A n essential part of responsibly practicing machine learning is understanding how you secure your data. H2O Managed Cloud offers a single-tenant cloud environment with multiple layers of security – but how do you get your data securely into the cloud for training, and how do you score sensitive information without exposing it to the internet?
To solve this, H2O.ai is thrilled to announce that H2O Managed Cloud with AWS PrivateLink connectivity is now generally available in all regions supported by H2O Managed Cloud. The announcement of general availability comes together with the designation of H2O.ai as an AWS PrivateLink Service Ready partner .
During the feature preview period, we received positive feedback from our customers in the insurance industry that connectivity to H2O Managed Cloud using AWS PrivateLink helps them adhere to regulatory and security requirements while enforcing private-only network connectivity. This motivated us to support AWS PrivateLink and achieve a stamp of approval from AWS by becoming an AWS PrivateLink Service Ready partner. This illustrates the strength of the collaboration between H2O and AWS.
Overview of the network connectivity –
In the above diagram, we use two PrivateLink connections to secure both inbound and outbound traffic from your H2O Managed Cloud environment.
Each PrivateLink provides unidirectional connectivity only to the shared service, allowing the VPCs to exchange data without exposing traffic to the internet.
How is it done?
1. Inbound AWS PrivateLink connectivity (into the H2O Managed Cloud VPC) –
Inbound connectivity can be configured from one or more customer accounts.
The configuration is applied automatically to the customer’s account using an AWS CloudFormation that H2O will supply.
Behind the scenes, the AWS CloudFormation will configure VPC endpoints and Route53 records that allow the connection to the H2O Managed Cloud VPC.
This connectivity allows the customer to interact with the H2O Managed Cloud, either using the user interface or accessing programmatically to score data coming for the customer VPC using MLOps endpoints.
2. Outbound AWS PrivateLink connectivity (into the customer VPC) –
The customer supplies VPC service endpoints to H2O.
Setting up the connection to the endpoints will be created by automation maintained by the managed cloud DevOps team.
Outbound connectivity will enable data ingesting for various data sources that reside in the customer’s AWS environment or are accessible via the customer’s AWS network.
As part of the AWS PrivateLink configuration, the customer can choose whether to completely isolate the H2O Managed Cloud environment from the internet or configure it in a hybrid mode that still allows inbound and outbound internet connectivity.
The user sets the network connectivity in a self-serve manner using the Managed Cloud Admin Center application, which is the customer’s admin console for the Managed Cloud platform.
What else does PrivateLink have to offer?
The benefits of having a PrivateLink connection don’t end with security. PrivateLink connectivity also simplifies the operational overhead of interconnecting multiple VPCs, allows elasticity, and offers low latency and high throughput network connectivity. These advantages help our customers train and score their data securely, reliably, and fast.
For additional details and more information, please refer to the links below: