Oso Self-Hosted
Deploying Oso into your own infrastructure is currently supported in Beta status for AWS-based deployments.
We have also been prototyping Oso deployments into other environments, so if you are interested, let us know:
Compatibility matrix
| Feature | Oso Cloud | Oso Self-Hosted |
|---|---|---|
| Deployment | Managed by Oso | AWS (others in development) |
| Monitoring | Managed by Oso | Datadog, Honeycomb |
| Storage | Managed by Oso | S3 + EBS + MSK in your AWS account |
| Management Tools | Web UI + CLI | oso-manager CLI |
| Scaling | Managed by Oso | Horizontal Scale on AWS ECS |
Deployment and management
Because the goal of Oso Self-Hosted is to give you more control, we try to make the process as transparent as possible. In order to do this, we separate the Oso-specific resources and workflows from the AWS-provided resources and workflows.
We deploy all AWS resources using Infrastructure As Code (IAC) modules that we provide to you. You can customize these modules with different configuration options to control what you deploy, and we have verified that these configurations will work with Oso.
For Oso specific resources and workflows, we include an Oso Manager tool. You can see some usage examples below.
Monitoring and support
We include recommended alerting and monitoring configuration in the Self Hosted Oso package. Because you have full visibility into the base AWS resources, most issues should be resolvable without the extra latency of escalating to Oso. This is meant to give your team more confidence in the ongoing management of the Oso Self-Hosted deployment.
However, in cases where the issue is with Oso itself, you can reach out to us in your dedicated company Slack channel. For urgent issues and emergencies, we will provide an escalation path that you can use to page an On-Call Oso engineer.
Releases and upgrades
When a new Oso Self-Hosted release is available, we will provide a new package that contains:
- The new Docker images for running the Oso services.
- The new Infrastructure As Code (IAC) configuration.
- Upgrade instructions.
Because the service deployment uses modern immutable infrastructure practices and rolling updates, all upgrades are possible without downtime.
End to end encryption
All traffic to the Oso Self-Hosted endpoint is encrypted with TLS. However, this endpoint is not a public endpoint, and does not require registering a public domain.
This means that the Oso Self-Hosted deployment uses a self signed certificate, and the Oso tools must be configured to use a custom DNS for resolving the internal endpoint, and a custom CA to trust the endpoint certificate. Currently these options are supported as direct configuration options for:
oso-cloudCLI.- Typescript Library.
- The
oso-managertool (part of Oso Self-Hosted).
For other libraries, the configuration must be added on the OS level. If you need support for one of the other libraries, let us know by scheduling a meeting below.
Talk to an Oso engineer
If you want to discuss Oso Self-Hosted, schedule a 1x1 with an Oso engineer. We're happy to help.