diff --git a/docs/spicedb-dedicated/dedicated-configuration.md b/docs/spicedb-dedicated/dedicated-configuration.md index d40ebd0..e1b596c 100644 --- a/docs/spicedb-dedicated/dedicated-configuration.md +++ b/docs/spicedb-dedicated/dedicated-configuration.md @@ -39,7 +39,7 @@ There are two rollout strategies: `rolling update` and `immediate`. ### Define Cluster(s) -![Alt text](image-4.png) +define clusters #### Single region deployment diff --git a/docs/spicedb-dedicated/dedicated-isolation.md b/docs/spicedb-dedicated/dedicated-isolation.md new file mode 100644 index 0000000..eeaf93f --- /dev/null +++ b/docs/spicedb-dedicated/dedicated-isolation.md @@ -0,0 +1,11 @@ +# SpiceDB Dedicated Isolation + +SpiceDB Dedicated isolates your workloads from other customers. Cloud accounts, compute resources, databases, and networking are all dedicated to you. + +Additionally, SpiceDB allows you to deploy multiple isolated Permissions Systems into a single SpiceDB Dedicated environment. Each Permissions Systems has it’s own schema and set of relationships. Also, these Permissions Systems impose memory and CPU limits so one Permissions System can’t crowd out another Permissions System. + +By default, API tokens are scoped to a particular Permissions System. [Fine Grained Access Management (FGAM)](/spicedb-dedicated/fgam) can take this farther by restricting API tokens to specified APIs, object types, or object IDs. + +The below diagram gives an overview of the SpiceDB Dedicated isolation model. + +dedicated isolation model diff --git a/docs/spicedb-dedicated/image-4.png b/docs/spicedb-dedicated/image-4.png deleted file mode 100644 index f9c99b4..0000000 Binary files a/docs/spicedb-dedicated/image-4.png and /dev/null differ diff --git a/docs/spicedb-dedicated/overview.md b/docs/spicedb-dedicated/overview.md index e710d0b..66cd49b 100644 --- a/docs/spicedb-dedicated/overview.md +++ b/docs/spicedb-dedicated/overview.md @@ -20,7 +20,7 @@ Please [schedule a call](https://authzed.com/call) to learn more. ## How is SpiceDB Dedicated deployed? -AuthZed provisions and manages an environment for you in a private account within our cloud provider organization. It comes with everything needed to run single and multi-region SpiceDB Permissions Systems in a cloud of your choice. We support AWS and GCP today, with Azure support coming. All resources are fully isolated and dedicated to you. +AuthZed provisions and manages an environment for you in a private account within our cloud provider organization. It comes with everything needed to run single and multi-region SpiceDB Permissions Systems in a cloud of your choice. We support AWS and GCP today, with Azure support coming. [All resources are fully isolated and dedicated to you.](/spicedb-dedicated/dedicated-isolation) ## Pricing diff --git a/sidebars.js b/sidebars.js index 2c91ba8..e99243b 100644 --- a/sidebars.js +++ b/sidebars.js @@ -60,6 +60,7 @@ module.exports = { 'spicedb-dedicated/fgam', 'spicedb-dedicated/audit-logging', 'spicedb-dedicated/dedicated-configuration', + 'spicedb-dedicated/dedicated-isolation', { type: 'category', label: 'Networking', diff --git a/static/img/dedicated-isolation.png b/static/img/dedicated-isolation.png new file mode 100644 index 0000000..de3462c Binary files /dev/null and b/static/img/dedicated-isolation.png differ diff --git a/static/img/define-clusters.png b/static/img/define-clusters.png new file mode 100644 index 0000000..b7cce67 Binary files /dev/null and b/static/img/define-clusters.png differ