How Atlassian Isolated Cloud works
The Atlassian Isolated Cloud offers apps in a dedicated environment so large enterprises can minimize risk, maintain control, and enhance security without sacrificing innovation. It ensures provisioning of dedicated servers, storage, applications, and databases with select data securely compartmentalized and separated from other cloud customers in a virtual private cloud with isolated compute, storage, and networking.
With fewer shared services, you get:
lower risk of performance impact from multi-tenancy
additional control over data egress/ingress, networking, and encryption.
Single-tenant architecture
Atlassian Isolated Cloud supports single-tenant architecture, but its main focus is to be a single-customer architecture. A single organization can have multiple tenants (say, for different business units of the same company) in their Isolated Cloud.
The Atlassian Commercial Cloud, by contrast, uses a multi-tenant architecture. Here, a single instance of a software application serves multiple customers (or tenants). Multi-tenant systems share resources (such as databases and compute instances) between tenants, but keep each tenant’s data and configurations separate. This allows for a balance between efficient resource scaling and tenant security.
Isolated vs shared services
Atlassian Isolated Cloud provides dedicated compute, storage, and networking – all separated and compartmentalized in a virtual private cloud (VPC).
These isolated services constitute a customer data plane.
To create, run, and maintain this plane, Atlassian uses a control plane. The services and platforms on the control plane are shared across the Atlassian Isolated Cloud environments as well as the Atlassian Cloud environment.
The following diagram shows:
The multi-tenant data plane for Atlassian Cloud customers
The isolated customer data plane (one for each customer with Atlassian Isolated Cloud)
The shared control plane
Each Isolated Cloud customer gets:
A dedicated Organizational Unit (OU) and AWS accounts
A dedicated Virtual Private Cloud (VPC)
A dedicated domain and edge
A dedicated network, compute, and resources
A dedicated firewall
Customer-managed keys for long-term persistent user-generated content
How data egress works
Data egress beyond the Isolated Cloud (and even beyond the Atlassian Cloud altogether) is controlled by a set of security controls and rules. Learn more about How data egress works in Atlassian Isolated Cloud.
Was this helpful?