Home / Capabilities / Cross-Tenancy Portals
Portals

Cross-Tenancy Portals

Isolated world partitions connected by authenticated portal gateways. Share data across tenants without breaking isolation — every portal is scoped, rate-limited, and encrypted.

Request Demo All Capabilities
Cross-Tenancy Data Flow

World Partitioning

Every world is a fully isolated namespace. Entities, containers, vectors, and indices exist within their world boundary. No data leaks between worlds unless an explicit portal is established.

Isolation
Complete namespace separation
Each world has its own entity ID space, compression engine, and index. An entity ID in World A has no relation to the same ID in World B. Queries are scoped to the active world context by default.
  • Separate storage namespaces per world
  • Independent compression thresholds
  • Per-world index configuration
Lifecycle
Create, suspend, and destroy worlds
Worlds are first-class resources with full lifecycle management. Create worlds on demand for game instances, simulation runs, or tenant workloads. Suspend to pause storage costs. Destroy to reclaim resources.
  • Instant world creation with configuration templates
  • Suspend/resume without data loss
  • Cascading deletion with confirmation

Portal Gateway

Portals are authenticated, scoped connections between worlds. Each portal carries an HMAC token that defines exactly which actions are permitted and which entity types can traverse the boundary.

HMAC Tokens
Cryptographic portal authentication
Every portal is authenticated with an HMAC token. Tokens are scoped to specific source/destination world pairs and cannot be reused across different portal connections. Tokens expire and rotate automatically.
Action Scopes
Fine-grained permission control
Each portal defines its allowed actions: read-only, write-through, query-only, or full bidirectional. Action scopes are enforced at the gateway layer before any data crosses the world boundary.
Entity Filters
Type-level traversal rules
Portals can restrict which entity types are allowed to cross. A trading portal might permit only inventory items. A monitoring portal might expose only aggregate metrics. All other types are rejected at the gateway.

Cross-Tenant Queries

Query data across world boundaries through authenticated portals. The portal gateway transparently routes queries to the target world, applies access filters, and returns results within the caller's security context.

Read-Through
Query remote worlds transparently
Issue standard VectorScaleDB queries with a portal context. The engine resolves the target world, authenticates the portal token, applies entity type filters, and returns results as if querying locally.
  • KNN search across portal boundaries
  • Temporal range queries on remote entities
  • Anomaly detection across worlds
Write-Through
Push data to remote worlds
Bidirectional portals allow ingestion into the target world. Items, entities, and vectors can be transferred across the portal with full audit logging on both sides. Useful for cross-shard trading and shared event systems.
  • Atomic cross-world transfers
  • Dual-sided audit trail
  • Conflict detection on entity ID collisions

Encryption Modes

Three encryption modes for portal traffic, from standard TLS to full homomorphic operations on encrypted data.

TLS
Transport encryption
Standard TLS encryption for portal traffic. Data is encrypted in transit and decrypted at the receiving world. The simplest mode with the lowest latency overhead.
End-to-End
Envelope-encrypted payloads
Data is encrypted with per-segment data encryption keys before traversing the portal. The gateway cannot read the payload — only the destination world holds the decryption key.
Homomorphic
Compute on encrypted data
Run aggregate queries on encrypted portal data without decryption. Centroid computation, anomaly scoring, and distance calculations operate directly on ciphertext. Results are decrypted only at the originating world.

Rate Limiting

Per-identity, per-portal rate limiting prevents any single consumer from overwhelming a shared portal. Limits are configurable per action type and enforced at the gateway layer.

Per-Identity
Individual consumer throttling
Each identity (user, service, or API key) has independent rate counters per portal. A misbehaving consumer is throttled without affecting other portal users. Burst allowances accommodate legitimate traffic spikes.
Per-Portal
Aggregate portal bandwidth
Global rate limits cap total throughput per portal, protecting the destination world from overload regardless of how many consumers share the portal. Configurable by reads/second, writes/second, and bytes/second.

API Endpoints

Eleven endpoints for world and portal lifecycle management.

World Management
Create and manage world partitions
  • POST /v1/worlds — Create world
  • GET /v1/worlds — List worlds
  • GET /v1/worlds/{id} — World details
  • DELETE /v1/worlds/{id} — Destroy world
  • POST /v1/worlds/{id}/suspend — Suspend
Portal Operations
Create portals and manage access
  • POST /v1/portals — Create portal
  • GET /v1/portals — List portals
  • GET /v1/portals/{id} — Portal details
  • DELETE /v1/portals/{id} — Close portal
  • POST /v1/portals/{id}/query — Cross-world query
  • POST /v1/portals/{id}/transfer — Cross-world transfer
View Full API Reference →

Related Capabilities

Enterprise Security
Learn more →
Trust Network
Learn more →
Container Inventory
Learn more →
Distributed Intelligence
Learn more →

Ready to connect your worlds?

See cross-tenancy portals and world partitioning in a live technical demo.

Request Demo