How Domino Cloud with Managed Data Planes delivers a secure SaaS experience

Enterprises pursuing cloud and hybrid AI strategies have long faced a tradeoff: the simplicity of SaaS versus the control of operating infrastructure. Domino Cloud with Managed Data Planes eliminates that tradeoff. Managed Data Planes delivers the power of Domino’s Enterprise AI Platform as a fully managed SaaS experience across multiple regions. This allows you to move compute to different geographies to protect data privacy or avoid expensive data transfer costs, and to segregate workloads for reasons such as security or production isolation.

This post offers a look at how Domino Cloud with Managed Data Planes work, how they’re provisioned and operated, and how they simplify complex multi-region deployments.

Architecture overview

The diagram below illustrates a Domino Cloud deployment with multiple Domino-managed data planes across regions and environments:

In this architecture:

• The Control Plane, hosted and operated by Domino, provides orchestration, governance, and user management as a SaaS service.
• Each Managed Data Plane is also hosted and managed end-to-end by Domino, in your choice of region (for example, us-east-1 or eu-central-1). These are where data resides, and compute takes place, isolated from each other and the control plane.
• Domino handles registration, orchestration, logging, and synchronization between planes, ensuring a seamless multi-region experience.
• You can also connect your own data planes (on-premises or in cloud), unified through the same control plane.

This architecture gives enterprises SaaS simplicity and scalability without compromising data sovereignty or operational control.

How Domino Cloud with Managed Data Planes work

Provisioning and management

When a Managed Data Plane is created, Domino automatically provisions a complete, operational environment: Kubernetes, networking, storage and compute orchestration.

• Provisioning: Done securely via infrastructure-as-code (Terraform) using least-privilege IAM roles.
• Security: Connectivity between Domino Cloud and data planes is private, such as via AWS PrivateLink. Within each plane, Domino uses Istio to manage service-to-service communication through a secure service mesh.
• Operations: Domino handles lifecycle management (patching, monitoring, and scaling), while ensuring high availability and performance.
• Data locality: All compute and storage remain inside a Domino-managed AWS account, with each data plane tied to a particular region for compliance, cost, and compute efficiency.
• Monitoring: Domino Cloud continuously monitors all Managed Data Planes for health, performance, and compute cost.
• Up-to-date: Infrastructure updates are performed regularly by Domino during defined maintenance windows. And because automatic Domino platform updates are weekly, Managed Data Planes get early access to new features months before major platform releases.

The result is a complete Domino-managed environment from end-to-end, including across multiple different AWS regions with isolation. With Domino managing operations, you’re freed up to focus on delivering value through data science, not the day-to-day of infrastructure maintenance. It also means faster onboarding of a predictable, proven platform with a hardened configuration, consistent across the enterprise.

Network isolation and connectivity

Each Managed Data Plane runs in its own isolated AWS VPC, configured according to Domino’s security and compliance standards. Connectivity to the control plane may be established through AWS PrivateLink, ensuring that all communication stays on the AWS backbone.

Elastic compute with Karpenter

Each Managed Data Plane runs on Amazon Elastic Kubernetes Service (EKS), providing a scalable, secure foundation for orchestrating Domino workloads. Within that environment, Karpenter, AWS’s next-generation cluster autoscaler, dynamically manages compute capacity.

When users launch jobs, apps, model endpoints, or interactive workspaces, Karpenter automatically provisions the optimal EC2 instances (including specialized nodes like GPU or high-memory) in seconds. Karpenter may also intelligently select cost-saving Spot Instances for non-critical workloads.

When workloads finish, compute nodes scale back down, minimizing idle costs. This automatic elasticity enables teams to run diverse workloads efficiently without managing underlying EC2 or Kubernetes node groups.

Next steps

Domino Cloud with Managed Data Planes delivers a true enterprise-grade SaaS experience for AI infrastructure, without forcing tradeoffs between control, compliance, and simplicity. Each data plane is fully managed by Domino yet deployed in your chosen region, enabling secure, localized compute anywhere your data lives.

By combining operational efficiency with regional flexibility, Domino Cloud empowers organizations to scale AI faster, maintain governance, and reduce operational overhead through a single, unified platform. For more details on this topic, check out the Domino Cloud docs.