Each deployment of the Virtual Data Lake consists of three separate servers, or nodes, that store the secret shared data, perform operations on it, and communicate with each other to compute the desired result. Roseman Labs offers a few different ways of hosting the servers and of interacting with those. To enable other important functionalities, like user management and script approval, Roseman Labs also offers the web portal that can be used to interface with the VDL. Finally, to enable easy testing and prototyping of crandas scripts, a fully featured Jupyter environment can be provided with our deployments. This Jupyter environment will be pre-configured to connect to the VDL seamlessly.
Production environments come in two different types:
In the first variant, Roseman Labs hosts all three of the VDL servers at three different cloud providers. We ensure each server is managed by a different employee, who have absolutely no access to the server managed by the other employees (based on the principle of “segregation of duties”). This ensures the shares of the secret shared data is safely distributed over three entities. However, we also offer a second variant: each party who wishes to participate in a multiparty computation agreement, can host their own VDL server. If more than three parties participate, only three parties should be selected to manage a server. If only two parties participate, Roseman Labs is able to host the third server.
When using a production environment, no pre-configured Jupyter environment will be provided by Roseman Labs, as these environments normally contain keys for multiple parties to make testing/development easier. However, it would break the security principle if this would be done for a production environment. To be able to execute crandas scripts on a production environment, you should follow the Getting Started/installation (on-premise) tutorial on the crandas documentation.
For design/testing environments, all three VDL nodes may be hosted by a single party (usually: Roseman Labs). Furthermore, no separate admins are present per node, which means a single Roseman Labs server admin can access all servers. Note, this means they could theoretically reconstruct all data from the secret shares uploaded to the VDL. This means design/testing environments should never be used with production data. This might not offer the guaranteed data protection that a production environment offers, but it enables us to solve any problem that might arise with less effort. Furthermore it enables us to provide a Jupyter environment that has crandas installed and is configured to communicate with the correct VDL servers.