Cloud Native
Tacnode offers cloud-agnostic, fully managed data services through innovative cloud-native technologies.
Cloud-Agnostic Architecture
Tacnode's computing abstraction is the Warehouse, which provides computing services to users. Users can connect directly to the Warehouse using a PostgreSQL-compatible client or methods like JDBC/ODBC. A Warehouse comprises multiple computing units (Units), managed using K8S container technology for easy and rapid horizontal scaling to enhance computing power. Charges are based on the number of computing units used and the duration.
Tacnode's storage abstraction is a database. Users combine business-related data to form a database, a logical storage unit. Data is physically stored in cloud storage, such as block storage (EBS, etc.) and object storage (S3, OSS, etc.). The data volume in a single Tacnode database is unlimited, with storage and computing billed per use.
Tacnode utilizes standard cloud components like EBS and S3 and containerization technology like K8S, enabling quick service deployment across major cloud providers.
Compute-Storage Separation
A core value of cloud computing is elasticity. To maximize this, Tacnode employs a storage-computing decoupling architecture, allowing independent elasticity for computing and storage. Users can increase computing resources without altering storage resources. Tacnode's computing units and storage can be infinitely expanded, ensuring rapid response to growing business performance needs.
Computing resources can be adjusted in seconds without data copying, allowing new computing nodes to provide services immediately. When storage is insufficient, the system quickly adds storage, accessible by all databases. The Warehouse dynamically manages database data shards for optimal performance without waiting for data copying, achieving storage and computing separation with millisecond latency.
While many products adopt storage-computing decoupling, supported scenarios vary. For data warehouse products, achieving this is easier due to lower latency requirements. However, for Data Warehouses covering database scenarios, a millisecond-level latency decoupling architecture is necessary, presenting significant technical challenges compared to real-time data warehouse systems with second-level latency.
Fully-managed
Public clouds offer elasticity, but resource allocation often takes minutes, which doesn't meet Tacnode's need for second-level scaling. Tacnode addresses this with a fully managed service on the public cloud and a shareable resource pool, enabling rapid scaling at lower costs. In case of public cloud machine failures, the fully managed service uses the resource pool for automatic failover, ensuring High-Availability.
Tacnode's fully managed service includes monitoring capabilities, providing insights into virtual warehouse operations, database sizes, and more.
The service also offers automatic backup capabilities, allowing users to restore data to a correct backup if incorrect data is written.
Tacnode provides Open APIs, enabling users to automate management operations through scripts, implementing infrastructure as code with a cloud-native development model.
Security & Compliance
Data security is Tacnode’s top priority. To ensure system safety and reliability, Tacnode continuously invests in security, enhancing it in several ways.
Private Link: Recommended for all users to connect to Tacnode, ensuring only applications and clients in the user's VPC can access the system, preventing unauthorized network access.
IP Access List: When Private Link isn't feasible and the public network is used, Tacnode supports a public network access list. Users can add client IPs to the list, ensuring connections only from listed machines, effectively preventing malicious attacks.
Fine-grained access control: Supports detailed access control for legitimate users, with row-level and column-level permission control for precise data access management.
Data encryption: Tacnode encrypts stored data, ensuring that hackers, cloud vendors, or service providers cannot access specific data content, enhancing data security.