Alert Logic provides a multi-tenant platform with the ability for one account (customer) to manage other accounts. This capability is often used to separate data, and access to data, between different business units of a single organization. It is also common when an Alert Logic partner manages many accounts belonging to separate business entities or organizations. Each Alert Logic account has its own data and configuration, including independent lists of users belonging to that account. Role-based access control is available, which can limit the ability of users in an account to access or change data in managed accounts.
This article discusses how access to managed accounts in different data residencies is managed in the Alert Logic console.
Data Residencies
Every Alert Logic account has a default data residency, corresponding to a set of Alert Logic locations that store the data for that account. Each account can only store data and configuration in its default data residency.
The currently selected data residency is displayed on every page of the Alert Logic console, and in most cases, the selection of data residency is automatic. Upon logging in to the Alert Logic console, data residency is set to the default for the account of the user who is logging in. When switching to a new managed account, the data residency changes automatically to the default for the new account.
Most pages in the Alert Logic console show data only for the currently selected account. On these pages, the data shown reflects the default data residency for that account. For example, the Deployments configuration page shows all deployments for the active account, but does not show deployments in other accounts.
Working with Managed Accounts in Multiple Data Residencies
Some Alert Logic console pages summarize data from many managed accounts. On these pages, you may use the data residency selector as described below. On such pages, only data from a single data residency can be displayed at a time. This is a result of the separation of data between data residencies to prevent data from different residencies from being stored outside the defined location.
For example, if your account is in the US-EAST-1 data residency, and you manage accounts in both the UK-WEST-1 and US-EAST-1 data residencies, the Alert Logic console Threat Summary dashboard will show US-EAST-1 data by default. With US-EAST-1 selected, data will be summarized for your account, and all managed accounts in US-EAST-1. If you select the UK-WEST-1 residency, using the drop-down arrow in the upper right-hand corner of the screen, you will see a summary of all managed accounts in UK-WEST-1 instead.
Samples of pages that summarize data for managed accounts
The following table lists pages within the Alert Logic console summarize data for managed accounts and what data is summarized:
Page |
What managed data is summarized? |
Dashboards (Threat Summary, Managed Accounts Security Summary, Managed Accounts Health Summary) |
Incidents, exposures, health |
Respond > Incidents |
Incidents |
Validate > Reports (various) |
Most reports summarize data across managed accounts |
Comments
0 comments
Please sign in to leave a comment.