Cloud Shared#
Available only on Enterprise plans
Available only for Cloud deployments
Mattermost Cloud Shared is designed as a cost-effective solution for companies who don’t have strict security and compliance requirements that need a straightforward, managed communication platform without the necessity for extensive customization or dedicated resources.
Your Mattermost deployment is isolated, is fully hosted and managed by Mattermost, and runs Mattermost Enterprise on shared infrastructure where resources are shared among multiple Mattermost customers, which might affect performance during peak times.
Reference architecture#
Available features#
Zero-downtime upgrades#
Mattermost releases biweekly updates and leverages recurring maintenance windows to keep your instance up-to-date with new stable or beta features behind feature flags, fix security issues, and ensure the overall reliability and performance of your environment. Maintenance windows are announced in advance on https://status.mattermost.com/
Additional support options, including quicker response times, dedicated support personnel, and stronger service level agreements (SLAs), are also available.
Disaster Recovery#
Mattermost Cloud Dedicated supports data failover to a secondary region/site should the primary instance experiences an unrecoverable outage with guaranteed recovery times.
Mattermost supports a multi-AZ (availability zones) strategy in the same site/region.
Daily backups of the database, object storage, and high availability clusters are captured and retained for 30 days.
In addition, highly available observability tools with automated alerting, long term metrics, and logs retention are retained for a duration of 1 year.
Security#
You have access to all the resources required to run the Mattermost application with the highest security standards, including data encryption at rest and in transit.
Your pre-configured cluster is secure by default, based on industry best practices including Data encryption at rest and in transit, TLS certificates life cycle management, and automatic security updates.
Mattermost maintains control over network and security policies, including encryption, database, data, object storage, backup schedules, and compliance certifications.
Authentication and authorization#
Mattermost offers advanced security and authentication options for integrating with corporate directories, including Active Directory/LDAP, Okta, OneLogin, SAML, Google, EntraID, and OpenID.
Secure networking#
Enterprise customers with a Mattermost Cloud Shared deployment can configure IP filtering through CIDR-based IP ranges, within the Mattermost System Console to specify authorized IPs or IP ranges for seamless access control. Users attempting to access their workspace from IPs outside defined ranges are restricted from entry.
Encryption#
Mattermost provides encryption-in-transit and encryption-at-rest capabilities. Mattermost supports TLS encryption, including AES-256 with 2048-bit RSA on all data transmissions, between Mattermost client applications and the Mattermost server. You may either set up TLS on the Mattermost Server or install a proxy such as NGINX, and set up TLS on the proxy.
Connections to Active Directory/LDAP can optionally be secured with TLS or stunnel.
Connections to calls are secured with a combination of:
TLS: The existing WebSocket channel is used to secure the signaling path.
DTLS v1.2 (mandatory): Used for initial key exchange. Supports
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
andTLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
algorithms.SRTP (mandatory): Used to encrypt all media packets (i.e. those containing voice or screen share). Supports
AEAD_AES_128_GCM
andAES128_CM_HMAC_SHA1_80
algorithms.
Cloud native exports#
Mattermost supports optional filestore configuration settings to direct compliance and bulk export data to a separate S3 bucket from standard files. This separate bucket can be configured to allow for secure access by Mattermost Cloud teams as well as deployment admins who manage a given installation. The exports can also be accessed by generating unique download links as needed.
The following diagram provides a high-level view of how this functionality works:
SMTP#
Email sent from Mattermost Cloud Dedicated uses SendGrid, and the connection to SendGrid is encrypted.
Audit and observability#
Mattermost Cloud Dedicated provides access to audit and system logs generated by the application.
Customization#
Approved plugins developed and/or tested by Mattermost are supported and available in the Mattermost Cloud Marketplace, including:
Mattermost for Microsoft Teams interoperability
Microsoft Calendar interoperability
Microsoft Teams Meetings interoperability
GitHub interoperability
GitLab interoperability
Jira interoperability
ServiceNow interoperability
User Survey integration
Custom plugins and integrations outside of Mattermost Marketplace aren’t currently supported.
Migrate from a self-hosted instance#
See our self-hosted to cloud migration documentation to learn more about migrating from a self-hosted to a Mattermost Cloud instance.