> For the complete documentation index, see [llms.txt](https://docs.groundcover.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.groundcover.com/~/revisions/ETrLpNk6KtHjyaVUTLoE/architecture/incloud-managed.md).

# inCloud Managed

{% hint style="info" %}
groundcover inCloud Managed is only available on our Enterprise plan. Learn more about our [subscription p](https://www.groundcover.com/pricing)[lans](https://www.groundcover.com/pricing).
{% endhint %}

## What is inCloud Managed?

groundcover inCloud Managed is a managed enterprise solution designed for installing groundcover’s observability backend infrastructure within your own cloud environment to enable the ultimate level of control, privacy, and customization.

<figure><img src="/files/FL8j5ubMhceEGaCXMYVo" alt=""><figcaption></figcaption></figure>

### How does it work?

Installed in a separate, isolated cloud provider account owned by your organization, it ensures the most secure and private environment for groundcover's infrastructure, separating it from other workloads and minimizing interference.

groundcover's control plane manages, configures, and maintains the necessary infrastructure and workloads within the cloud provider account. It leverages a variety of additional services by the cloud provider, including cloud storage, managed Kubernetes services, virtual private cloud networks, and load balancers, to create a robust and scalable environment.

Access to this account is securely managed through your cloud provider’s built-in access federation features, with specific roles and permissions set up to ensure that the groundcover control plane can manage resources effectively, while adhering to strict security principles. It also allows for secure telemetry data delivery, infrastructure monitoring, log management, and real-time data handling.

The entire setup, from infrastructure provisioning to ongoing maintenance, is managed by groundcover, providing an enterprise solution that minimizes the operational burdens of installing and maintaining your observability solution. In addition, security patching, health monitoring, and scaling are all automated.

groundcover Managed can be deployed using any cloud provider account. Follow our setup instructions in the following guides:

<table data-view="cards"><thead><tr><th></th><th data-hidden data-card-cover data-type="files"></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><a href="/pages/9XLEVs388EmaAQObzuYK"><strong>Setup with AWS</strong></a></td><td><a href="/files/tMAHF2VjslvBbZTAchAw">/files/tMAHF2VjslvBbZTAchAw</a></td><td><a href="/pages/9XLEVs388EmaAQObzuYK">/pages/9XLEVs388EmaAQObzuYK</a></td></tr><tr><td><a href="/pages/UV1hsRbKvZiGirNPykdT"><strong>Setup with GCP</strong></a></td><td><a href="/files/gXCazBPhpezS3nXzcbeZ">/files/gXCazBPhpezS3nXzcbeZ</a></td><td><a href="/pages/UV1hsRbKvZiGirNPykdT">/pages/UV1hsRbKvZiGirNPykdT</a></td></tr><tr><td><a href="/pages/QaaOXWMGPafUsPQI5Cpc"><strong>Setup with Azure</strong></a></td><td><a href="/files/eI8KWZKAZfNNc2xT8vua">/files/eI8KWZKAZfNNc2xT8vua</a></td><td><a href="/pages/QaaOXWMGPafUsPQI5Cpc">/pages/QaaOXWMGPafUsPQI5Cpc</a></td></tr></tbody></table>

### Supports object storage as component of storage strategy&#x20;

groundcover inCloud Managed allows you to leverage object storage as an additional data storage option that lives together with the out-of-the-box ClickHouse integration. This allows you total flexibility on what data you need to have stored in a fast and powerful storage (ClickHouse), and what data you need in the most cost-effective longer term storage (Amazon S3, Google Cloud, Azure Blob, etc.). Perfect to support cold storage needs.&#x20;

### Security Principles

* groundcover is denied access at the IP route level from sending traffic towards your production workloads.
* inCloud instances are isolated from public traffic at the IP route level.
* Kubernetes Public API is exposed to predefined IP addresses \[`3.86.137.43`, `44.217.56.175`]
  * These addresses are groundcover control plane addresses with limited access enforced via internal security measurements <br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.groundcover.com/~/revisions/ETrLpNk6KtHjyaVUTLoE/architecture/incloud-managed.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.