Skip to main content
Weave is available on the following deployment options:
  • W&B Multi-tenant Cloud: A multi-tenant, fully-managed platform deployed in W&Bโ€™s Google Cloud Platform (Google Cloud) account in a North America region.
  • W&B Dedicated Cloud: Generally available on AWS, Google Cloud, and Azure.
  • Self-Managed instances: For teams that prefer to host Weave independently, guidance is available from your W&B team to evaluate deployment options.

โ€‹
Identity and Access Management

Use the identity and access management capabilities for secure authentication and effective authorization in your W&B Organization. The following capabilities are available for Weave users depending on your deployment option and pricing plan:
  • Authenticate using Single-Sign On (SSO): Options include public identity providers like Google and Github, as well as enterprise providers such as Okta, Azure Active Directory, and others, using OIDC.
  • Team-based logical separation: Each team may correspond to a business unit, department, or project team within your organization.
  • Use W&B projects to organize initiatives: Organize initiatives within teams and configure the required visibility scope, including the restricted scope for sensitive collaborations.
  • Role-based access control: Configure access at the team or project level to ensure users access data on a need-to-know basis.
  • Scoped service accounts: Automate Gen AI workflows using service accounts scoped to your organization or team.
  • SCIM API and Python SDK: Manage users and teams efficiently with the SCIM API and the Python SDK.

โ€‹
Data Security

  • SaaS Cloud: Data for all Weave users is stored in a shared Clickhouse Cloud cluster, encrypted using cloud-native encryption. Shared compute services process the data, ensuring isolation through a security context comprising your W&B organization, team, and project.
  • Dedicated Cloud: Data is stored in a unique Clickhouse Cloud cluster in the cloud and region of your choice. A unique compute environment processes the data, with the following additional protections:
    • IP allowlisting: Authorize access to your instance from specific IP addresses. This is an optional capability.
    • Private connectivity: Route data securely through the cloud providerโ€™s private network. This is an optional capability.
    • Data encryption: W&B encrypts data at rest using a unique W&B-managed encryption key.
    • Clickhouse cluster security: W&B connects to the unique Clickhouse Cloud cluster for your Dedicated Cloud instance over the cloud providerโ€™s private network. W&B also encrypts the cluster using a unique W&B-managed encryption key, while leveraging Clickhouseโ€™s file level encryption.
The W&B Platform secure storage connector or BYOB is not available for Weave.

โ€‹
Maintenance

If youโ€™re using Weave on SaaS Cloud or Dedicated Cloud, you avoid the overhead and costs of provisioning, operating, and maintaining the W&B platform, as it is fully managed for you.

โ€‹
Compliance

To request SOC 2 reports and other security and compliance documents, refer to the W&B Security Portal or contact your W&B team for more information.
Security controls for both SaaS Cloud and Dedicated Cloud are periodically audited internally and externally. Both platforms are SOC 2 Type II compliant. Additionally, Dedicated Cloud is HIPAA-compliant for organizations managing PHI data while building Generative AI applications.