Pangea Deployment Architectures

Pangea offers three deployment architectures to address diverse infrastructure and data processing needs, each tailored to specific operational and compliance requirements:

• Pangea SaaS: Fully hosted by Pangea, designed for teams that want to avoid managing the underlying infrastructure.
• Edge: Combines Pangea’s hosted control plane with customer-hosted data processing for data boundary or latency-sensitive needs (supports AWS, Azure, and GCP).
• Private Cloud: Full-stack deployment within customer-controlled environments for maximum control and compliance (supports AWS, Azure, and GCP).

Deployment options overview

Recommended deployment	Requirement	Description
Pangea SaaS	No infrastructure management.	Fully managed by Pangea, with quick deployment and no infrastructure responsibilities.
Edge	Reduced infrastructure management with dataplane resident in company-controlled environment for data boundary or latency purposes.	Data processing within your cloud environment, leveraging Pangea’s hosted control plane.
Private Cloud	Full stack control and management in company-controlled environment for compliance purposes.	All components are deployed within your environment, offering maximum control and security.

note

Edge currently supports the following services:

• Redact
• AI Guard (beta)

Pangea SaaS

Pangea SaaS is a fully managed option that enables teams to quickly integrate Pangea’s services without managing any infrastructure. This deployment model is ideal for organizations that prioritize ease of use and focus on application development.

How it works

• Control plane: Manages service configuration, token handling, and authentication within Pangea’s cloud environment.
• Data plane: Processes API requests securely within Pangea’s infrastructure.

Data flow:

1. Applications send API requests to Pangea’s infrastructure via the API Gateway.
2. The load balancer directs your request to the appropriate service, whether for security (Audit Trail, Authentication), data processing (AI Guard, Prompt Guard, Redact, Vault), or intelligence services (IP, Domain, URL analysis).
3. Processed results are securely returned to the application.

Key considerations

• Ease of use: Ideal for teams wanting rapid deployment with no operational burden.
• Scalability: Automatically scales with Pangea’s infrastructure.
• Best for: Organizations comfortable processing data in the cloud and prioritizing rapid deployment.

Edge

The Edge deployment model strikes a balance between control and convenience by keeping sensitive data within your environment while leveraging Pangea’s hosted control plane.

How it works

• Control plane: Service configuration and token management occur within Pangea's cloud environment.
• Data processing within your cloud boundary: Sensitive data is processed entirely within your infrastructure using Pangea services deployed as container images.

Data flow:

1. Applications send API requests to Pangea services deployed in your cloud environment.
2. Services process requests locally and return results to the application.
3. The control plane remains connected for updates, configuration, and metrics reporting.

Key considerations

• Data locality: Sensitive data stays within your cloud environment, meeting data boundary requirements.
• Technical expertise: Requires moderate infrastructure knowledge. Your team will need to deploy and maintain Pangea services in your cloud environment using container images. This is a manageable task for teams with containerization and cloud experience.
• Best for: Teams with moderate infrastructure expertise needing localized processing for compliance or latency reasons and are not concerned with configurations and metrics being handled outside of their cloud boundary.

Private Cloud

Private Cloud offers the highest level of control by deploying all Pangea components within your environment, making it suitable for organizations with strict compliance and data sovereignty requirements.

How it works

• Full-stack deployment: All services, including the Console Backend, API Gateway, and data processing components, are hosted within your infrastructure.
• Complete sovereignty: Data processing and interactions occur entirely within your environment.

Data flow:

1. API requests are routed to your internal Pangea infrastructure.
2. Requests are processed locally, ensuring no data leaves your environment.
3. Processed results are securely returned to the application.

Key considerations

• Control and compliance: Ensures maximum control and compliance with strict regulatory requirements.
• High operational overhead: Deploying the full Pangea stack requires you to have moderate infrastructure management skills, including the ability to handle updates, scaling, monitoring, and troubleshooting. Your team must be proficient with tools like Helm Charts, container images, and Terraform configurations.
• Best for: Organizations with robust DevOps teams and stringent compliance needs, such as in government or healthcare.

Deployment architecture comparison

Feature	Pangea SaaS	Edge	Private Cloud
Data processing	Pangea Cloud	Within your cloud boundary	Within your cloud boundary
Infrastructure needs	None	Partial management	Full management
Expertise required	Basic API usage	Moderate DevOps Skill	Moderate DevOps Skills
Update responsibility	Automatic	Shared	Manual

Choosing the right architecture

Consider your operational priorities and infrastructure expertise when selecting a deployment model:

• Pangea SaaS: Best for teams that want zero operational overhead and are comfortable processing data in the cloud.
• Edge: Best for organizations requiring localized data processing and are not concerned with configurations and metrics being handled outside of their cloud boundary.
• Private Cloud: Best for enterprises with strict data compliance needs.

Pro tip: Start with Pangea SaaS to quickly evaluate the platform’s capabilities and scale to Edge or Private Cloud as your needs evolve.

Was this article helpful?

Contact us