Ataccama ONE Agentic ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
User Community Service Desk Downloads

Edge Processing

Edge processing lets you use Ataccama for data quality, profiling, and other processing tasks without moving sensitive data out of your environment.

Processing components run inside your AWS account. Your sensitive data and processing results stay in your storage — Ataccama ONE securely loads them on demand and doesn’t retain them.

When to use edge processing

Choose an edge deployment when:

  • Data residency, sovereignty, or regulatory rules prevent moving data to Ataccama-hosted infrastructure.

  • Your security model requires that sensitive data and processing results stay within your network boundary.

  • You want full control over the storage and compute that touch your data, while still using Ataccama’s runtime for metadata, rules, and orchestration.

If none of these apply, the standard deployment, where Ataccama hosts the full processing stack, is usually simpler.

How edge processing works

Edge architecture separates processing and data management into four parts:

  • The edge compute runs inside your AWS account and processes data from your sources without storing it.

  • The data sources are the storage you own that holds primary data and processing results.

  • The control plane runs in Ataccama, where you browse metadata, define rules, and view results.

  • The Ataccama Cloud Portal runs in Ataccama. From there you manage edge instances and access deployment artifacts and upgrades.

Communication between components uses TLS 1.3 and never traverses the public internet. Sensitive data and results are encrypted at the application level both in transit and at rest.

For diagrams, communication patterns, and the full security model, see Edge Architecture.

Deployment options

Edge instances come in two variants. Choose based on where you want the edge compute to run and how much of the underlying infrastructure you want to manage directly.

AWS

Ataccama deploys and operates the edge compute inside an AWS account you provide. You set up networking and storage; Ataccama handles provisioning and upgrades through automation.

Choose this when your sensitive data lives in AWS and you want Ataccama to operate the edge compute for you.

Self-managed

You run the edge compute on infrastructure you own and operate end-to-end. Ataccama provides the software, deployment artifacts, and upgrade packages.

Choose this when you require full operational control over every component of the deployment.

Shared responsibility model

Edge instances follow a shared responsibility model: Ataccama provides the platform and software; you own the AWS account, the network, and the data.

Ataccama staff have no direct access to your edge environments.

For the full breakdown, see Shared Responsibility Model.

Next steps

  1. Decide which deployment option fits your environment.

  2. Complete Prepare AWS Infrastructure (required for both deployment options).

  3. Follow the deployment guide for your chosen option:

Was this page useful?