Everything a data team needs.
Nothing you don't own.
OpenLake assembles proven open-source engines into a coherent, governed platform - storage, compute, catalogs, workstations, and a single web application that ties it all together. Delivered as Infrastructure as Code into your cloud account.
A modern lakehouse, end to end
Storage & Tables
Object storage with lifecycle management, Apache Iceberg table format, and a Nessie catalog with git-like versioning. Encrypted at rest with keys you control.
Compute
Trino for fast interactive SQL, ephemeral Spark clusters for heavy ETL, and lightweight Polars and Python runners for everything in between. Scales up for the job, down to zero after.
Databases & Search
Managed PostgreSQL and MySQL with automated backups and encryption, plus Neo4j graph and Elasticsearch when the workload calls for them.
Interfaces
The OpenLake web app, Apache Superset dashboards, BI tool connectivity (Tableau, Power BI), and full cloud workstations for power users.
Security & Identity
Single sign-on end to end, granular IAM with least privilege, secrets management, network isolation, and audit logging across every layer.
Everything as Code
Every stack - network, storage, compute, apps - is a versioned template. A new environment, region, or account is a parameter change, not a rebuild.
The platform tour
What your analysts, engineers, and admins actually see when they log in.
SQL Query Workbench - with AI on tap
A full SQL editor against the lake, powered by Trino. Queries run as the signed-in user, so table-level permissions follow the person - not a shared service account.
- Natural-language to SQL, grounded in the catalogs the user can actually read
- Schema-aware autocomplete and query history
- Export results or hand off to dashboards
Ingest Monitor - ETL without the scheduler sprawl
Every pipeline is a registered job with an engine, a schedule, and a home. Run it on the app server for small work, or on an ephemeral Spark cluster that provisions itself, runs the job, and deletes its own stack.
- Engines: Spark, Polars, Python, Bash
- Cron scheduling with one-click manual runs
- Logs stream to centralized monitoring automatically
Cloud workstations, on demand
Analysts launch their own preconfigured desktops - sized to the work, encrypted, and reachable over a secure tunnel with no public exposure. Data tooling, notebooks, and lake access are ready on first login.
- Self-service creation from the web app
- Remote desktop in the browser or a native client
- Nightly snapshots of user home volumes
Self-service infrastructure
Launch and manage web apps, Trino and Spark clusters, Neo4j, and Elasticsearch from the UI. Every action drives the same audited IaC templates your platform was built with - point-and-click, without configuration drift.
- Business-hours scheduling to cut idle compute cost
- One-click stop/start of entire environments
- Health dashboard across every service
AI where it earns its keep
OpenLake ships practical AI, running under your account's controls: an AI-enriched data dictionary that documents your tables in plain language, a data-ops agent that triages platform incidents and proposes fixes, and natural-language querying for non-SQL users.
- Automated data cataloging with natural-language search
- Incident triage that turns alerts into diagnoses and pull requests
- Optional self-hosted LLM services - no data leaves your boundary
Cost transparency, per query
Trino has no "credits" - so OpenLake attributes real, measured cost to every query: CPU-time plus data scanned, priced at your actual blended infrastructure rate. Finance gets attribution; engineering gets accountability; nobody gets a surprise invoice.
- Per-user and per-query cost breakdowns
- Admin-tunable rates that re-price history consistently
- Idle resources stop on schedule, storage tiers automatically
Governance that auditors like
Your identity provider is the single source of truth. Group membership drives what every user can see and do - in the app, in the query engine, and on the data itself. Every privileged action lands in an audit log.
- SSO end to end - no local passwords, MFA enforced
- Role-based access mapped to real organizational groups
- Secrets in a managed vault, never in code or config
- Full audit trail of administrative actions