Dedicated Cloud ↗
noOriginal Documentation
Documentation Index#
Fetch the complete documentation index at: https://docs.wandb.ai/llms.txt Use this file to discover all available pages before exploring further.
Deploy W&B Dedicated Cloud in production
W&B Dedicated Cloud is a single-tenant, fully managed platform deployed in W&B’s AWS, Google Cloud, or Azure cloud accounts. Each Dedicated Cloud instance has its own isolated network, compute and storage from other W&B Dedicated Cloud instances. Your W&B specific metadata and data is stored in an isolated cloud storage and is processed using isolated cloud compute services.
W&B Dedicated Cloud is available in multiple global regions for each cloud provider
Compliance#
- SOC 2: W&B Dedicated Cloud’s hosting platform meets the requirements of the Service and Organization Controls (SOC) 2 Type 2, published by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). A SOC 2 report evaluates a service organization’s controls for security, availability, processing integrity, confidentiality, and privacy. W&B Dedicated Cloud is subject to periodic internal and external audits to verify continued compliance. Refer to the W&B Security Portal to request the SOC 2 report and other security and compliance documents.
- HIPAA: When configured appropriately, W&B Dedicated Cloud meets the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Compliance with HIPAA is a shared responsibility that involves W&B, the customer, and any third-party services involved in the deployment. Organizations subject to HIPAA must have a Business Associate Agreement on file with W&B. Refer to the W&B Security Portal to request more information.
Data security#
You can bring your own bucket (BYOB) using the secure storage connector at the instance and team levels to store your files such as models, datasets, and more.
Similar to W&B Multi-tenant Cloud, you can configure a single bucket for multiple teams or you can use separate buckets for different teams. If you do not configure secure storage connector for a team, that data is stored in the instance level bucket.
In addition to BYOB with secure storage connector, you can use IP allowlisting to restrict access to your Dedicated Cloud instance from only trusted network locations.
You can connect privately to your Dedicated Cloud instance using cloud provider’s secure connectivity solution.
You are responsible for ensuring that your deployment complies with your organization’s policies and Security Technical Implementation Guidelines (STIG), if applicable.
Identity and access management (IAM)#
Use the identity and access management capabilities for secure authentication and effective authorization in your W&B Organization. The following features are available for IAM in Dedicated Cloud instances:
- Authenticate with SSO using OpenID Connect (OIDC) or with LDAP.
- Configure appropriate user roles at the scope of the organization and within a team.
- Define the scope of a W&B project to limit who can view, edit, and submit W&B runs to it with restricted projects.
- Leverage JSON Web Tokens with identity federation to access W&B APIs.
Monitor#
Use Audit logs to track user activity within your teams and to conform to your enterprise governance requirements. Also, you can view organization usage in our Dedicated Cloud instance with W&B Organization Dashboard.
Maintenance#
Similar to W&B Multi-tenant Cloud, you do not incur the overhead and costs of provisioning and maintaining the W&B platform with Dedicated Cloud.
To understand how W&B manages updates on Dedicated Cloud, refer to the server release process.
Compliance#
Security controls for W&B Dedicated Cloud are periodically audited internally and externally. Refer to the W&B Security Portal to request the security and compliance documents for your product assessment exercise.
Data retention policy#
By default, a Dedicated Cloud instance retains the following items for 7 days after deletion:
- Runs and history
- Non-artifact run files, such as media, configuration files, and log files
- Artifacts and artifact references
Until this period elapses, these items can be restored. Contact support or your AISE for assistance.
To meet your data retention requirements, you can change the data retention period for your Dedicated Cloud instance. Depending on your use case, select the Environment variable or Helm tab for details.
To change the data retention policy, set the environment variable GORILLA_DATA_RETENTION_PERIOD to a number of hours. For example, to retain deleted data for 14 days (336 hours):
export GORILLA_DATA_RETENTION_PERIOD="336h"
```
<span class="tab-end"></span>
<span class="tab-start" data-tab-title="Helm"></span>
To change the data retention policy, set the Helm value `env.dataRetentionPeriod` to a number of hours. For example, to retain deleted data for 14 days (336 hours):
```helm
env: dataRetentionPeriod: "336h"
```
<span class="tab-end"></span>
<span class="tab-group-end"></span>
## Migration options
Migration to Dedicated Cloud from a [Self-Managed instance](/platform/hosting/hosting-options/self-managed) or [Multi-tenant Cloud](/platform/hosting/hosting-options/multi_tenant_cloud) is supported, subject to specific limits and migration-related constraints
## Next steps
Submit [this form](https://wandb.ai/site/for-enterprise/dedicated-saas-trial) if you are interested in using Dedicated Cloud.