GoodData Cloud Overview
GoodData Cloud is a cloud-based tool for building and providing multitenant analytics on top of data. The easiest way to start is to visit gooddata.com/trial.
Use GoodData Cloud in case you are looking for a SaaS solution.
- All operation and maintenance task are handled by GoodData.
- The platform is always up-to date.
- GoodData offers tiers with guaranteed SLAs.
- You do not have k8s skill set in your team.
Use GoodData Cloud in case you are looking for a hosted solution. We offer GoodData.CN Community Edition (single docker image) or GoodData.CN for Kubernetes deployments if you prefer self-hosting.
GoodData Cloud Components
The core of the GoodData Cloud is our cloud native platform - set of microservices deployed in Kubernetes. Users can submit queries in Multidimensional Analytical Query Language (MAQL), via AFM API, or through UI applications. GoodData uses metadata and a caching mechanism to optimize query duration and volume of data transferred between data storage and the analytical engine. GoodData implements mechanism for user permissions and data separation.
Metadata
Everything in GoodData Cloud is described through metadata. Metadata in GoodData Cloud is organized as can be seen in the following image:
- Organizations
An organization is a basic unit of isolation for data sources, workspaces, and users. A unique hostname (URL) is generated and assigned to each organization when it is created. To access GoodData Cloud through the web UI or API, users use the hostname that was assigned to the organization. You can have multiple organizations with GoodData Cloud, and all of the resources for hosting the URL are managed by GoodData.
- Data Sources A Data Source is a logical object that represents the database where your source data is stored. There is no ETL from your database to GoodData Cloud. The following metadata is stored within a Data Source:
- Metadata about your schema(s) list of tables / views, columns, primary keys, foreign keys
- Credentials to your data warehouse are securely stored in the metadata database. Once stored credentials cannot be obtained via APIs.
- Workspaces Workspaces hold your Logical Data Model and Analytical Model. They are an environment where you can organize, analyze, and present data. An organization can have multiple workspaces, and they can be arranged in a hierarchy to take advantage of the GoodData Cloud multitenant environment. Root workspaces are the highest level parent workspace in the hierarchy, with all other workspaces being either a child of the root workspace, or a child of the root workspace and parent to another workspace.
- Logical Data Model The Logical Data Model (LDM) is a set of logical objects (datasets and date datasets) and their relationships that represent the data objects and their relationships in your database. Within a multitenant workspace hierarchy, the LDM of a parent workspace is shared with child workspaces.
- The Analytical Model The analytics model is a user’s view on the data in a workspace in a business context. This includes all the metrics, visualizations, and dashboards. Within a multitenant workspace hierarchy, the analytical model of a parent workspace is shared with child workspaces.
- Users The metadata associated with each user from an external identity management system is used to keep track of who is authorized to access the resources for your organization.
- Permissions If the user metadata is list of users who are authorized to access the resources in your organization, permissions determine which actions they can take with the resources.
- Workspace Data Filters Data filters let you limit which data from a parent workspace is available to their child workspaces.
- Data Sources A Data Source is a logical object that represents the database where your source data is stored. There is no ETL from your database to GoodData Cloud. The following metadata is stored within a Data Source:
APIs
The APIs in GoodData can execute analytics directly, and also manage the metadata and version control for your analytic solution. Because almost every feature in GoodData Cloud can be managed or executed through the API, GoodData Cloud can be easily integrated into your own applications.
Analytics Engine
The GoodData analytics engine transforms MAQL queries against your LDM into SQL that is compatible with your database schema. Your database is queried directly through the Analytics Engine and the result returned in the form of a visualization. The analytics engine can be utilized either through the API directly, or from the web interface.
Data
GoodData Cloud connects to your data warehouse or object storage service to deliver analytics. GoodData Cloud does not unload any data from your data source (in ETL sense). GoodData cloud creates in-memory caches with precomputed results to improve performance.
GoodData Cloud Deployment Model
Authenticated users can access GoodData Cloud from any modern web browser that has JavaScript enabled or interact with the components directly through the API. GoodData cloud comes with two deployment options based on your requirements regarding performance and security.
Shared Deployment
Multiple customers share resources in shared deployment. Thus it is not possible to scale single customer independently on other customers in the shared cluster. Each customer has its own organization and is separated from the other customers on metadata level. API calls and communication with data source is through public internet. TLS and IP whitelisting is available to secure communication. This option is the default one and suitable for most of the use cases.
Dedicated Deployment
Single Kubernetes cluster is dedicated to a single customer in this deployment model. This means that the solution can scale more flexibly. We can establish a private link between a dedicated GoodData Cloud cluster and your VPC. This option is suitable if you have strict requirements on security or if you expect your solution will need to scale up/down dynamically.
Security
IP Whitelisting
GoodData Cloud connects to your data source only from the following IP addresses:
- 3.218.100.54/32
- 3.228.159.139/32
- 54.225.71.151/32
Add them to your firewall to enable connection between GoodData Cloud and your data source.
Supported TLS Security Protocols and Ciphers
If you are connecting to the GoodData Cloud from your tool or using our API, use the supported protocols and ciphers, or your connection will be refused during the SSL/TLS handshake.
GoodData Cloud supports TLS 1.2 and TLS 1.3.
TLS 1.2 Cipher Suites
| Priority | Suite |
|---|---|
| 1 | ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| 2 | ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| 3 | ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
TLS 1.3 Cipher Suites
| Priority | Suite |
|---|---|
| 1 | AES_256_GCM_SHA384 |
| 2 | CHACHA20_POLY1305_SHA256 |
| 3 | AES_128_GCM_SHA256 |
Password policy
This password policy is applied only when the GoodData Cloud is handling user authentication. Password is used to log in into GoodData Cloud via UI applications only. Use bearer token in case you want to authenticate your API calls (See chapter authentication).
Validated rules for passwords:
- password has length at least 8 characters
- password includes at least 3 of the following 4 types of characters:
- a lower-case letter,
- an upper-case letter,
- a number,
- a special character (such as !@#$%^&*).
Different rules apply in case you are using your own authentication provider.
Limits
As a general best practice, make sure that you adhere to the GoodData Cloud Limits.
You must log in to the GoodData Support portal to see this article.