Ryvn makes deploying applications to customer cloud environments seamless and secure. Our provisioning system handles everything from initial setup to ongoing maintenance, letting you focus on building great software while we manage the infrastructure.
Ryvn supports AWS, Google Cloud, and Azure, maintaining consistent workflows across all cloud providers.
Here’s an overview of how Ryvn works with your customer’s cloud infrastructure:

The Process

The provisioning process is designed to be secure and straightforward for both vendors and customers. Here’s how it works:
1

Installation Link

You send your customer a secure link to install your application. This link contains all necessary instructions for the setup process.
2

Temporary Credentials

The customer follows the provided instructions to create temporary, limited-scope credentials specifically for provisioning their environment.
For customers who prefer to avoid granting provisioning permissions, the provisioning process can be run manually.
3

Automatic Connection

Ryvn automatically establishes a secure connection using these temporary credentials and begins the provisioning process.
4

Infrastructure Provisioning

Using the temporary credentials, Ryvn provisions the necessary infrastructure components using Terraform (VPC, subnets, security groups, Kubernetes cluster, load balancers).
5

Application Deployment

Finally, Ryvn deploys your application and configures monitoring with metrics collection and logging.
You can disable logging collection at your customer’s request.

Security

Security is foundational to our provisioning system, with multiple layers of protection throughout the process:
  • Limited-Scope Credentials: During provisioning, we create a dedicated IAM role (AWS) or service account (GCP/Azure) with the minimum permissions required to set up the Ryvn environment and deploy vendor resources.
  • Temporary Access: Provisioning credentials are temporary and automatically expire after successful deployment, following the principle of least privilege.
  • Environment Isolation: Each customer environment has dedicated VPCs, Kubernetes namespaces, network policies, and independent access controls.
  • Secure Communication: All communication between Ryvn and your customer’s cloud environment is secured using TLS encryption, with mutual TLS authentication for service-to-service communication.

Ongoing Maintenance

Ryvn handles all aspects of cluster maintenance and upgrades to ensure your infrastructure remains secure and performant.
We handle Kubernetes version upgrades twice per year using blue-green deployments for zero downtime. All upgrades are extensively tested and coordinated with cloud provider releases.