Dedicated Cloud - Weights & Biases Documentation

W&B Dedicated Cloud is a fully managed platform with dedicated, isolated infrastructure, deployed in W&B’s AWS, Google Cloud, or Azure cloud accounts. Each Dedicated Cloud instance has its own isolated network, compute, and storage from other W&B Dedicated Cloud instances. W&B stores your W&B-specific metadata and data in isolated cloud storage and processes it using isolated cloud compute services. Use Dedicated Cloud when you need the benefits of a managed W&B platform along with isolation that helps you meet security, compliance, and data residency requirements. This page describes the compliance, data security, IAM, monitoring, and maintenance features available with Dedicated Cloud, and links to deeper documentation for each topic. W&B Dedicated Cloud is available in multiple global regions for each cloud provider.

Rate limits

W&B applies default rate limits on Dedicated Cloud to maintain instance stability. See Rate limits for default values, how limits are enforced, and how to request higher limits when you scale up training.

Compliance

W&B Dedicated Cloud supports the following compliance frameworks:

SOC 2: W&B Dedicated Cloud’s hosting platform meets the requirements of the Service and Organization Controls (SOC) 2 Type 2, published by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). A SOC 2 report evaluates a service organization’s controls for security, availability, processing integrity, confidentiality, and privacy. W&B Dedicated Cloud is subject to periodic internal and external audits to verify continued compliance. Refer to the W&B Security Portal to request the SOC 2 report and other security and compliance documents.
HIPAA: When configured appropriately, W&B Dedicated Cloud meets the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Compliance with HIPAA is a shared responsibility that involves W&B, the customer, and any third-party services involved in the deployment. Organizations subject to HIPAA must have a Business Associate Agreement on file with W&B. Refer to the W&B Security Portal to request more information.

Data security

Dedicated Cloud provides several mechanisms for controlling where your data is stored and how it can be accessed. The following options let you bring your own storage, restrict network access, and connect privately to your instance. You can bring your own bucket (BYOB) using the secure storage connector at the instance and team levels to store your files such as models, datasets, and more. Similar to W&B Multi-tenant Cloud, you can configure a single bucket for multiple teams or you can use separate buckets for different teams. If you don’t configure secure storage connector for a team, W&B stores that data in the instance-level bucket.

In addition to BYOB with secure storage connector, you can use IP allowlisting to restrict access to your Dedicated Cloud instance from only trusted network locations. You can connect privately to your Dedicated Cloud instance using cloud provider’s secure connectivity solution. You’re responsible for ensuring that your deployment complies with your organization’s policies and Security Technical Implementation Guidelines (STIG), if applicable.

Identity and access management (IAM)

Use the identity and access management capabilities for secure authentication and effective authorization in your W&B Organization. The following features are available for IAM in Dedicated Cloud instances:

Authenticate with SSO using OpenID Connect (OIDC) or with LDAP.
Configure appropriate user roles at the scope of the organization and within a team.
Define the scope of a W&B project to limit who can view, edit, and submit W&B runs to it with restricted projects.
Use JSON Web Tokens with identity federation to access W&B APIs.

Monitor

Use Audit logs to track user activity within your teams and to conform to your enterprise governance requirements. Also, you can view organization usage in your Dedicated Cloud instance with W&B Organization Dashboard.

Maintenance

Similar to W&B Multi-tenant Cloud, you don’t incur the overhead and costs of provisioning and maintaining the W&B platform with Dedicated Cloud. To understand how W&B manages updates on Dedicated Cloud, refer to the server release process.

Data retention policy

By default, a Dedicated Cloud instance retains the following items for 7 days after deletion:

Runs and history
Non-artifact run files, such as media, configuration files, and log files
Artifacts and artifact references

Until this period elapses, you can restore these items. Contact support or your AISE for assistance. To meet your data retention requirements, you can change the data retention period for your Dedicated Cloud instance. Depending on your use case, select the Environment variable or Helm tab for details.

Environment variable
Helm

To change the data retention policy, set the environment variable GORILLA_DATA_RETENTION_PERIOD to a value in hours. For example, to retain deleted data for 14 days (336 hours):

export GORILLA_DATA_RETENTION_PERIOD="336h"

To change the data retention policy, set the Helm value env.dataRetentionPeriod to a value in hours. For example, to retain deleted data for 14 days (336 hours):

env:
  dataRetentionPeriod: "336h"

Migration options

W&B supports migration to Dedicated Cloud from a Self-Managed instance or Multi-tenant Cloud, subject to specific limits and migration-related constraints.

Next steps

If you’re interested in using Dedicated Cloud, submit the Dedicated SaaS trial request form to start the process with W&B.

Documentation Index

​Rate limits

​Compliance

​Data security

​Identity and access management (IAM)

​Monitor

​Maintenance

​Data retention policy

​Migration options

​Next steps