIDC authentication using Okta, Azure, Ping, JumpCloud, etc.
IP Allowlisting
Use the IP Allowlist to ensure that a SingleStore workspace can only be accessed by a specified set of IP addresses.
Administration
Role-Based Access Control at the Feature Level
The Role-Based Access Control (RBAC) framework controls access to the features in the Cloud Portal at different levels, such as, organizations and workspace groups.
Role-Based Access Control at the Database Level
The Role-Based Access Control (RBAC) framework controls access at the database level.
SingleStore recommends storing role/account creation commands in a separate version-controlled file.
Row-Level Security
Row-Level Security (RLS) allows only those users who have the required permissions to access data by rows in a database.
Logging and Monitoring
Internal Logs
All of the internal logs are available to ensure a full audit trail.
Grafana also queries the user logs (database-associated) of the clusters deployed in the Data Plane.
Audit Logs
SingleStore captures and manages all the logs within a cluster.ADMIN-ONLY-INCLUDING-PARSE-FAILS
audit logging level which logs all the valid and invalid statements and queries.
Control Plane Audit Logs
Control Plane audit logs identify and log the user actions in the Control Plane that can be used to track user activity.
Data Plane Audit Log Forwarding
You can view Data Plane logs using AWS CloudTrail.
Updates
Updates are classified into two categories:
-
SingleStore updates: Updates to the SingleStore engine, including minor/major releases and maintenance updates, which can be scheduled in a maintenance window of your choice under the Updates tab in the Cloud Portal.
Refer to SingleStore Helios Scheduled Updates for more information. -
Kubernetes and infrastructure updates: You may also apply Kubernetes and infrastructure security patches and updates in a preferred maintenance window.
Note
Any additional updates to the infrastructure must be reviewed with SingleStore.
Last modified: December 4, 2024