Cloud Shared#

plans-img Available only on Enterprise plans

deployment-img Available only for Cloud deployments

Mattermost Cloud Shared is designed as a cost-effective solution for companies who don’t have strict security and compliance requirements that need a straightforward, managed communication platform without the necessity for extensive customization or dedicated resources.

Your Mattermost workspace is isolated, is fully hosted and managed by Mattermost, and runs Mattermost Enterprise on shared infrastructure where resources are shared among multiple Mattermost customers, which might affect performance during peak times.

Reference architecture#

An architecture diagram showing the components of the Mattermost Cloud Shared solution.

Available features#

Zero-downtime upgrades#

Mattermost releases biweekly updates and leverages recurring maintenance windows to keep your instance up-to-date with new stable or beta features behind feature flags, fix security issues, and ensure the overall reliability and performance of your environment. Maintenance windows are announced in advance on https://status.mattermost.com/

Additional support options, including quicker response times, dedicated support personnel, and stronger service level agreements (SLAs), are also available.

Disaster Recovery#

Mattermost Cloud Dedicated supports data failover to a secondary region/site should the primary instance experiences an unrecoverable outage with guaranteed recovery times.

Mattermost supports a multi-AZ (availability zones) strategy in the same site/region.

Daily backups of the database, object storage, and high availability clusters are captured and retained for 30 days.

In addition, highly available observability tools with automated alerting, long term metrics, and logs retention are retained for a duration of 1 year.

Security#

You have access to all the resources required to run the Mattermost application with the highest security standards, including data encryption at rest and in transit.

Your pre-configured cluster is secure by default, based on industry best practices including Data encryption at rest and in transit, TLS certificates life cycle management, and automatic security updates.

Mattermost maintains control over network and security policies, including encryption, database, data, object storage, backup schedules, and compliance certifications.

Authentication and authorization#

Mattermost offers advanced security and authentication options for integrating with corporate directories, including Active Directory/LDAP, Okta, OneLogin, SAML, Google, EntraID, and OpenID.

Secure networking#

Enterprise customers with a Mattermost Cloud Shared deployment can configure IP filtering through CIDR-based IP ranges, within the Mattermost System Console to specify authorized IPs or IP ranges for seamless access control. Users attempting to access the workspace from IPs outside defined ranges are restricted from entry.

Encryption#

Mattermost provides encryption-in-transit and encryption-at-rest capabilities. Mattermost supports TLS encryption, including AES-256 with 2048-bit RSA on all data transmissions, between Mattermost client applications and the Mattermost server. You may either set up TLS on the Mattermost Server or install a proxy such as NGINX, and set up TLS on the proxy.

Connections to Active Directory/LDAP can optionally be secured with TLS or stunnel.

Connections to calls are secured with a combination of:

  • TLS: The existing WebSocket channel is used to secure the signaling path.

  • DTLS v1.2 (mandatory): Used for initial key exchange. Supports TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA algorithms.

  • SRTP (mandatory): Used to encrypt all media packets (i.e. those containing voice or screen share). Supports AEAD_AES_128_GCM and AES128_CM_HMAC_SHA1_80 algorithms.

Cloud native exports#

Mattermost supports optional filestore configuration settings to direct compliance and bulk export data to a separate S3 bucket from standard files. This separate bucket can be configured to allow for secure access by Mattermost Cloud teams as well as the workspace admins who manage a given installation. The exports can also be accessed by generating unique download links as needed.

The following diagram provides a high-level view of how this functionality works:

An architecture diagram showing a high-level view of how Mattermost Cloud Native exports works.

SMTP#

Email sent from Mattermost Cloud Dedicated uses SendGrid, and the connection to SendGrid is encrypted.

Audit and observability#

Mattermost Cloud Dedicated provides access to audit and system logs generated by the application.

Customization#

Approved plugins developed and/or tested by Mattermost are supported and available in the Mattermost Marketplace. Custom plugins and integrations outside of Mattermost Marketplace aren’t currently supported. See the plugins documentation for details on supported plugins in Mattermost Cloud deployments.

Migrate from a self-hosted instance#

See our workspace migration documentation to learn more about migrating from a self-hosted to a Mattermost Cloud instance.