Data privacy / Self hosted front-end

Hi everyone,

First of all, I’m new to forestadmin and If this post isn’t at the right location, please tell me where I can get an answer and I will remove it.
Is there a way to run and hosted by myself the front-end locally, instead of going thought forestadmin server ?

My data is quite sensitive.

In advance thanks,

Louis

Hi @Louisgfhjcyik !
There are no bad questions :wink:
You could use the self hosted version of Forest, I’ll ping one of our sales so that they reach out to you !

Hello @Louisgfhjcyik,

Forest Admin does not have access to your data, by design. It’s possible with the standard version of Forest Admin to be sure that your data never leave your network:

  • deploy the agent behind a firewall, on the same network than your users
  • access forest admin normally behind your firewall

Users are only downloading the frontend from Forest Admin’s servers, and saving metadata (which column is displayed, in what order etc). All access to data is only made by the web clients directly to the deployed agent, and if clients are on the same network than your agent, you can ensure that only them can access your sensitive data.

1 Like

@GuillaumeGautreau I am still confused by this.

SO which domain does my end user visits?

let’s say i get a free plan like kim.forestadmin.com

And my users visit kim.forestadmin.com,
then their browser will download the react frontend from forest admin servers
then the frontend will query which domain for the backend API for data?

Is it still kim.forestadmin.com? if so, then my data obviously goes through forestadmin servers right?
if it’s not, and it points to my backend servers, then tehre will be a cross origins issue right?

So help me understand how forestadmin ensures data security and confidentiality issues?

The image i am looking at is this

Hello @simkimsia,

The privacy does not depend on the plan you are choosing.

If you have an agent deployed, it is deployed by yourself on your own servers behind your firewall. So in your case it won’t be kim.forestadmin.com because this is our domain name ; but kim.yourdomain.com.

Then the browser from your users will contact 3 endpoints:

  • app.forestadmin.com to get the frontend app
  • api.forestadmin.com to retrieve the configuration of the frontend and interact with the app (configure the views, access control etc)
  • kim.yourdomain.com directly

So your agent which has access to the data can be deployed behind a firewall, as long as your clients will be able to access it directly.

Forest Admin never calls this server, and all the data goes directly from it to your users’ browser. It does not transit from our servers, and our servers never have access to the data.

2 Likes

I am sorry i am really still unsure

here’s my best guess from your answer.

Please let me know where i gone wrong

Your diagram is quite accurate, except for the number 3 which does not make sense to me. I made another diagram following the UML formalism to explain how everything works and how it allows not to share data over the internet and to our own servers.

I did not include the authentication process because it does not add anything relevant to your question but there are multiple round trips between the frontend, agent and public API.

By design, the agent that you are supposed to install on your side will never be accessed by our servers. It can call the API by itself to load some configuration or push some updates regarding the structure of your DB, but no data will ever be pushed to our server.

I hope that it answers your last questions