LogoLogo
  • Welcome to Release
  • Getting started
    • Quickstart
    • Create an account
    • Prepare to use Release
    • Create an application
      • Create custom application
      • Create from template
      • Servers vs runnables
    • Create an environment
  • Guides and examples
    • Domains and DNS
      • Manage domains
      • DNS and nameservers
        • Configure GoDaddy
        • Configure Cloudflare
        • Configure Namecheap
        • Other DNS hosts
      • Routing traffic
    • Example applications
      • Full stack voting app
      • Flask and RDS counter app
      • Static site with Gatsby
      • Golang with Postgres and Nginx
      • WordPress with MySQL
      • Spring and PostgreSQL
      • Terraform and Flask
      • OpenTelemetry demo
      • Load balancer with hostname
      • Static JavaScript service
      • SSH bastion access to services
      • ngrok and OAuth for private tunnels
      • Using OAuth Proxy
      • Hybrid Docker and static site
      • App Imports: Connecting two applications
      • Example library
    • Running instances
      • Cron jobs
      • Jobs
      • Using Helm charts
      • Using terminal
      • Viewing logs
      • Troubleshooting
        • ImagePullBackoff error
        • CrashLoopBackoff error
        • Exit codes
        • OOM: out of memory
    • Advanced guides
      • Containers guide
      • Application guide
      • Kubernetes guide
      • Create a cluster
      • Upgrade a cluster
      • Managing node groups
      • Patch node groups
      • Hostnames and rules
      • Serve traffic on multiple ports
      • Configure access to your K8s cluster
      • Designing for multiple environments
      • Microservices architecture
      • Monitoring your clusters
      • Performance tuning
      • Visibility and monitoring
      • Working with data
        • Container-based data
        • Seeding and migration
        • Cloud-provided data
        • Golden images
        • Third party
      • Pausing Instant Datasets
        • Application pausing schedules
        • Pause/resume environments
      • Infrastructure as code
        • Terraform
  • Reference documentation
    • Account settings
      • Account info
      • Managing users
      • Build settings
        • Build arguments
        • Build SSH keys
      • Add integrations
      • View clusters and cloud integrations
      • Add datasets
      • Environment handles
    • Workflows in Release
      • Stages of workflows
      • Serial deployments
      • Parallel deployments
      • Rolling deployments
      • Rainbow deployments
    • Networking
      • Network architecture (AWS)
      • Network architecture (GCP)
      • Ingresses
      • IP addresses
      • Cloud-provided services
      • Third-party services
    • Release environment versioning
    • Application settings
      • Application Template
        • Schema definition
      • Default environment variables
      • GitHub
      • Pull requests
      • GitOps
      • Just-in-time file mounts
      • Primary App Link
      • Create application FAQ
      • App-level build arguments
      • Parameters
      • Workspaces
    • End-to-end testing
    • Environment settings
      • Environment configuration
      • Environment variables
        • Environment variable mappings
        • Secrets vaults
        • Using Secrets with GitOps
        • Kubernetes Secrets as environment variables
        • Managing legacy Release Secrets
    • Environment expiration
    • Environment presets
    • Instant datasets on AWS
    • Instant datasets on GCP
    • Instant dataset tasks
      • Tonic Cloud
      • Tonic On-Premise
    • Cloud resources
    • Static service deployment
    • Helm
      • Getting started
      • Version-controlled Helm charts
      • Open-source charts
      • Building Docker images
      • Ingress and networking
      • Configuration
    • GitOps
