Remote Support
One of the key differences between VeloDB BYOC and the fully managed VeloDB Cloud service is where the infrastructure runs. In BYOC, infrastructure resources and runtime services run in your own cloud account and VPC. Because of this deployment model, VeloDB engineers do not have persistent or unrestricted access to your environment by default.
For production systems, you may occasionally need VeloDB support for troubleshooting, performance diagnostics, or emergency recovery. To support these cases, VeloDB BYOC uses a zero-trust, audit-focused remote support architecture. This architecture provides temporary and tightly controlled operational access while preserving security isolation.
The remote support architecture is based on the following principles:
- Least-privilege access
- Time-bounded connectivity
- Auditability
- Isolation between operational access and business data
What Remote Support Enables
The remote support framework supports several operational scenarios:
- Emergency troubleshooting: Helps VeloDB engineers diagnose and resolve infrastructure or service-level failures in the BYOC environment.
- Performance diagnostics: Allows analysis of infrastructure metrics, service telemetry, and service-level errors to identify operational bottlenecks.
- Infrastructure coordination: Provides a secure way for VeloDB management services to coordinate with BYOC components deployed in your cloud environment.
This design is intended to reduce the risk of unrestricted access and limit direct access paths to customer infrastructure where applicable.
Approval-Gated Operational Access
Operational access requests are handled through VeloDB's internal Relay System. The Relay System acts as the control layer for:
- Access approval workflows
- Session authorization
- Audit logging and session recording
- Access lifecycle enforcement
Each access request typically specifies the requesting engineer, the target customer environment, the operational purpose, and the requested duration. Access is granted only after the internal authorization workflow is completed. The design aims to avoid direct or unmanaged access paths into customer environments.
Ephemeral Reverse Tunnel
After access is approved, the Relay System coordinates with the BYOC Agent running inside the customer environment to establish a temporary, encrypted reverse tunnel.
The reverse tunnel has the following characteristics:
- Outbound-initiated: The tunnel is initiated from inside the customer environment. No inbound ports need to be exposed to the public internet.
- Session-scoped: Connectivity is established only for the approved support session and is automatically closed after the session expires.
- Isolated: The tunnel exists only for the approved support window.
Time-Bounded Sessions
All support sessions are time-bounded. When the approved access duration expires:
- The reverse tunnel is automatically terminated.
- Connectivity is revoked.
- The engineering session is disconnected.
After an engineer exits the customer environment, the support channel is closed and cannot be reused. Any additional access requires a new approval workflow and a new session.
VeloDB does not maintain persistent connectivity, silent renewal, or long-lived support channels between VeloDB and customer infrastructure.
Audit Logging and Session Recording
All support activities performed through the Relay System are audited. Audit capabilities include:
- Session recording: Captures support session activity.
- Command logging: Tracks commands executed during the session.
- Tamper-evident retention: Stores audit records securely to help preserve integrity and support compliance reviews.
Audit records can be used for internal review and, when applicable, customer compliance review.
Data Access Isolation
Remote support is designed to separate operational access from customer business data. VeloDB engineers are restricted from querying, reading, or exporting customer business data.
Operational access is limited to the information needed for support, such as:
- System and service error logs
- Exception traces and infrastructure metrics
- Process health information
Customer tables, query interfaces, and storage locations remain outside the permission scope. These restrictions are enforced through operating system controls, IAM boundaries, and role-scoped permissions, rather than internal policy alone.