Skip to content

Commit 303009d

Browse files
authored
chore: update 'pick a product' and 'datastores'. remove 'expedited support' (#433)
1 parent a74f955 commit 303009d

File tree

6 files changed

+78
-255
lines changed

6 files changed

+78
-255
lines changed

pages/authzed/concepts/expedited-support.mdx

Lines changed: 0 additions & 83 deletions
This file was deleted.

pages/authzed/concepts/workload-isolation.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ import YouTube from "react-youtube";
22

33
# Workload Isolation
44

5-
Workload Isolation is functionality exclusive to AuthZed products that guarantees exclusive access to hardware to guarantee performance.
5+
Workload Isolation is functionality exclusive to AuthZed products by which we give your SpiceDB deployments access to hardware that is only used by you, to guarantee performance and prevent "noisy neighbor" problems.
66

77
## Control Plane
88

pages/authzed/guides/picking-a-product.mdx

Lines changed: 14 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -2,28 +2,27 @@ import { Callout } from "nextra/components";
22

33
# Picking the right AuthZed Product
44

5-
For those that want to consume SpiceDB without the overhead of operating the service, AuthZed offers managed SpiceDB services and support.
5+
AuthZed offers both self-hosted and managed SpiceDB services and support.
66

7-
When evaluating AuthZed's products, there are a few different requirements that can dramatically influence your decision.
8-
This document is designed to give a high-level overview so that you can effectively evaluate those relevant to your specific use case.
7+
This document is designed to give a high-level overview of the features supported in each so that you can decide which option is better for your use case.
98

109
## Feature Matrix
1110

12-
The following table maps functional requirements to their respective products:
13-
14-
| Requirements | [Open Source] | [Cloud] | [Dedicated] | [Enterprise] |
11+
| Feature | [Open Source] | [Cloud] | [Dedicated] | [Enterprise] |
1512
| ---------------------------- | :-----------: | :-----: | :---------: | :----------: |
13+
| Self-Hosted |||||
14+
| No-commit pricing |||||
1615
| [Materialize (Early Access)] |||||
1716
| [Management Dashboard] |||||
18-
| No-commit pricing |||||
1917
| [Private Networking] | DIY ||| DIY |
2018
| [Workload Isolation] | DIY ||| DIY |
21-
| Self-Hosted |||||
2219
| [Automated Updates] | DIY ||| DIY |
2320
| [SOC2 Compliance] | DIY ||| DIY |
2421
| [Audit Logging] |||||
25-
| [Multi-Region] | DIY ||| DIY |
22+
| [Multi-Region Deployments] | DIY ||| DIY |
2623
| [Security Embargo] |||||
24+
| [Restricted API Access] | DIY ||||
25+
| [Expedited Support] |||||
2726

2827
[Cloud]: #cloud
2928
[Dedicated]: #dedicated
@@ -33,9 +32,13 @@ The following table maps functional requirements to their respective products:
3332
[Audit Logging]: ../concepts/audit-logging
3433
[Automated Updates]: ../concepts/update-channels
3534
[Management Dashboard]: ../concepts/management-dashboard
36-
[Multi-Region]: ../concepts/multi-region
35+
[Multi-Region Deployments]: ../concepts/multi-region
3736
[SOC2 Compliance]: https://security.authzed.com
3837
[Security Embargo]: ../concepts/security-embargo
38+
[Expedited Support]: https://authzed.com/pricing#support-packages
39+
[Private Networking]: ../concepts/private-networking
40+
[Workload Isolation]: ../concepts/workload-isolation
41+
[Restricted API Access]: ../concepts/restricted-api-access
3942

4043
## Product Overviews
4144

@@ -55,9 +58,7 @@ Functionality includes:
5558

5659
- Creating organizations, teams, and delegating access with your SSO provider
5760
- Commitment-free, usage-based monthly pricing
58-
- Workload Isolation vastly improving performance & latency
59-
- Deployments in more regions, including Europe
60-
- Full SpiceDB API access: Watch API, HTTP API
61+
- Possibility of creating your permission system in more regions, including Europe
6162
- Enterprise features like Audit Logs, Restricted API Access
6263

6364
AuthZed Cloud is built on the same foundation that's serving critical production workloads in AuthZed Dedicated.
@@ -66,33 +67,10 @@ AuthZed Cloud is built on the same foundation that's serving critical production
6667

6768
Dedicated is a managed service that offers fully private deployments of our cloud platform in your cloud provider and regions of choice.
6869

69-
Dedicated features highlights include:
70-
71-
- Our most popular product
72-
- [Materialize (Early Access)]
73-
- [Workload Isolation]
74-
- [Private Networking]
75-
- [Multi-Region Deployments]
76-
- [SOC2 compliance]
77-
- [Security Embargo]
78-
- [Restricted API Access]
79-
- [Audit Logging]
80-
- [Update Channels]
81-
- [Expedited Support]
82-
8370
Dedicated is sold and renewed on an annual basis.
8471

8572
You can [schedule a call] to learn more.
8673

87-
[Materialize (Early Access)]: ../concepts/authzed-materialize
88-
[Multi-Region Deployments]: ../concepts/multi-region
89-
[Private Networking]: ../concepts/private-networking
90-
[Workload Isolation]: ../concepts/workload-isolation
91-
[SOC2 compliance]: https://security.authzed.com
92-
[Update Channels]: ../concepts/update-channels
93-
[Security Embargo]: ../concepts/security-embargo
94-
[Restricted API Access]: ../concepts/restricted-api-access
95-
[Expedited Support]: ../concepts/expedited-support
9674
[schedule a call]: https://authzed.com/call?utm_source=docs
9775

