Architecture overview

Purpose: This document provides an overview of the Verily Workbench architecture.

High-level architecture

Workbench provides strong isolation and flexibility for customer data and compute resources.

Workbench consists of two major components:

• The control plane provides central services and orchestration, including providing the Workbench UI. It is managed by Verily.
• The analysis plane is where all customer analysis occurs, inside customer-managed workspaces.

Control plane

Control plane refers to a set of services that enable the user to interact with Workbench, including the UI, CLI, and all the orchestration that goes into managing the resources in the analysis plane. These services are managed by Verily directly. The control plane ensures user isolation through industry standard practices and access control.

When a user requests to create a resource (e.g., a storage bucket or a compute instance) in their workspace, their request goes to the control plane which creates the resource in the user workspace.

Analysis plane

Analysis plane refers to the cloud app which includes user workspaces and all the resources within them. Workbench supports analysis planes on AWS and GCP, providing access to the user’s choice of cloud-specific services.

Users can create controlled resources, including storage and compute, in their workspaces. They can also access referenced resources that reside outside their workspace.

By default, workspaces are created in a collaborative multi-tenant Verily-managed analysis plane. Customers are also able to use customer-managed single-tenant analysis planes if they want to add a second layer of isolation, in exchange for some amount of extra operational overhead.