LaserData Cloud
Getting Started

Platform Overview

Key capabilities of the LaserData Cloud platform

Apache Iggy

Apache Iggy is a high-performance, persistent message streaming platform written in Rust, capable of processing millions of messages per second with ultra-low latency. It supports TCP, QUIC, HTTP, and WebSocket transports natively, with features like consumer groups, message deduplication, and server-side encryption.

Why LaserData Cloud

LaserData Cloud is the enterprise platform for Apache Iggy. It handles deployment, management, scaling, networking, security, observability, and connectors — so you can focus on your streaming workloads instead of infrastructure.

Complete Isolation by Default

Every deployment is fully network-isolated from day one - no traffic is allowed in or out until you explicitly create access rules. This includes LaserData itself - our control plane orchestrates infrastructure but has zero network access to your deployment endpoints or data. Your messages, streams, and client connections never transit the control plane. You are in full control.

Enterprise-Grade Security

  • Pull-based architecture - the Warden agent initiates all connections outbound. No inbound ports, no SSH, no remote access of any kind
  • Cryptographic verification - all binaries signed and verified before execution, all operational tasks signed with Ed25519
  • Automated TLS - certificate issuance and rotation handled automatically, all connections encrypted end-to-end
  • Zero-downtime upgrades - atomic binary swaps with automatic rollback on failure

Organization & Access Control

A full multi-tenant hierarchy - Tenant > Division > Environment > Deployment - with hierarchical RBAC that lets you scope permissions down to individual environments. Built-in role templates (Owner, Admin, Developer, Viewer, Billing) plus fully custom roles with per-division and per-environment overrides. Manage teams, invitations, and API keys programmatically.

Full API Coverage

Everything you can do in the Console is available via API. Two API layers - the main API for resource management and the deployment API for operations - both authenticated with the same API keys and RBAC model. Build CI/CD pipelines, Terraform providers, and custom integrations with complete programmatic control.

Built-in Connectors

Connectors extend every deployment with natively compiled Rust source and sink plugins for integrating with external systems - PostgreSQL, Elasticsearch, Apache Iceberg, Quickwit, and more. Activate from the Console, configure stream mappings, run multiple instances - all fully managed.

Comprehensive Observability

Built-in monitoring with metrics, heartbeats, logs, and immutable audit trails. Redirect logs and traces to your own OpenTelemetry-compatible endpoint for full integration with your existing stack.

Key Features

  • Stream UI - built-in web interface on every node for browsing streams, topics, messages, and consumer groups - runs locally in full data isolation
  • Versioned configuration - create, activate, and roll back Iggy and connector configs with full version history
  • Multi-cloud - deploy to AWS or GCP, or run On-Premise on any infrastructure
  • 9 deployment tiers - from Free (development) to 16XLarge (up to 64 vCPUs, 512 GB RAM, 15 TB NVMe)
  • High availability - Replica deployments with synchronous replication and automatic failover on Large tier and above

Deployment Models

Three models, same management experience. Every deployment runs the Warden agent and Iggy server - the difference is where the infrastructure lives.

ModelInfrastructureBest For
ManagedLaserData's cloudFully managed, no infrastructure setup required
BYOCYour AWS accountData sovereignty, your cloud bill
On-PremiseYour servers (any)Regulated industries, air-gapped environments

Connectors

See the Connector Catalog for the full list of available source and sink connectors.

Deployment Tiers & Storage

Each deployment is provisioned at a tier that determines compute, memory, and available storage:

TiervCPUsMemoryStorage Options
Free21 GBNetwork Balanced
Small22 GBNetwork Balanced
Medium24 GBNetwork Balanced
Large28 GB+ NVMe SSD (400 GB)
XLarge416 GB+ NVMe SSD (900 GB)
2XLarge832 GB+ NVMe SSD (1.8 TB)
4XLarge1664 GB+ NVMe SSD (3.7 TB)
8XLarge32128 GB+ NVMe SSD (7.5 TB)
16XLarge32128 GB+ NVMe SSD (15 TB)

Resources shown are for network disk storage. NVMe SSD tiers use the i7i instance family with higher memory and dedicated local storage — see Tiers & Storage for full details.

