Eliminate the exposure of sensitive data to the public cloud with secure network connectivity to Kaleido nodes via AWS PrivateLink. Provides private connectivity between virtual private clouds (VPCs), AWS services, and on-premise applications on the Amazon network, making it easy to connect services across different accounts and VPCs.
Gain complete control over your networking layers by configuring securely partitioned private and public streams.
Use private IP connectivity and security groups so your services function as though they were hosted directly on your private network.
Easily migrate traditional on-premise applications to SaaS offerings hosted in the cloud.
There are a variety of circumstances (e.g. sensitive data, security regulations, etc.) where it may be desirable or possibly mandated to communicate with the Kaleido network via non-public routes. To accommodate this requirement, Kaleido offers the ability to configure nodes with a private ingress and connect through your AWS Virtual Private Cloud (VPC) via a PrivateLink endpoint. This ensures that all traffic passing through the node’s private ingress will emanate from your virtual cloud network and remain completely isolated from the public internet.
The extent to which private networking is enforced is at the complete discretion of the organizational admin overseeing the configuration(s). Public and private ingresses are not mutually exclusive, meaning that the node can be configured to accept connections through either gateway if the public ingress remains enabled. This provides organizations with complete control over their networking layers and allows for private and public streams to be partitioned accordingly.
The only stipulations for private connections are the presence of the Ethereum-compatible applications/resources in your VPC and a PrivateLink endpoint provisioned against the Kaleido service. Kaleido does not generate separate hostnames for nodes with a private ingress, thus allowing for developers to orchestrate the RPC or WebSocket provider calls in the same manner as they would for a standard public connection.
VPC networking orchestrations (internet gateways, network address translation, etc.) do not interfere with the ability to connect privately to a Kaleido node and should be maintained by the relevant AWS admin user(s) in accordance with their organization’s standards.