    • The .release.yaml file
    • Docker Compose conversion support
    • Reference examples
      • Adding and removing services
      • Managing service resources
      • Adding database containers to the Application Template
      • Stock Off-The-Shelf Examples
    • Release API
      • Account Authentication
      • Environments API
        • Create
        • Get
        • Setup
        • Patch
      • User Authentication
      • Environment Presets API
        • Get Environment Preset List
        • Get Environment Preset
        • Put Environment Preset
  • Background concepts
    • How Release works
  • Frequently asked questions
    • Release FAQ
    • AWS FAQ
    • Docker FAQ
    • JavaScript FAQ
  • Integrations
    • Integrations overview
      • Artifactory integration
      • Cloud integrations (AWS)
        • AWS guides
        • Grant access to AWS resources
        • AWS how to increase EIP quota
        • Control your EKS fleet with systems manager
        • Managing STS access
        • AWS Permissions Boundaries
        • Private ECR Repositories
        • Using an Existing AWS VPC
        • Using an Existing EKS Cluster
      • Docker Hub integration
      • LaunchDarkly integration
      • Private registries
      • Slack integration
      • Cloud integrations (GCP)
        • GCP Permissions Boundary
      • Datadog Agent
      • Doppler Secrets Manager
      • AWS Secrets Management
    • Source control integrations
      • GitHub
        • Pull request comments
        • Pull request labels
        • GitHub deployments
        • GitHub statuses
        • Remove GitHub integration
      • Bitbucket
      • GitLab
    • Monitoring and logging add-ons
      • Datadog
      • New Relic
      • ELK (Elasticsearch, Logstash, and Kibana)
  • Release Delivery
    • Create new customer integration
    • Delivery guide
    • Release to customer account access controls
    • Delivery FAQs
  • Release Instant Datasets
    • Introduction
    • Quickstart
    • Security
      • AWS Instant Dataset security
    • FAQ
    • API
  • CLI
    • Getting started
    • Installation
    • Configuration
    • CLI usage example
    • Remote development environments
    • Command reference
      • release accounts
        • release accounts list
        • release accounts select
      • release ai
        • release ai chat
        • release ai config-delete
        • release ai config-init
        • release ai config-select
        • release ai config-upsert
      • release apps
        • release apps list
        • release apps select
      • release auth
        • release auth login
        • release auth logout
      • release builds
        • release builds create
      • release clusters
        • release clusters exec
        • release clusters kubeconfig
        • release clusters shell
      • release datasets
        • release datasets list
        • release datasets refresh
      • release deploys
        • release deploys create
        • release deploys list
      • release development
        • release development logs
        • release development start
      • release environments
        • release environments config-get
        • release environments config-set
        • release environments create
        • release environments delete
        • release environments get
        • release environments list
        • release environments vars-get
      • release gitops
        • release gitops init
        • release gitops validate
      • release instances
        • release instances exec
        • release instances logs
        • release instances terminal
  • Release.ai
    • Release.ai Introduction
    • Getting Started
    • Release.ai Templates
    • Template Configuration Basics
    • Using GPU Resources
    • Custom Workflows
    • Fine Tuning LlamaX
    • Serving Inference
Powered by GitBook
On this page
  • Overview
  • Delivery FAQ

