Private Cloud on AWS Deployment Options
If you have requirements that are not met by the Public Cloud deployment option, you can choose one of the Private Cloud on AWS deployment options:
Private Cloud on AWS Basic is a dedicated option that builds on Public Cloud performance and management. It addresses specific data residency needs and includes a PCI add-on.
Private Cloud on AWS Performance includes all Private Cloud on AWS Basic capabilities with increases requests per second (RPS) to 500, upgrade control, load testing, and a GEO-HA add-on.
Private Cloud on AWS Performance Plus includes all Private Cloud on AWS Performance capabilities and increases RPS to 1,500 and load testing.
Operational differences
The table below compares each of the Private Cloud options with the Public Cloud option.
| Feature | Public Cloud | Private Cloud on AWS Basic | Private Cloud on AWS Performance | Private Cloud on AWS Performance Plus |
|---|---|---|---|---|
| Tenancy | Multi | Single | Single | Single |
| Requests per second (RPS) | 100 | 100 | 500 | 1,500 |
| Service level agreement (SLA) | 99.99% | 99.99% | 99.99% | 99.99% |
| Data residency | Public cloud regions only | Yes | Yes | Yes |
| Upgrade flexibility | No | No | Yes | Yes |
| Dev environment | No | No | 1 | 1 |
Data residency and isolation
With Private Cloud on AWS, you can choose the region where your data is stored. Auth0 can provide a list of available regions that use three availability zones for the deployment. All data can remain and be stored in the chosen region. This is crucial in instances where regulations prevent data from being stored or processed outside the origin region.
Backups and logs
For Private Cloud on AWS customers, by default, backups will be processed and stored in the United States (USA). Service logs will be processed in the region closest to where Private Cloud is hosted, currently, this includes:
Australia
Canada
Germany
India
Ireland
Japan
United States
Data sovereignty
If you have data sovereignty requirements, Auth0 supports Public Cloud deployments in the following regions:
United States
Europe
Australia
Japan
Otherwise, the Private Cloud on AWS can be supported in other regions (except China). Furthermore, Auth0 can deploy backups to AWS's S3 service in the same region that hosts the Private Cloud.
Maximum availability
Auth0's Private Cloud on AWS instances have a 99.99% service level agreement (SLA).
High demand apps
If your application requires a significantly high amount of requests per second (RPS), you may also wish to consider Private Cloud on AWS. Public and Private Cloud deployment options support up to 100 requests per second (RPS). If you require more than 100 RPS, you should choose a Private Cloud deployment option. See the rate limits policies for more information about the standard rate limits. For Private Cloud deployments, the limit is 100 RPS with an upgrade to 1,500 RPS.
PCI compliance certification
If your application is PCI Compliant or striving to be, and your requirements indicate that your identity provider also needs to be PCI compliant, this is only available as a Private Cloud on AWS addon. Public Cloud customers cannot acquire this benefit.
Add-ons and service differences
| Add-on or Service | Public Cloud | Private Cloud on AWS Basic | Private Cloud on AWS Performance | Private Cloud on AWS Performance Plus |
|---|---|---|---|---|
| GEO-HA | Yes in US and EU only | No | Yes | Yes |
| PCI | No | Yes | Yes | Yes |
| Additional dev environments | No | No | Yes | Yes |
Geographic high availability
With the Geographic High Availability (GEO-HA) add-on, you will have the highest form of dedicated deployment availability offered by Auth0.
The standard dedicated deployment is a single-region, high availability solution, but the GEO-HA add-on extends the cluster with a geographically-distributed region where the maximum round-trip latency does not exceed 100 milliseconds. This is referred to as a high-availability GEO cluster, which is a warm standby configuration with failure handling for rapid recovery during a regional outage.
PCI certified
Auth0's dedicated deployments are ISO27001, SOC 2 Type II, ISO27018, and HIPAA BAA compliant, but the PCI Certified add-on ensures that your deployment is compliant with PCI-DSS requirements as well.
Additional dev environments
Private Cloud on AWS Performance and Performance Plus deployments include a fully-isolated and independently-updated instance for development and testing. You can add additional pre-production environments to meet your business requirements.
Limitations
Data residency
Private Cloud on AWS is fully deployable (meeting full data sovereignty requirements) in the following regions:
USA
Europe
Australia
Japan
Canada
Guardian MFA
Auth0’s default public Guardian MFA application (the app you can download from your MobileOS's AppStore) is not compatible with dedicated instances because it is always pointing to cloud shared endpoints. However, you can still leverage Auth0 Guardian via the Guardian SDK. Using the Guardian SDK, you can build your own MFA application that calls the Guardian API and can provide push notifications via Guardian. You can still leverage third-party MFA solutions via Auth0, such as Duo or Google Authenticator, while deployed within Private Cloud on AWS, this simply would not leverage Auth0 Guardian.
User import and export
User import with hashed password is available upon request.