Securing your time-series data with VPC Peering for Timescale Forge
To begin our third week of Always Be Launching month, we are announcing Timescale Forge VPC Peering: Securely connect your existing infrastructure to Timescale Forge without ever exposing it to the public Internet, to ensure the safety and privacy of all your data.
Shout out to the engineers and designers who worked on this feature: Anthony Dodd, Nick Calibey, James Hong and Camila Hirthe Memelsdorff and the entire team of reviewers and testers!
Last week, we talked about how a cloud-native database service should balance a worry-free experience with flexibility and control. (See Announcing Explorer: A better way to understand your cloud database for details.)
Today, we’re excited to release Timescale Forge Virtual Private Cloud (VPC) Peering, a new feature that enables you to securely access your time-series data stored in Timescale Forge from your existing cloud infrastructure. With VPC Peering, you get the added confidence of knowing that your data can only be securely accessed from your applications (and other infrastructure already being run on AWS), without exposing your Timescale Forge services to the wider Internet.
VPC Peering is ideal for users who desire more security and control over who can access their services on Timescale Forge. Timescale Forge now allows you to create multiple Virtual Private Clouds for your project, and flexibly attach database services to these VPCs. This means that you could have a separate VPC for different applications or for your dev, staging, and production environments, each with their own set of security and access control preferences.
Timescale Forge VPC Peering enables you to create a private network peering connection between your Amazon VPC(s) and your Timescale Forge VPC(s). This “peering” makes it possible for the machines in the two VPCs to speak to each other directly without going through the public Internet. Your services within your Timescale Forge VPC will only be accessible from your Amazon VPC. By isolating services in such a manner, you gain greater security and control over your services, thanks to a reduced attack surface.
As part of our “Always Be Launching” month, we’re launching VPC Peering and a host of other new features for Timescale Forge, aimed at providing developers with even more control through greater scale, security, robustness, and management.
Keep reading for more about VPCs, how VPC Peering on Timescale Forge works, and how to get started with the new powerful security capability (or jump right to the VPC Peering docs).
If you’re new to Timescale, create a free account to get started with a fully-managed Timescale Forge service (100% free for 30 days, no credit card required). After creating a new database service, just navigate to the VPC tab to create a VPC and a peering connection.
Once you are using Timescale, please join the Timescale community and ask any questions you may have about time-series data, databases, and more.
And, for those who share our mission and want to join our fully remote, global team: we are hiring broadly across many roles.
How VPC Peering works
Virtual Private Clouds (VPCs) are an abstraction which allow all your resources to communicate with each other as if they were located in a single datacenter and single private network. VPCs are useful because they provide you with greater security and access control over infrastructure running on your network.
VPC Peering creates a private network peering connection between your Amazon VPC (and your associated AWS resources) and a Timescale Forge VPC (and its associated TimescaleDB services). This makes it possible for machines in the different VPCs to talk to each other directly without going through the public Internet (in fact, they both communicate using private IP addresses which are not routable on the public Internet). By doing so, resources in these separate VPCs can behave as if they were part of the same datacenter, which enables you to enforce more stringent security and access control rules. It’s that “control and flexibility” that certain developers require for their operational needs.
Using VPC Peering on Timescale Forge is a four-step process:
- Users can create a new VPC to attach database services to. Once created, your VPC will show its availability (e.g., ready to go and has another peering connection successfully established with it).
- Users can configure their VPC to “peer” with their existing Amazon VPC.
- Users can move existing databases to this new VPC, and any new databases can be created within the VPC to start so they are never exposed to the public Internet. It’s as simple as selecting the VPC during service creation.
- Users can connect to any database service within their Timescale Forge from their own AWS infrastructure simply by using their database service’s hostname.
VPC Peering on Timescale Forge is easy to get started with, but is also designed to support more complex deployments, such as users creating separate VPC(s) for their dev, staging, and production environments. For example, when a service “graduates” from staging to production, you could re-assign that service to your production VPC with a single click, while keeping the service secure and never exposed to the public Internet. Or, you can move a service from within a VPC to the public Internet if needed (although still only accessible via SSL), or vice versa.
For more on how to setup VPC Peering and what you can do with it, please watch our VPC Peering on Timescale Forge demo video:
Securing your data
VPC Peering adds another important layer of security to Timescale Forge. Our goal is always to deliver a worry-free experience for all developers, and we take the safety and security of your data as utmost importance.
Here are just a few of the other ways in which Timescale takes your security seriously:
- High Availability via instantaneous recovery for all services.
- Continuous, incremental backup and restore for all services.
- Data is encrypted at rest for all services.
- Data is encrypted in transit and only accessible via SSL.
- Role-based access controls within your database service.
And even more to come soon
Today’s release marks the the third announcement about new Timescale Forge features and enhancements this month, joining our new Explorer (a rich administrative dashboard designed to help you better understand the state of your database) and new storage plans that scale up to 10TB (for 100+TB of pre-compressed data – see Twitter thread for details).
But, we have more to come this month – and beyond! Read our CEO's post for more details about “Always Be Launching” May, kicked off by our announcement of $40M of new financing.
We continue to be excited and passionate about the future of Timescale and time-series data – and shipping updates that allow developers to measure what matters.
If you’re new to Timescale, create a free account to get started with a fully-managed Timescale Forge instance (100% free for 30 days). After creating a new database service, just navigate to the VPC tab to create a VPC and a peering connection.
See the Timescale Forge VPC docs for more information about creating a new VPC and peering connection, as well as migrating services between public and private networks and between VPCs.
And once you are using TimescaleDB, please join the TimescaleDB community and ask any questions you may have about time-series data, databases, and more.
And, for those who share our mission and want to join our fully remote team: we are hiring broadly across many roles.
To the stars! 🐯 🚀