Fork me on GitHub
Teleport

Teleport Cloud Architecture

Improve

Security

We have designed the Teleport Cloud environment to be secure; however we are still in the process of scrutinizing and executing on our security roadmap and working with independent security auditors to identify any gaps. Only once this is complete, the team will evaluate whether the Teleport Cloud is ready for strict compliance use-cases.

Compliance

We completed our most current SOC2 type 2 audit on April 12th, 2021.

The report covers:

  • Teleport Open Source
  • Teleport Enterprise, self-hosted
  • Teleport Enterprise, cloud-hosted

Reach out to https://goteleport.com/cloud/sales for report details.

Managed Teleport Settings

SSH sessions are recorded on nodes. Teleport Cloud Proxy does not terminate SSH sessions when using OpenSSH and tsh sessions. The Cloud Proxy terminates TLS for Application, Database and Kubernetes sessions.

Data retention

Data retention cannot currently be configured by customers. All Teleport Cloud customers have audit logs retained in DynamoDB for 1 year, cluster configuration retained in DynamoDB indefinitely, and session recordings retained in S3 indefinitely. When data retention policies are introduced, customers will be contacted and able to specify their preferred data retention schedules.

Customers whose subscriptions lapse will have all session recordings, audit logs, and cluster state deleted between 7 and 30 days after the lapse.

High Availability

Auth Service

The Teleport auth service is deployed within the AWS us-west-2 region in 4 availability zones, and can tolerate a single zone failure. AWS guarantees 99.99% of monthly uptime.

Proxies

The Teleport proxy service can be deployed to multiple AWS regions around the world for low-latency access to distributed infrastructure.

  • us-west-2 (default)
  • us-east-1
  • eu-central-1
  • ap-south-1
  • ap-southeast-1
  • sa-east-1

The multi-region option is currently opt-in by default. Once you have an account, please reach out to your account manager, customer success engineer, or [email protected]. A future update will expand the region availability and make all regions available by default.

Service Level Agreement

Teleport Cloud commits to an SLA of 99.5% of monthly uptime, a maximum of 3 hours 40 minutes of downtime per month. As we continue to invest in the cloud product and infrastructure, the SLA will be increased.