Get insightful engineering articles delivered directly to your inbox.

— 5 minute read

An inside look at building Private Cloud for InVision Enterprise

We love our customers and our customers love us — and we love providing the best digital product design tools you’ve ever seen, for you to do the best design work of your life. So today, as we announce our Private Cloud offering, Engineering wanted to tell you about the technical bits behind it.

Back in the good old days, all software ran on your own computers; for enterprises, this meant having your own machines in your own data center, having operators in the IT department who installed, ran, and monitored the hardware and software protecting your company’s data.

Then, back in the 2000s, SaaS software started showing up. SaaS brings all kinds of advantages to both users and engineers, including easier management and monitoring – plus the fact it is continuously improving, staying at the cutting edge of design tooling.

But there are pluses and minuses to SaaS, just as there are to on-premise software, so a few innovative SaaS companies (like us!) have started offering a hybrid approach: a private version of their software, just for you, but operated by the vendor.

This Private Cloud has the advantages of SaaS – up-to-date software and no worries about operating the software – and the advantages of on-prem – your IT department controlling the systems to corporate standards, and having access to the application logs for auditing and other purposes.

In a larger organization, the IT department keeps everyone safe and secure. The number of daily attacks, and attack vectors, is mind boggling – so it really is important to have an IT department that supports and monitors your systems, SaaS or not.

In short, we created Private Cloud to make your IT department’s jobs easier. Unless you’re an IT person, you won’t even notice you are using a Private Cloud because the InVision Private Cloud has all the same features as our InVision Enterprise product – all the same user features and all the same security – but with added control and monitoring.

Private Cloud runs on dedicated hardware[1] to provide additional controls to your IT department. It includes the same SSO, in-transit encryption, on-disk encryption, and DDOS and WAF protection that our Enterprise product does. But because Private Cloud runs on dedicated hardware, it has a silo’ed application stack and dedicated databases, i.e., it’s a single-tenant system rather than a multi-tenant SaaS system, and thus it has additional control and monitoring features.

One of those features is direct access to the application and infrastructure logs for the IT department to use for conformance audits, monitoring for external attacks, and more. Another of those features is allowing the IT department to control blackout periods. Like any SaaS company, we continuously update and improve InVision, often dozens of times a day, and you never notice. But if you would like to stop those updates for a blackout period – such as Intuit does for tax season, or Amazon does for holiday shopping – the IT department can set that up.

Technically, as engineers, Private Cloud was a lot of fun to build. It’s all automated behind the scenes, so we can run hundreds of private clouds just as easily as we can run one. Our first step was to abstract out certain hard-coded implementation details into parameters (mostly as environment variables that can be set differently for each cloud). We built an administrative interface for your IT department to get access to the logs, etc.

Then we built a new deployment pipeline that is driven by our database of Private Clouds so that the pipeline deploys to all the clouds instead of just one. Our deploys are completely chatbot driven through Rosie, our operations bot, so we just tell Rosie to “deploy service X” and she handles the whole pipeline, deploying service X to our multi‑tenant SaaS site, and to each of the Private Clouds.

Lastly, and probably the most interesting piece of the technical work: our scripted system for creating new Private Clouds. This tool automatically performs all the steps necessary to provision and configure a new Private Cloud. Some of the steps use existing software (e.g. Terraform for provisioning EC2, RDS and S3), some steps use APIs (e.g. setting up new Kubernetes pods, creating a new MongoDB cluster, setting monitoring with our third-party vendor, etc), and some steps even required a custom procmail-style email send-receive process so that we could automate processes that can only be done by email (such as getting new SSL certificates for the new sub-domain).

The net result of all this work is that our systems, untouched by human hands, can set up a new Private Cloud for you in just a few minutes. And our development engineers can continue to build and deploy innovative digital product design tools for you without having to think about how many Private Clouds we have. You get the features you need, today. Your IT department gets the auditing and control it needs, today. And our engineers get to focus on our great products instead of the details of the infrastructure.

We’re darn proud of InVision Private Cloud, and we hope you enjoy it as much as we’ve enjoyed building it for you!

[1] Of course everything these days runs on virtual machines and Docker images, so what I really mean is “dedicated virtual machines and Docker images”.

Like what you've been reading? Join us and help create the next generation of prototyping and collaboration tools for product design teams around the world. Check out our open positions.