29 Jun, 2022 | 3 min read

Introducing Private Data Planes in Choreo

  • Nilesh Jayanandana
  • Architect - WSO2

Photo by Meg on Unsplash.

Choreo’s private data planes are now available for your enterprise needs and include the following capabilities which allows you to:

  • Connect a Kubernetes cluster currently operating on WSO2 or your private Azure subscription to the Choreo control plane.
  • Securely execute APIs and other workloads alongside your existing services within your infrastructure.
  • Build, promote, and deploy across multiple environments as defined by you.
  • Acquire more control for your customized needs.

Choreo is an internal developer platform that enables developers to design the fundamental components of cloud native apps without worrying about the technical complexities of cloud native computing. It facilitates the development and assembly of different application components like APIs, microservices, websockets, webhooks, scheduled triggers, or other components using a low-code (graphical) and pro-code (text) approach. The remaining tasks, including managing APIs, executing CI/CD based on GitOps, and operational analytics with rich observability and business insights, are made simpler by Choreo. An overview of Choreo is visually shown in Diagram 1.

Figure 1: Choreo Building Blocks

What is the Choreo Control Plane and Data Plane?

At its heart, the Choreo control plane is a configuration manager and an orchestrator. It consists of many components that help developers to define and create Choreo apps. APIs manage communications between consumers and the Choreo Control Plane.

Similarly, the Choreo data plane is a Kubernetes cluster where user created applications are deployed and executed. The data plane has a few system components that are bundled together and deployed as “Choreo DP” which facilitate user apps to run with the support of the control plane. While the data plane needs support from the control plane, it can operate independently in a disaster scenario. All communications between the control plane and the data plane are made via APIs. This is shown in Figure 2.

Figure 2: Choreo Control Plane and Data Plane

Types of Data Planes Offered by Choreo

Choreo offers two types of data planes for users to run their cloud native applications, SaaS data planes and private data planes.

A SaaS data plane is the default data plane available on Choreo. It is fully managed by WSO2 and runs on Microsoft Azure. It enables you to create and launch your apps in minutes, without having to bother provisioning infrastructure. 

A private data plane is for users wanting more privacy and control over their data plane. It can be operated alongside the user's current cloud services. Currently, all private data planes are supported on Microsoft Azure, and we are working to support them on other cloud providers as well.

Why do we Need Private Data Planes?

Having dealt with digital transformation initiatives since 2005, we've realized corporations focus on these factors:

  • Tighter SLAs
  • More flexibility and control
  • Compliance
  • Additional security policies and tools

The SaaS data plane is an excellent solution for anyone wishing to develop and distribute applications with Choreo. However, users have limited control on the operations of the data plane since it is a multi-tenant system. To increase security among tenants executing applications in the cluster, numerous restrictions are implemented. With the two environments designated as development and production that are configured for SaaS data plane, users can build, test, and deploy their applications from development to production using the Choreo console. However, some enterprises want more control and flexibility than what is available in the SaaS data plane. 

Consequently, private data planes focus on satisfying these requirements by enabling organizations to create and connect a data plane on their own infrastructure, granting them greater flexibility and control. Given the solution is single tenanted and dedicated to the client, compliance, data protection, and additional security rules can be developed with relative ease. Private data planes enable the provisioning of multiple environments such as development, test, staging, and production, which are required by most businesses. WSO2 manages the data plane on the client’s behalf and provides tighter SLAs and support, while preserving the ease of use provided by Choreo for developing and running cloud-native applications from development to production.

How it Works

Figure 3: Choreo Private Data Plane Architecture

Customers can create a managed Kubernetes cluster and install the required Choreo data plane features on it. Choreo DP consists of an agent that creates a secure connection between the Choreo control plane and data plane. This connection enables Choreo’s control plane to manage configurations and orchestrate applications within the connected data plane. APIs deployed on the data plane are exposed via internal or external API Gateways, fronted by a firewall. 

Customers can connect any number of data planes to the control plane and assign those data planes to the organizational environments they manage. Even a single data plane can be dedicated to multiple environments if needed.

All CI/CD operations are managed by the Choreo control plane, and all images built by a private data plane customer are stored in a dedicated container registry defined by the customer in their infrastructure. Additionally, any sensitive data that must be passed into application runtimes will be stored in a user-owned key vault and injected into the data plane.

How to get Started

Setting up your private data plane requires support from WSO2’s support team to provision the infrastructure and configure the required components to securely connect to the Choreo control plane. Reach out to our support team and get started by using our contact us page.


Choreo’s private data planes add great value to enterprises by giving them greater privacy, control, and flexibility to meet any complex organizational need related to compliance, security, and control. We invite you to build your own applications with Choreo. If you haven't already, sign up here. Happy coding!