Data Virtualization provides an architecture that isolates customer data and compute from other customers or other resources groups. It uses separate Kubernetes namespaces for each resource group you provision the service into, with separate worker nodes for each of these namespaces. Each provisioned system also has separate encrypted block storage and separate object storage buckets.
Architecture
Review the Data Virtualization architecture and learn about different isolation levels so that you can choose the solution that meets the requirements of the workloads that you want to run in the cloud.
Data Virtualization workload isolation
Enterprise Data Virtualization formations are provisioned on Kubernetes clusters. Each formation is created in a customer-specific namespace that is also specific to the resource group that the formation is provisioned in. The pods that provide the Data Virtualization processing are isolated, running on worker nodes that are dedicated to the formation.
Each formation also includes a set of block storage devices that is encrypted with a Key Protect managed encryption key. You can also opt to use your own Key Protect managed keys.
Backups are stored in a customer-specific encrypted object storage bucket for at least 14 days.