Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.maia.ai/llms.txt

Use this file to discover all available pages before exploring further.

provides users with flexible deployment options tailored to their specific requirements, which can be understood broadly as two models: Full SaaS and Hybrid SaaS. Each deployment model offers distinct features and benefits, allowing organizations to choose the option that best aligns with their needs and infrastructure preferences. Each deployment model also comes with its own security considerations.

Full SaaS deployment

In Full SaaS, Matillion manages the entire infrastructure, including deployment and security measures. Users benefit from a hassle-free experience, as Matillion ensures seamless updates and robust security protocols. The Matillion-hosted serves as the backbone, handling execution tasks and securely accessing customer secrets stored in the Matillion Hosted Vault. Full SaaS architecture overview The full architecture for this deployment model can be seen below. Full SaaS Deployment

Security considerations

Authentication mechanisms It’s crucial to ensure strong authentication mechanisms between Matillion containers (where Matillion software components run) and hosted s. Matillion employs secure authentication protocols to prevent unauthorized access, ensuring robust security for data and system integrity. Role-Based Access Control (RBAC) s can be optionally granted limited access to a user’s Cloud account by supplying Matillion with IAM (Identity and Access Management) credentials. When implementing RBAC, it’s essential to follow the principle of least privilege, assigning roles and permissions judiciously to restrict access only to necessary resources and functionalities.

Hybrid SaaS deployment

Hybrid SaaS empowers users to deploy and manage their own execution s within their private cloud infrastructure. This option grants users full control over security measures, network isolation, and access controls. Users can implement stringent security measures, including network segmentation and access restrictions, to safeguard their data effectively. Hybrid SaaS architecture overview The full architecture for this deployment model can be seen below. Hybrid SaaS deployment

Security considerations

Network isolation

Implement strict network isolation for customer-hosted s to minimize exposure. Consider deploying these s within a dedicated network segment or virtual private cloud (VPC) for use only with . s require network access to all resources you intend to utilize, alongside outbound internet connectivity to Matillion’s control plane.

Access controls

Utilize robust access controls at the network and system levels to restrict unauthorized access to customer-hosted s. Ensure that only trusted users and systems have the necessary permissions. Employ the least privilege model to restrict access to only essential resources and functionalities.

Secure communication

Establish secure communication channels between Matillion instances and customer-hosted s. Employ encrypted protocols, such as TLS (TLSv1.2 or higher), and encrypted websocket connections to ensure data security during transmission.

Regular updates

s will automatically receive security updates from Matillion on a regular basis — do not block this automatic update mechanism. If you need to disable automatic updates, make sure to keep up to date with the latest version manually. Additionally, keep access keys/secrets secure, including periodic rotation if required, to maintain robust security practices.