Pangea Deployment Architectures

Pangea offers three deployment architectures to address diverse infrastructure and data processing needs, each tailored to specific operational and compliance requirements:

• Pangea SaaS

  A fully hosted solution managed by Pangea that is ideal for teams that want a quick setup with no infrastructure responsibilities. Pangea handles everything, allowing you to deploy quickly and focus solely on using the platform.

• Edge

  Combines Pangea's hosted control plane with customer-hosted data processing. Designed for teams with data boundary or latency-sensitive requirements. Data processing happens within your cloud environment (AWS, Azure, or GCP), while configurations are managed in Pangea’s hosted console.

• Private Cloud

  A fully self-managed deployment where all components, including the UI console, run in your infrastructure. This option offers the highest level of control, security, and compliance and supports AWS, Azure, and GCP.

Deployment options comparison

	Pangea SaaS	Edge	Private Cloud
Requirements	No infrastructure management	Limited infrastructure management with data plane in the company-controlled environment for data boundary or latency purposes	Full stack control and management in the company-controlled environment for compliance purposes
Cloud service providers	AWS	AWS, Azure, GCP	AWS, Azure, GCP
Data processing	Pangea Cloud	Within your cloud boundary	Within your cloud boundary
Infrastructure needs	None	Partial management	Full management
Expertise required	Basic API usage	Moderate DevOps Skill	Moderate DevOps Skills
Update responsibility	Automatic	Shared	Manual

note

Edge currently supports the following services:

• Redact
• AI Guard (beta)

Pangea SaaS

Pangea SaaS is a fully managed option that enables teams to quickly integrate Pangea’s services without managing any infrastructure. This deployment model is ideal for organizations that prioritize ease of use and focus on application development.

How it works

• Control plane: Manages service configuration, token handling, and authentication within Pangea’s cloud environment.
• Data plane: Processes API requests securely within Pangea’s infrastructure.

Data flow:

1. Applications send API requests to Pangea’s infrastructure via the API Gateway.
2. The load balancer directs your request to the appropriate service, whether for security (Audit Trail, Authentication), data processing (AI Guard, Prompt Guard, Redact, Vault), or intelligence services (IP, Domain, URL analysis).
3. Processed results are securely returned to the application.

Key considerations

• Ease of use: Ideal for teams wanting rapid deployment with no operational burden.
• Scalability: Automatically scales with Pangea’s infrastructure.
• Best for: Organizations comfortable processing data in the cloud and prioritizing rapid deployment.

Edge

The Edge deployment model strikes a balance between control and convenience by keeping sensitive data within your environment while leveraging Pangea’s hosted control plane.

How it works

• Control plane: Service configuration and token management occur within Pangea's cloud environment.
• Data processing within your cloud boundary: Sensitive data is processed entirely within your infrastructure using Pangea services deployed as container images.

Data flow:

1. Applications send API requests to Pangea services deployed in your cloud environment.
2. Services process requests locally and return results to the application.
3. The control plane remains connected for updates, configuration, and metrics reporting.

Key considerations

• Data locality: Sensitive data stays within your cloud environment, meeting data boundary requirements.
• Technical expertise: Requires moderate infrastructure knowledge. Your team will need to deploy and maintain Pangea services in your cloud environment using container images. This is a manageable task for teams with containerization and cloud experience.
• Best for: Teams with moderate infrastructure expertise needing localized processing for compliance or latency reasons and are not concerned with configurations and metrics being handled outside of their cloud boundary.

Private Cloud

Private Cloud offers the highest level of control by deploying all Pangea components within your environment, making it suitable for organizations with strict compliance and data sovereignty requirements.

How it works

• Full-stack deployment: All services, including the Console Backend, API Gateway, and data processing components, are hosted within your infrastructure.
• Complete sovereignty: Data processing and interactions occur entirely within your environment.

Data flow:

1. API requests are routed to your internal Pangea infrastructure.
2. Requests are processed locally, ensuring no data leaves your environment.
3. Processed results are securely returned to the application.

Key considerations

• Control and compliance: Ensures maximum control and compliance with strict regulatory requirements.
• High operational overhead: Deploying the full Pangea stack requires you to have moderate infrastructure management skills, including the ability to handle updates, scaling, monitoring, and troubleshooting. Your team must be proficient with tools like Helm Charts, container images, and Terraform configurations.
• Best for: Organizations with robust DevOps teams and stringent compliance needs, such as in government or healthcare.

Choosing the right architecture

Consider your operational priorities and infrastructure expertise when selecting a deployment model:

• Pangea SaaS: Best for teams that want zero operational overhead and are comfortable processing data in the cloud.
• Edge: Best for organizations requiring localized data processing and are not concerned with configurations and metrics being handled outside of their cloud boundary.
• Private Cloud: Best for enterprises with strict data compliance needs.

Pro tip: Start with Pangea SaaS to quickly evaluate the platform’s capabilities and scale to Edge or Private Cloud as your needs evolve.

Was this article helpful?

Contact us