Security and Starburst Enterprise #

Starburst Enterprise platform (SEP) is a fully supported, production-tested and enterprise-grade distribution of open source Trino.

Private deployment #

SEP is deployed entirely within an environment controlled by the customer. This allows you to apply any layers of security based on your unique organizational policies and risk tolerance. This also means that any data sources are completely under your control and you can take any security measures desired to control access from SEP to the data sources. Starburst supports integration with numerous authentication and authorizations and other security related features. Learn more about all these in the security section of the documentation.

Data sources and transfer #

Since SEP and all data sources are completely within your systems, Starburst does not have any access. Telemetry data about your usage is automatically submitted to Starburst using an end-to-end encrypted connection, but can also be submitted manually.

Your consent is requested, if data is transferred to Starburst as part of a support request, Because it is not required for the service to operate, generally this transaction is classified as a “causal and incidental” transfer of data.

Data caching #

Data caching, including the new Starburst Warp Speed (formerly Varada), functions like all other data transfer in SEP. That means all source data and cached data remains within your systems.

Worker nodes with activated caching run under your control, for example in your cloud provider or your data center, like any other workers. The used ephemeral disks are built into machines as a storage space, and store cached data and indexes for the purpose of improving performance of SEP.

Data security #

You can configure SEP to use encryption (TLS) for all data in transit. The connections include client tool connections to SEP, cluster internal communication, and access to the configured data sources. No data is stored in SEP. The desired configuration must be implemented and managed by you. SEP supports the latest TLS certificate standards, and falls back to the set of ciphers supported by the underlying JVM. You can configure custom cipher support as required.

Releases #

Starburst follows a quarterly release process for the LTS (Long Term Support) version and we patch these LTS versions regularly. These patches include security and bug fixes, and each patch release is assessed and reviewed by a core review board prior to the work being executed.

New releases and patches are communicated to customers via our account team and are publicly available on our documentation.

Apache Ranger #

Starburst Enterprise includes specific Helm charts to enable customers to install the open source project Apache Ranger in their Kubernetes deployment.

These Apache Ranger Helm charts include installation of the Starburst Ranger Plugin that enables. Alternatively, customers can use their own installation of Apache Ranger or Privacera Platform.

The Helm charts use Docker containers with Apache Ranger and the Starburst Ranger Plugin installed. These container images are part of the regular security testing during the development process. As per our remediation policy, we monitor these test and scan results, and we are committed to remediating critical and high findings in our plugin.

Hive Metastore Service #

Starburst Enterprise includes specific Helm charts to enable customers to install the open source tool Hive Metastore Service (HMS) in their Kubernetes deployment.

These HMS Helm charts include configuration for the connection to Starburst Enterprise and the necessary backend relational database for the HMS.