Was this helpful?

  1. Release Delivery

Delivery FAQs

Overview

Release powers the deployment of environments as a service (EaaS) for customers who want to be able to quickly and easily spin up entire application stacks for development, testing, QA, staging, user acceptance testing (UAT), sales demo environments, or production, to name a few of the possible use cases.

Release Private Applications are a unique and modern way for software-as-a-service (SaaS) providers to deploy their products into their customers' cloud accounts for a fully private, single-tenant version of the SaaS provider's platform.

Delivery FAQ

Q: What is software as a service (SaaS)?

SaaS means that a software provider can deliver its product as a service over the internet, rather than as software that the customer needs to install on a computer or server.

The software provider typically deploys this software in a multi-tenanted environment, that is, it usually supports many customers in one deployment or environment stack that is served over the internet.

Q: What is environments as a service (EaaS)?

Environments as a service is the unique and modern Release product offering that customers (in the case of Private Application customers, typically SaaS providers) can use to deploy multiple environments for any use case imaginable.

Q: Tell me a story about software releases?

Long, long ago, before there was an internet, software companies would develop software and then bundle it on physical floppies, CD-ROMs, and even DVDs that customers would physically insert into their computers and then run an installer to use the application software. Typically, there were two versions of the software: a client and a server. As the internet became ubiquitous, most software delivery mechanisms were given to end users via a download package rather than on physical media, but this still required an end user to install the software and configure it in their environment. Most modern software today is delivered as a service so that the "client" is often just a web browser or mobile device and app, and the "server" runs in the control of the software provider rather than the customer. The Release EaaS offering is basically a "SaaS installer" that allows the delivery of private applications into the private cloud accounts of the end customers, starting the next revolution of internet software delivery platforms. This means that a customer could install a private version of a SaaS application under their own control, in their own cloud account.

Q: Why does a SaaS provider or their customer need to use Release at all?

If you are a SaaS provider, you need to think about how to deliver your platform software into a customer's control in a way that is seamless, reliable, and simple to maintain and update. If you are a SaaS customer who wants a single-tenant solution that is deployed in your own cloud account for your own use, you want the same ease of installation and updating of a SaaS offering over the internet, except private and not commingled with other SaaS customers. Release powers this by giving a SaaS provider the ability to deploy a private application as an environment directly into their customer's cloud account in the same way they would deploy their SaaS offering internally for development and testing, externally in production, or privately into their customer's single-tenant experience. As a SaaS provider, you may want access to your customer's private cloud services or data so that you can offer a tailor-made solution for data that the customer would not want to share remotely or would be unable to share due to compliance or security considerations. As a SaaS customer, you may similarly be uneasy (or even unable) to use a SaaS product unless you can ensure that your data and private services are kept completely private and within your control.

Q: What are the security implications of Release-hosted Private Applications?

Release deploys EaaS via a cloud integration, which is a set of credentials for AWS, AWS GovCloud, or GCP that the end customer associates with the SaaS provider's application deployment. Release uses these credentials to build, deploy, and update the infrastructure and codebase for the SaaS provider's private application. The result is that Release needs permissions to build infrastructure, update code, and so forth in the customers' cloud accounts. A detailed list of permissions can be provided in detailed documentation, either directly or as a white-labeled document by the SaaS provider.

Q: How can I trust Release's and my SaaS provider's security postures?

Rest assured that Release can provide a SOC 2 report for commercial accounts and is willing to sign a BSA with HIPAA providers. This should give you comfort that Release's security posture meets or exceeds industry standards and that Release is confident that its systems are reliable and secure. Your SaaS provider can give you all the information regarding their security stance and posture as requested.

Q: Can I just take a bundle of software and install it myself from the SaaS provider?

Currently, Release-hosted Private Applications install in an unattended process that bundles and deploys software without intervention. There is no current offering to bundle and offline-install the private application, although Release is considering many options for features like this in the future.

Q: What are the best strategies for keeping my cloud account secure for Private Applications?

Customers accepting a Release-hosted Private Application in their cloud accounts should follow current best practices:

  • Use a specific, empty subaccount (AWS, AWS GovCloud) or subproject (GCP) in your organization that is isolated and does not have any private or secure data you do not mind sharing with the SaaS provider.

  • Enable strict auditing and controls on the credentials (the "IAM integration role" in AWS and AWS GovCloud, "project permissions" in GCP) that you provide to Release for the cloud integration.

  • Only allow specific applications access to your databases, internal services, or storage objects. For example, for AWS and AWS GovCloud customers, use AWS VPC peering, AWS security groups, AWS IAM policies, and/or AWS PrivateLink to limit access to sensitive resources. For GCP customers, limit access between private projects and folders within the organization so that access between the Release-hosted Private Application and sensitive data or systems is limited only to the specific access that is required.

  • Consider any open-source or third-party security monitoring products to alert and audit access controls made via the AWS role or the GCP project as an ongoing mitigation against unauthorized access.

  • Consider disconnecting the AWS role or GCP project credentials after the initial installation and between updates to limit any unauthorized access in between product updates. Your SaaS provider will need to schedule a manual intervention to allow you to re-engage the permissions so that the private application can be updated. Ask your SaaS provider for details on this option.

PreviousRelease to customer account access controlsNextIntroduction

Last updated 1 year ago

Was this helpful?