9876
### Enterprise

pages/spicedb/concepts/datastores.mdx

Lines changed: 22 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -2,27 +2,28 @@ import { Callout } from "nextra/components";
22

33
# Datastores
44

5-
In order to reduce operational complexity, SpiceDB leverages existing, popular systems for persisting data.
5+
SpiceDB uses existing, popular database systems for persisting data.
66

77
AuthZed has standardized our managed services on CockroachDB, but we give self-hosted customers the option to pick the datastore that best suits their operational requirements.
88

9-
- [CockroachDB](#cockroachdb) - Recommended for self hosted deployments with high throughput and/or multi-region requirements
9+
- [CockroachDB](#cockroachdb) - Recommended for self-hosted deployments with high throughput and/or multi-region requirements
1010
- [Cloud Spanner](#cloud-spanner) - Recommended for self-hosted Google Cloud deployments
1111
- [PostgreSQL](#postgresql) - Recommended for self-hosted single-region deployments
1212
- [MySQL](#mysql) - Not recommended; only use if you cannot use PostgreSQL
1313
- [memdb](#memdb) - Recommended for local development and integration testing against applications
1414

15-
## CockroachDB
16-
17-
### Usage Notes
18-
1915
<Callout type="warning">
20-
SpiceDB's Watch API requires CockroachDB's [Experimental Changefeed] to be enabled.
16+
If the database you want to run SpiceDB on isn't listed above, please file an issue (or search for existing ones) in our [GitHub repository]
17+
so that we can gauge interest and guide development.
2118

22-
[Experimental Changefeed]: https://www.cockroachlabs.com/docs/v22.1/changefeed-for
19+
[GitHub repository]: https://github.com/authzed/spicedb
2320

2421
</Callout>
2522

23+
## CockroachDB
24+
25+
### Usage Notes
26+
2627
- Recommended for multi-region deployments, with configurable region awareness
2728
- Enables horizontal scalability by adding more SpiceDB and CockroachDB instances
2829
- Resiliency to individual CockroachDB instance failures
@@ -81,11 +82,12 @@ AuthZed has standardized our managed services on CockroachDB, but we give self-h
8182

8283
#### Overlap Strategy
8384

84-
In distributed systems, you can trade-off consistency for performance.
85+
In distributed systems, you can trade-off [consistency] for performance.
8586

8687
CockroachDB datastore users that are willing to rely on more subtle guarantees to mitigate the [New Enemy Problem] can configure `--datastore-tx-overlap-strategy`.
8788

8889
[New Enemy Problem]: /spicedb/concepts/zanzibar#new-enemy-problem
90+
[consistency]: /spicedb/concepts/consistency
8991

9092
The available strategies are:
9193

@@ -122,20 +124,17 @@ ALTER ZONE default CONFIGURE ZONE USING gc.ttlseconds = 90000;
122124

123125
#### Relationship Integrity
124126

125-
Relationship Integrity is a new experimental feature in SpiceDB that ensures that data written into the supported backing datastores (currently: only CockroachDB) is validated as having been written by SpiceDB itself.
127+
Relationship Integrity is a feature in SpiceDB that ensures that data written into the supported backing datastores (currently: only CockroachDB) is validated as either having been written by SpiceDB itself, or that the caller has access to the key(s) necessary to write those relationships.
126128

127-
- **What does relationship integrity ensure?**
128-
Relationship integrity primarily ensures that all relationships written into the backing datastore were written via a trusted instance of SpiceDB or that the caller has access to the key(s) necessary to write those relationships.
129-
It ensures that if someone gains access to the underlying datastore, they cannot simply write new relationships of their own invention.
129+
It ensures that if someone gains access to the underlying datastore, they cannot simply write new relationships of their own invention.
130130

131-
- **What does relationship integrity _not_ ensure?**
132-
Since the relationship integrity feature signs each individual relationship, it does not ensure that removal of relationships is by a trusted party.
133-
Schema is also currently unverified, so an untrusted party could change it as well.
134-
Support for schema changes will likely come in a future version.
131+
Since the relationship integrity feature signs each individual relationship, it does not ensure that removal of relationships is by a trusted party.
132+
Schema is also currently unverified, so an untrusted party could change it as well.
133+
Support for schema changes will likely come in a future version.
135134

136135
##### Setting up relationship integrity
137136

138-
To run with relationship integrity, new flags must be given to SpiceDB:
137+
To run with relationship integrity, the following flags must be given to SpiceDB:
139138

140139
```zed
141140
spicedb serve ...existing flags...
@@ -144,19 +143,19 @@ spicedb serve ...existing flags...
144143
--datastore-relationship-integrity-current-key-filename="some.key"
145144
```
146145

147-
Place the generated key contents (which must support an HMAC key) in `some.key`
146+
Place the generated key contents (which must support an HMAC key) in `some.key`.
148147

149148
##### Deployment Process
150149

151-
1. Start with a **clean** datastore for SpiceDB. **At this time, migrating an existing SpiceDB installation is not supported.**
152-
2. Run the standard `migrate` command but with relationship integrity flags included.
153-
3. Run SpiceDB with the relationship integrity flags included.
150+
1. Start with a **clean** datastore for SpiceDB. (Migrating from an existing SpiceDB installation is not supported).
151+
2. Run the standard `spicedb migrate head` command.
152+
3. Run SpiceDB with the flags specified in the section above.
154153

155154
## Cloud Spanner
156155

157156
### Usage Notes
158157

159-
- Requires a Google Cloud Account with an active Cloud Spanner instance
158+
- Requires a Google Cloud Account with an active Cloud Spanner instance.
160159
- Take advantage of Google's TrueTime.
161160
The Spanner driver assumes the database is linearizable and skips the transaction overlap strategy required by CockroachDB.
162161

0 commit comments

Comments
 (0)