Teleport Enterprise Cloud Architecture
- Version 15.x
- Version 14.x
- Version 13.x
- Version 12.x
- Older Versions
- Available for:
We have designed the Teleport Enterprise Cloud environment to be secure. We work with independent security auditors on a regular basis to identify and correct any gaps, while also continuing to iterate on improvements to fortify the platform for the most strict of compliance use-cases.
The Teleport Enterprise Cloud environment is protected from network and transport layer DDoS attacks that may target Teleport tenants by leveraging AWS Shield.
We undergo an annual SOC 2 Type II audit of the Teleport Access Platform.
The audit report covers:
- Teleport Open Source
- Teleport Enterprise, self-hosted
- Teleport Enterprise, cloud-hosted (SaaS)
The SOC 2 report is available for download at trust.goteleport.com.
For any other questions, reach out to https://goteleport.com/cloud/sales.
SSH sessions are recorded on nodes.
Teleport Enterprise Cloud Proxy does not terminate SSH sessions when using OpenSSH and
The Cloud Proxy terminates TLS for Application, Database, and Kubernetes sessions.
Data retention cannot currently be configured by customers. All Teleport Enterprise Cloud customers have audit logs retained in DynamoDB for 1 year, cluster configuration retained in DynamoDB indefinitely, and session recordings retained in S3 indefinitely. When data retention policies are introduced, customers will be contacted and able to specify their preferred data retention schedules.
Customers whose subscriptions lapse will have all session recordings, audit logs, and cluster state deleted between 7 and 30 days after the lapse.
The Teleport Proxy Service is deployed to multiple AWS regions around the world for low-latency access to distributed infrastructure.
Teleport Enterprise Cloud only serves the latest stable release of the Teleport software for its customers.
Teleport Enterprise Cloud team upgrades the service with patch releases weekly and major releases quarterly. The team waits for the first minor release before a major upgrade. For example, the team will deploy 14.1.0 instead of 14.0.0. The first minor release happens 3-4 weeks after a first major release.
Patch releases are fully backward compatible and require no actions by the customer.
Major releases do require customers to upgrade all instances of Teleport they are running within 3 months of the upgrade. Failure to upgrade Teleport instances to the latest major release during this window may lead to compatibility issues with Teleport Enterprise Cloud and a loss of access to your infrastructure.
Subscribe to status updates at status.teleport.sh for Cloud upgrade notifications.
Teleport Enterprise Cloud commits to an SLA of 99.9% of monthly uptime, a maximum of 44 minutes of downtime per month. As we continue to invest in the cloud product and infrastructure, the SLA will be increased.