DX Dedicated

DX Dedicated is a fully isolated single-tenant SaaS instance, hosted and maintained by DX in your preferred cloud region. This deployment option combines the low overhead and efficiency of a SaaS platform with the flexibility and privacy benefits of self hosting.

Background

When adopting DevOps tools, customers increasingly prefer SaaS, but customers in highly-regulated industries can’t compromise on their security and compliance requirements. These requirements (e.g. isolated storage of IP) often dictate the need to be on separate cloud infrastructure from other tenants.

Additionally, customers in regulated industries often require the ability to connect users or services running in their corporate network to DX via a private network connection. In a multi-tenant SaaS model, DX can’t support this type of private connectivity easily by default.

DX Dedicated solves these needs by offering a fully isolated, private DX instance, deployed in the customer’s cloud regions of choice. The instance is fully hosted and managed by DX, enabling customers to offload operational overhead and focus on more business-critical tasks.

Compliance

DX Dedicated adheres to various regulations, certifications, and compliance frameworks to ensure the security, and reliability of your data.

Access controls

DX implements strict access controls to protect your environment:

  • Restricts access to the AWS organization to select DX team members.
  • Follows the principle of least privilege, granting only the minimum permissions necessary.
  • Implements comprehensive security policies and access requests for user accounts.

Monitoring

In tenant accounts, DX Dedicated uses:

  • AWS GuardDuty for intrusion detection and malware scanning (coming soon).
  • Infrastructure log monitoring by the DX team to detect anomalous events.

Security

DX Dedicated provides the following security features to protect your data and control access to your instance.

Authentication and authorization

DX Dedicated supports SAML and OpenID Connect (OIDC) providers for single sign-on (SSO). You can configure single sign-on (SSO) using the supported providers for authentication. Your instance acts as the service provider, and you provide the necessary configuration for DX to communicate with your Identity Providers (IdPs).

Secure networking

Two connectivity options are available:

  • Public connectivity with IP allowlists: By default, your instance is publicly accessible. You can configure an IP allowlist to restrict access to specified IP addresses.

  • Private connectivity with VPC peering: You can configure VPC peering for inbound and outbound connections.

For private connections to internal resources using non-public certificates, you can also specify trusted certificates.

Data encryption

Data is encrypted at rest and in transit using the latest encryption standards. Soon, customers can use their own AWS Key Management Service (KMS) encryption key for data at rest. This option gives you full control over the data you store in DX.

Email service

By default, Amazon Simple Email Service (Amazon SES) is used to send emails securely. As an alternative, you can configure your own email service using SMTP.

Custom domain

For increased control over branding, you can use your own hostname to access your DX Dedicated instance. Instead of tenant_name.getdx.io, you can use a hostname for a domain that you own, like dx.my-company.com.

When you add a custom hostname:

  • The hostname is included in the external URL used to access your instance.
  • Any connections to your instance using the previous domain names are no longer available.