Enhance the Security and Performance of your Managed Databases with Private Networks

Compared to an on-premise, self-managed Database, a fully Managed Database can help you save time and drastically reduce infrastructure setup and management costs. But at the same time, you want to make sure you have the benefits of this service without any trade-offs for the security or privacy of your data.

Whether you want to populate your front end with accurate data, insert new records into your database, or perform data analysis for Business Intelligence purposes, being able to reach your database from your application with low latency is at the heart of your requirements and remains critical for your business alongside the security and resilience of your data.

You deserve it all

In order to reach that point, you need a solid infrastructure that you can rely on entirely at every step of the way, and combine performance with security and resilience as these are the main requirements of your architecture. I like to call it "I want it all," and indeed, you deserve it all.

For cloud providers, balancing these requirements can be trickier than it seems. For example, keeping latency low while enabling geographically distant, highly available resources to be in a Virtual Private Cloud (VPC) is actually pretty complex.

However, we strive to continuously improve what matters the most to our customers and the overall European cloud offer. As one of Scaleway’s VPC products, Private Networks is essential for database users to keep their infrastructure highly secure and interconnected. Both PostgreSQL and MySQL Managed Databases can now be attached to a Private Network, enabling you to have all your backend resources in a VPC and isolate the traffic in terms of network between your application and your database.

Enhance Security

Private Networks enhances the security of your cloud-oriented architecture by completely isolating it from the public internet: you can configure your own Layer-2 network with IPv4 addresses, and the private IP addresses of your resources will not be visible from outside your VPC, which gives you higher protection against cyber attacks.

Note that this does not mean that your database was vulnerable without the Private Networks feature of DBaaS. You’ve always been able to configure the list of authorized IPs so that no inbound source can reach your DB unless it has been whitelisted. Data in transit is also encrypted. Inside a PN or without PN, your Database is never at the mercy of hackers!

Improve Performance

The Private Networks feature brings significant change to the architecture of Scaleway's Managed Databases: when using Private Networks, your application connects directly to your DB's active node, without going through a load balancer. The new architecture described in the graph below boosts the DB’s performance by reducing the latency between your DB and your application endpoint, which will no longer require a public IP to reach your Scaleway Database Instance.

Note that this architecture is only applicable when using the Private Networks feature on DBaaS, in the other case we use the original Load Balancers-based architecture that you can check out on our website.

DBaaS benchmarks

To better illustrate the improvement in database performance, we did several benchmarks on DBaaS by changing sets of parameters of all types:

• Development and General Purpose DB instances
• All instances size from XS to L
• Both local and Block Storage types
• Paris, Amsterdam, Warsaw
• Standalone and High Availability

The benchmarks mainly focused on the average latency of read and write requests, and showed an average drop of 60%. In other words, you can CRUD up to 60% faster!

The following table shows some outstanding examples of latency reduction with Private Networks compared to a public connection to your database.

*TPC-B measures throughput in terms of how many transactions per second a system can perform.

Benchmark conditions :

• using pgbench
• scaling factor: 100
• query mode: simple
• number of threads: 1 | 2
• number of clients: 1 | 50
• duration: 120 s

The entire Database team is proud to share these results with you because this improvement is a key milestone as we understand how important it is to our users. We will continue to invest our time and efforts to meet the expectations of our users who "want it all".

If you need help to set up your first Private Network with our Console, check out the tutorial. More importantly, don’t hesitate to submit your feature request to help our team understand what you need.