Camunda 8 SaaS
Run Camunda 8 as a fully managed, cloud-based service. No technical setup or installation is needed, and maintenance and scaling is handled by Camunda.
This documentation is a work in progress and may contain incomplete, placeholder, or evolving content.
Use Camunda 8 Self-Managed if you want to deploy and manage Camunda on your own infrastructure, with responsibility for updates, security, and scaling.
Sign up
Sign up and start your developer journey with Camunda 8 SaaS.
- Visit accounts.cloud.camunda.io/signup to sign up.
- Fill out the signup form and click Create account.
- Click on the link in your confirmation email to verify your email address.
- Log in to Camunda 8 SaaS using either the email address and password you signed up with or the social login buttons. You can also log in to Camunda 8 SaaS directly at camunda.io.
Architecture
The Camunda 8 SaaS platform is built on Google Cloud Platform (GCP) and based on a microservices architecture.
Clusters
There are two types of cluster used when running Camunda 8 SaaS:
- Management cluster components Console and Web Modeler are hosted in GCP in the europe-west1 region.
- Orchestration cluster components such as Zeebe, Tasklist, Operate, Optimize, and Connectors, are hosted in GCP or Amazon Web Services (AWS) regions. An Orchestration Cluster is a provided group of production-ready nodes that run Camunda 8.
Camunda 8 SaaS uses single-tenant clusters, with all data contained in a single tenant for easier administration and simpler security.
A cell-based architecture means that each cluster runs as dedicated processes in a separate cell isolated from all other clusters, allowing secure fault and workload separation. Scaling is achieved by deploying additional clusters for new use cases and/or teams.
Camunda Self-Managed also supports multi-tenant clusters, where multiple tenants share the same underlying infrastructure, but with their data logically isolated. Each data entry (for example, process definition, process instance, job) is appended with a tenant ID to ensure separation.
Zeebe
The Zeebe core process automation engine that powers Camunda 8 is fully managed by Camunda in SaaS, and is already pre-integrated with other Camunda 8 components such as Operate, Optimize, and Tasklist.
You can interact with Zeebe in SaaS using both gRPC and REST APIs. See working with APIs and tools.
Deployment
You can configure a number of deployment options to meet your specific business and hosting requirements. For example, you can choose where to host your data and what level of data encryption to use.
| Deployment option | Description |
|---|---|
| Cluster | Configure the cluster type and size to meet your organization's availability and scalability needs, and to provide control over cluster performance, availability and uptime, and disaster recovery guarantees. To learn more about choosing your cluster size, see sizing your runtime environment. |
| Region | Choose the region and type of hosting you want to use for your clusters. GCP and AWS region hosting options are available. |
| Encryption at rest | Cluster data is encrypted at rest to provide data security and protection.
|
| Backups | Back up the state of all Camunda 8 components (Zeebe, Operate, Tasklist, and Optimize) on a regular basis and with zero downtime. In case of failures that lead to data loss, you can request to restore the backup. |
| Auto-updates | Camunda 8 SaaS customers can enable auto-updates. When enabled, the cluster is updated once a new patch release is available. |
Monitoring
Camunda 8 SaaS offers a number of monitoring options to help you keep track of your processes and system health.
| Monitoring option | Description |
|---|---|
| Operate | Operate allows you to monitor, manage, and troubleshoot process instances in Camunda 8. It allows you to monitor, search, and resolve incidents across your tenants. |
| Optimize alerts | Optimize allows you to create alerts for reports within a collection. These alerts can notify you when a report hits a predefined critical value. For SaaS users, alerts can be sent to the email addresses of Console users. |
| Usage alerts | For Starter and Enterprise organizations, Camunda 8 SaaS provides usage alerts for production clusters.
|
| Flow control | Flow control is enabled by default to protect SaaS clusters from excessive load and to maintain a stable state. This feature helps in monitoring and managing cluster performance. |
| Usage metrics | There are three main usage metrics that have an impact on Camunda 8 pricing. It is important to understand these definitions, their impact on billing, and how to retrieve them. |
| Camunda 8 SaaS status | Camunda provides a status page where you can check the current and past service availability of Camunda 8 SaaS. You can also subscribe to updates via Atom and RSS feeds to receive notifications about service status changes. |
Security and compliance
Compliance
At Camunda, we're committed to Information Security, Privacy and Compliance. Our mission is to establish trust through transparency.
- Visit the Camunda Trust Center to learn more about our standards and certifications, including SOC 2 compliance, ISO/IEC 27001 certification, and GDPR Compliance.
- Camunda is a member of the Cloud Security Alliance.
Data retention
In Camunda 8 SaaS, data retention strategies are implemented. This is necessary as the amount of data can grow significantly overtime. These settings are a balance between performance and usability.
Access controls
Camunda 8 SaaS supports the following access controls.
| Access control type | Description |
|---|---|
| Single sign-on (SSO) | SSO is available for both Starter and Enterprise plans, using Identity as a bridge between an OpenID Connect (OIDC) provider and the Camunda platform. |
| OAuth | The OAuth service is used to allow client applications to interact with Zeebe in SaaS from the outside. Every client application must authenticate itself using an OAuth Flow. |
| Role based access (RBAC) | Camunda 8 SaaS supports RBAC through a system of roles and permissions. Each role provides a different level of access to Camunda 8 components, allowing organizations to control user permissions based on their responsibilities. |
| Resource-based authorization | Resource authorizations allow you to control the level of access a user has to a particular resource in the system. |
In Enterprise plans, the hostname section of the email address for invites can be restricted to meet your internal security policies. To learn more, contact your Customer Success Manager.