inCloud Managed

Last updated 2 months ago

inCloud Managed

groundcover inCloud Managed is only available on our Enterprise plan. Learn more about our .

What is inCloud Managed?

groundcover inCloud Managed is a managed enterprise solution designed for installing groundcover’s observability backend infrastructure within your own cloud environment to enable the ultimate level of control, privacy, and customization.

How does it work?

Installed in a separate, isolated cloud provider account owned by your organization, it ensures the most secure and private environment for groundcover's infrastructure, separating it from other workloads and minimizing interference.

groundcover's control plane manages, configures, and maintains the necessary infrastructure and workloads within the cloud provider account. It leverages a variety of additional services by the cloud provider, including cloud storage, managed Kubernetes services, virtual private cloud networks, and load balancers, to create a robust and scalable environment.

Access to this account is securely managed through your cloud provider’s built-in access federation features, with specific roles and permissions set up to ensure that the groundcover control plane can manage resources effectively, while adhering to strict security principles. It also allows for secure telemetry data delivery, infrastructure monitoring, log management, and real-time data handling.

The entire setup, from infrastructure provisioning to ongoing maintenance, is managed by groundcover, providing an enterprise solution that minimizes the operational burdens of installing and maintaining your observability solution. In addition, security patching, health monitoring, and scaling are all automated.

groundcover Managed can be deployed using any cloud provider account. Follow our setup instructions in the following guides:

Supports object storage as component of storage strategy

groundcover inCloud Managed allows you to leverage object storage as an additional data storage option that lives together with the out-of-the-box ClickHouse integration. This allows you total flexibility on what data you need to have stored in a fast and powerful storage (ClickHouse), and what data you need in the most cost-effective longer term storage (Amazon S3, Google Cloud, Azure Blob, etc.). Perfect to support cold storage needs.

Security Principles

groundcover is denied access at the IP route level from sending traffic towards your production workloads.
inCloud instances are isolated from public traffic at the IP route level.
Kubernetes Public API is exposed to predefined IP addresses [3.86.137.43, 44.217.56.175]
- These addresses are groundcover control plane addresses with limited access enforced via internal security measurements