AWS Partner Network (APN) Blog
Creating a Secure Data Catalog with Alation Cloud Services and AWS PrivateLink
By Tamara Astakhova, Sr. Partner Solutions Architect – AWS
By Steve Hindman, Sr. Product Manager – Alation
By Benjamin Ng, Partner Solution Engineer – Alation
By Gene Arnold, Sr. Partner Solution Architect – Alation
Alation |
Security-focused customers are leveraging Amazon Virtual Private Cloud (VPC) to allow migration from on-premises or self-managed infrastructure to an isolated network environment that mitigates potential security risks to data resources.
An enterprise data catalog such as Alation Cloud Service (ACS) connects to data systems in the cloud and on-premises to catalog selected data assets. This allows end users to search, discover, and organize the vast amount of data assets available throughout the enterprise, no matter where that data resides.
One question customers often have is “How can I securely connect my cloud or on-premises data assets to an enterprise data catalog?” AWS PrivateLink provides private connectivity between VPCs and your on-premises networks, without exposing traffic to the public internet. AWS PrivateLink helps to connect services across different accounts and VPCs to significantly simplify your network architecture.
In this post, we will explain how the Alation Data Catalog plus AWS PrivateLink can securely connect to data assets to maintain compliance with security and regulatory requirements.
Alation is an AWS Specialization Partner and AWS Marketplace Seller with the Data and Analytics Competency that’s pioneered the modern data catalog and is making the leap into a full-service platform for data intelligence. Alation is passionate about helping enterprises create thriving data cultures where anyone can find, understand, and trust data.
Alation Cloud Service
The Alation Data Catalog leverages complex algorithms to automatically build a catalog of rich content with context of enterprise data, including relationships between datasets, analyst usage, and people. Analysts and information stewards can search, collaborate, and create insights with increased speed and precision.
Some of the benefits of Alation Cloud Service include:
- Faster time to value: Customers can use the latest catalog innovations as quickly as they’re available.
- Reduced administrative overhead: The servers and Alation Data Catalog applications are administered for the customer by Alation Cloud Operations.
- Adjustable fit for enterprise: Customers can scale their Alation deployment to support many data sources and large number of users.
Alation Integration with AWS PrivateLink
With its support of AWS PrivateLink, Alation offers organizations a software-as-a-service (SaaS)-based enterprise data catalog that helps mitigate exposure to risks of data loss, hacking, and other network security vulnerabilities.
Integration with PrivateLink helps add a layer of network security and isolation between the customer’s VPC and Alation Cloud Service. This integration allows customers to send catalog metadata without using the public internet, thus reducing their risk exposure.
Additionally, point-to-point connectivity benefits of PrivateLink allows customers to choose which data asset to share with Alation, while other resources in the customer’s VPC remain private to the customer. This pointed connectivity also helps implement the least privilege principle.
Unlike in a traditional AWS PrivateLink network connection, where the customer VPC is often the data consumer and the connected cloud service is the data provider, in the Alation Cloud Service-to-customer connectivity model, the VPC is the service provider and ACS is the service consumer. This model means the customer VPC sends data to ACS.
The diagram below shows the architectural details for using AWS PrivateLink to connect your Alation Cloud Service instance with a data source in your AWS account.
Figure 1 – Alation Cloud Service and AWS PrivateLink integration.
The customer data sources can reside inside the customer VPC, which must be in the same AWS region as the ACS instance the customer is using. The second use case is when the data sources may be located in a different AWS region, which requires a cross-region VPC-to-VPC connection.
In the third use case, where the data sources are located on-premises, the customer must utilize AWS Direct Connect to provide network connectivity to their VPC. The customer can use a hub-and-spoke model to connect many data sources to their Amazon VPC.
Once the customer VPC has established the required connectivity to their data sources, and the AWS PrivateLink connection between ACS and the customer VPC has been configured, the customer can begin using Alation Connectors to extract and send metadata back to ACS for organization into the data catalog.
Following are key steps required to connect AWS PrivateLink to Alation Cloud Service and your AWS-based data sources:
- Create or choose an existing Network Load Balancer and add the data source details using target groups.
- Create a VPC endpoint service.
- Establish connection, which requires email communication or a support call with Alation.
- Configure data sources in Alation using the configured AWS PrivateLink connection.
Check the Alation documentation to learn about prerequisites and how to enable AWS PrivateLink with Alation Cloud Managed Instance.
Customer Use Case
Customers of Alation choose to use AWS PrivateLink when security protocols are of the utmost importance. For example, HIPAA regulation requires healthcare organizations to encrypt personal health information (PHI) stored or transmitted between systems.
All of the metadata Alation collects is always encrypted, and AWS PrivateLink provides an extra layer of security at the network layer by allowing connectivity to private subnets isolated from the internet and/or keeping their traffic off the public internet.
Using PrivateLink enables both customers and Alation to securely access data assets while ensuring the isolation of all other VPC resources. This approach facilitates the implementation of security best practices in data management and assists companies in complying with industry regulations and standards, such as HIPAA, PCI DSS, and others.
Conclusion
Businesses that want to accelerate data intelligence initiatives while keeping a high level of security should consider using a data catalog in conjunction with AWS PrivateLink.
Benefits of Alation Cloud Service with AWS PrivateLink are:
- Rapid implementation of cloud-based data intelligence platforms.
- Secure connections without metadata going over the public internet.
- Improved network performance via private connector.
- Scale to many data sources and large number of users.
To learn more about Alation Data Catalog, which is available for purchase through AWS Marketplace. Speak to your Alation account representative for custom purchase options. For any additional information, contact your Alation business partner.
Alation – AWS Partner Spotlight
Alation is an AWS Specialization Partner that’s pioneered the modern data catalog and is making the leap into a full-service platform for data intelligence. Alation is passionate about helping enterprises create thriving data cultures where anyone can find, understand, and trust data.