Cluster types: Standalone (all tiers) or Replica with automatic failover (Large and above, Pro/Enterprise plans).

Networking & Connectivity

Every deployment gets a custom subdomain (e.g. your-cluster.laserdata.cloud) with automated TLS. All connections encrypted end-to-end.

FeatureWhat It Does
Custom subdomainUnique endpoint per deployment for connection strings, with automatic TLS
Access RulesAllow specific IPs/CIDRs to reach deployment endpoints, per-protocol
VPC PeeringPrivate network path between your VPC and the deployment
PrivateLinkExpose the deployment as a VPC endpoint service
Public IPPublic (static Elastic IP with subdomain) or Private (no public IP, private networking only)

Every deployment starts fully locked down - no traffic allowed until explicitly configured.

Network rate limits apply on certain tiers: Free (100 KB/s, always), Small (3 MB/s) and Medium (10 MB/s) on Basic plan only.

Security

  • Complete network isolation - every deployment starts fully locked down. Nobody has access - including LaserData - until you explicitly create access rules
  • Pull-based architecture - Warden initiates all connections outbound. No inbound ports, no SSH, no remote access
  • Binary verification - all binaries cryptographically signed and verified before execution
  • Task signing - every operational task signed with Ed25519
  • TLS everywhere - automated certificate issuance and rotation
  • Zero-downtime upgrades - atomic binary swaps with automatic rollback on failure
  • Data isolation - your data never transits the control plane. Stream UI runs locally on the node
  • GDPR compliance - PII encryption at rest, data export, right to erasure

See Security Architecture for the full model.

Observability

Built-in monitoring for every deployment:

  • Metrics - CPU, memory, disk I/O, message counts, client connections - per node and runtime
  • Heartbeats - periodic health checks for all managed runtimes
  • Logs - centralized, searchable by node, runtime, level, and time range
  • OpenTelemetry - redirect logs and traces to your own OTEL-compatible endpoint
  • Audit logs - immutable record of every state-changing operation

API Architecture

LaserData Cloud exposes two API layers, both accessible through the Console and programmatically via API keys.

Main API — api.laserdata.cloud

The global control plane. Manages your organization — tenants, divisions, environments, members, roles, API keys, notifications, deployment creation, and connector activation.

Supervisor API — {supervisor_url}

The regional API for operating deployments. Manages everything that happens inside a deployment — configuration, networking, monitoring, connectors, tasks, and backups. Each supervisor is scoped to a cloud provider and geographic area — all deployments in the same cloud and area share the same endpoint.

AreaCloudSupervisor URL
USAWSus.aws.supervisor.laserdata.cloud
EUAWSeu.aws.supervisor.laserdata.cloud
USGCPus.gcp.supervisor.laserdata.cloud
EUGCPeu.gcp.supervisor.laserdata.cloud

How It Works

When you create a deployment, the response includes the supervisor_url for that deployment's cloud and area. All operational management goes through this URL.

{
  "id": 12345,
  "name": "prod-cluster",
  "cloud": "aws",
  "area": "us",
  "region": "us-west-1",
  "supervisor_url": "https://us.aws.supervisor.laserdata.cloud",
  ...
}

The Console handles this routing transparently. Both APIs use the same ld-api-key authentication and the same RBAC permission model.

Console

The Console is a web-based UI for managing every aspect of the platform - deployments, connectors, networking, monitoring, configuration, team members, roles, and audit logs - all from a single interface.

Quick Start

Deployments

Connectors

Security

Organization

Introduction

LaserData Cloud - enterprise message streaming infrastructure powered by Apache Iggy

Quick Start

Connect to your LaserData Cloud deployment in minutes

On this page

Apache IggyWhy LaserData CloudComplete Isolation by DefaultEnterprise-Grade SecurityOrganization & Access ControlFull API CoverageBuilt-in ConnectorsComprehensive ObservabilityKey FeaturesDeployment ModelsConnectorsDeployment Tiers & StorageNetworking & ConnectivitySecurityObservabilityPlansAPI ArchitectureMain API — api.laserdata.cloudSupervisor API — {supervisor_url}How It WorksConsole