Private Link

​

1. What Private Link solves

• Eliminates public endpoints for the Kumo UI/API; users and automation connect through a Private Link/PSC endpoint inside your network.
• Keeps training and graph processing off the public internet: data is streamed over Private Link to Kumo-managed compute, processed in-memory/ephemeral storage, and discarded when the job finishes.
• Simplifies operations compared to fully air-gapped installs: Kumo hosts and maintains the control plane and compute services that you consume privately.

​

2. Architecture and isolation

• Customer zone (your VPC/VNet): Your data sources/destinations (warehouses, lakes, buckets) remain in your account. You own service accounts/roles and can restrict access paths to Private Link/PSC endpoints only.
• Kumo-managed zone: Control plane (UI, API, scheduler) and data plane (Spark, GPUs for training, graph engine) are hosted by Kumo. These services are reachable only via Private Link/Private Service Connect endpoints you create in your account/subscription. Data pulled for processing is kept in ephemeral storage with 0-day retention.

​

3. Identity and console access

• SSO via SAML or OIDC is required; MFA and device posture remain enforced by your IdP.
• Roles in Kumo are mapped to IdP groups; SCIM/JIT provisioning is available for lifecycle automation.
• Administrative access for Kumo support is optional and can be restricted to your VDI or vendor laptops during onboarding.

​

4. Data flow and protection

• Kumo connects to your warehouses/lakes (Snowflake, Databricks, BigQuery, S3, others) using least-privilege service accounts you own. Connector guides list the exact permissions.
• Training and scoring execute on Kumo-managed compute; data is streamed over Private Link/PSC, processed in-memory/ephemeral volumes, and dropped after the job completes (0-day retention). Outputs are written back to destinations you configure (tables, buckets, or downstream apps).
• All control plane ↔ data plane communication uses TLS over Private Link/PSC. Secrets and artifacts are encrypted at rest in your storage/KMS when written back; Customer-Managed Keys are supported if you want to bring your own KMS keys. Direct file upload can be disabled if you want sources only from your systems.

​

5. Connectivity and dependencies

• Required endpoints: Private Link/PSC endpoints for the Kumo control plane.
• No outbound egress to the public internet: Kumo reads your data only through the Private Link/PSC endpoints, and your users/employees access Kumo only through those same private endpoints.

​

6. Installation flow and customer responsibilities

• Create Private Link/PSC endpoints and network rules so that: (1) Kumo can reach your data warehouses/lakes that hold the relational data for model building, and (2) your employees can access the Kumo UI/API (including SDK) via your corporate network/VDI.
• Configure SSO, network policies, and logging/metrics destinations. Service accounts/roles for each data platform should follow the connector guides.
• Validate end-to-end with a smoke test: ingest → train → score, confirming traffic stays on Private Link paths and is not retained after execution.

​

7. Operations and lifecycle

• Upgrades are delivered by Kumo to the hosted control plane and data plane; compute nodes pull signed images over Private Link/PSC. No public egress is needed for updates, and no job data is retained after runs.
• Support access is time-bounded and can be provided via your VDI/vendor laptop pattern if you want installation assistance or ongoing maintenance.