Bluescape Architecture

Bluescape Organizations, workspaces, and members can exist in a multi-tenant (shared) production instance along with many other Bluescape customers. Or you can use a Private Instance; a dedicated environment where all Bluescape back-end services have been replicated to maintain isolation of your data from any other customer’s data. This is useful when your company’s security standards demand such isolation.

Bluescape offers both customer-managed Private Instances, and Bluescape-managed Private Instances.

Bluescape-managed Private Instances enable custom encryption key functionality, leveraging customer-dedicated AWS accounts and the AWS Key Management Service (KMS). KMS allows customers to automatically generate encryption keys to secure their datastores, as well as rotate or disable the keys if required. This arrangement creates a separation of datastores from the Bluescape service. Customers can revoke Bluescape access to their datastores, if necessary.

Customer-managed Private Instances are useful for customers that want complete control over their Bluescape implementation and can run Bluescape on their own cloud.

For more information about the different Bluescape environments available to customers, see the table below.

Not what you were looking for? Ask the community for help.