|
1 | 1 | --- |
2 | | -title: "Bring Your Own Cloud" |
3 | | -description: "Configure Cursor for your documentation workflow" |
| 2 | +title: "BYOC (Bring Your Own Cloud)" |
| 3 | +sidebarTitle: "Bring Your Own Cloud" |
| 4 | +description: "Allows you to deploy E2B sandboxes to your own cloud VPC." |
4 | 5 | icon: "cloud" |
5 | | ---- |
| 6 | +--- |
| 7 | + |
| 8 | +BYOC is currently only available for AWS. |
| 9 | +We are working on adding support for Google Cloud and Azure. |
| 10 | + |
| 11 | +<Note> |
| 12 | + BYOC is offered to enterprise customers only. |
| 13 | + If you’re interested in BYOC offering, please book a call with our team [here](https://e2b.dev/contact) or contact us at [enterprise@e2b.dev](mailto:enterprise@e2b.dev). |
| 14 | +</Note> |
| 15 | + |
| 16 | +## Architecture |
| 17 | + |
| 18 | +Sandbox templates, snapshots, and runtime logs are stored within the customer's BYOC VPC. |
| 19 | +Anonymized system metrics such as cluster memory and cpu are sent to the E2B Cloud for observability and cluster management purposes. |
| 20 | + |
| 21 | +All potentially sensitive traffic, such as sandbox template build source files, |
| 22 | +sandbox traffic, and logs, is transmitted directly from the client to the customer's BYOC VPC without ever touching the E2B Cloud infrastructure. |
| 23 | + |
| 24 | +### Glossary |
| 25 | +- **BYOC VPC**: The customer's Virtual Private Network where the E2B sandboxes are deployed. For example your AWS account. |
| 26 | +- **E2B Cloud**: The managed service that provides the E2B platform, observability and cluster management. |
| 27 | +- **OAuth Provider**: Customer-managed service that provides user and E2B Cloud with access to the cluster. |
| 28 | + |
| 29 | +<Frame> |
| 30 | + <img src="/images/byoc-architecture-diagram.png" alt="Graphics explaining key BYOC architecture parts" /> |
| 31 | +</Frame> |
| 32 | + |
| 33 | +### BYOC Cluster Components |
| 34 | +- **Orchestrator**: Represents a node that is responsible for managing sandboxes and their lifecycle. Optionally, it can also run the template builder component. |
| 35 | +- **Edge Controller**: Routes traffic to sandboxes, exposes API for cluster management, and gRPC proxy used by E2B control plane to communicate with orchestrators. |
| 36 | +- **Monitoring**: Collector that receives sandbox and build logs and system metrics from orchestrators and edge controllers. Only anonymized metrics are sent to the E2B Cloud for observability purposes. |
| 37 | +- **Storage**: Persistent storage for sandbox templates, snapshots, and runtime logs. Image container repository for template images. |
| 38 | + |
| 39 | +## Onboarding |
| 40 | + |
| 41 | +Customers can initiate the onboarding process by reaching out to us. |
| 42 | +Customers need to have a dedicated AWS account and know the region they will use. |
| 43 | +After that, we will receive the IAM role needed for managing account resources. |
| 44 | +For AWS account quota limits may need to be increased. |
| 45 | + |
| 46 | +Terraform configuration and machine images will be used for provisioning BYOC cluster. |
| 47 | +When provisioning is done and running, we will create a new team under your E2B account that can be used by SDK/CLI the same way as it is hosted on E2B Cloud. |
| 48 | + |
| 49 | +## FAQ |
| 50 | + |
| 51 | +### How Is Cluster Monitored? |
| 52 | + |
| 53 | +Cluster is forwarding anonymized metrics such as machine cpu/memory usage to E2B Control plane for advanced observability and alerting. |
| 54 | +The whole observability stack is anonymized and does not contain any sensitive information. |
| 55 | + |
| 56 | +### Can cluster automatically scale? |
| 57 | + |
| 58 | +A cluster can be scaled horizontally by adding more orchestrators and edge controllers. |
| 59 | +The autoscaler is currently in V1 not capable of automatically scale orchestrator nodes that are needed for sandbox spawning. |
| 60 | +This feature is coming in the next versions. |
| 61 | + |
| 62 | +### Are sandboxes accessible only from a customer’s private network? |
| 63 | + |
| 64 | +Yes. Load balancer that is handling all requests coming to sandbox can be configured as internal and VPC peering |
| 65 | +with additional customer’s VPC can be configured so sandbox traffic can stay in the private network. |
| 66 | + |
| 67 | +### How control plane secure communication is ensured? |
| 68 | + |
| 69 | +Data sent between the E2B Cloud and your BYOC VPC is encrypted using TLS. |
| 70 | + |
| 71 | +VPC peering can be established to allow direct communication between the E2B Cloud and your BYOC VPC. |
| 72 | +When using VPC peering, the load balancer can be configured as private without a public IP address. |
0 commit comments