Production + Staging

Your contract and license determines the actual named user count allowed on your system.

Stand up a passive disaster recovery environment that matches your production installation. Refer to the Software License Description.

Access Workbench securely from any web browser and prevent exposing data directly to desktop.

Provides consistent versions of R/Python for all users across team, making collaboration easier.

Users can run multiple sessions of JupyterLab, Positron Pro, RStudio Pro and VS Code at the same time.

Users can manage sessions in Jupyter Notebook, JupterLab, VS Code, Positron Pro, and RStudio Pro via a single platform. RStudio Pro and Positron Pro users can dynamically change the version of R (or Python in Positron) via built-in UI.

Users have access to all of the best open-source IDEs, including JupyterLab, Positron Pro, RStudio Pro and VS Code all in a enterprise-supported platform.

For compliance or increased security, administrators can turn off features such as file upload/download, access to the terminal, package installation, and more.

Workbench supports Posit's Professional Open Database Connectivity (ODBC) drivers, allowing Workbench to easily 'pull in' data from database management systems.

Server grade compute provides shared and efficienct resource allocation for user populations of varying size.

Admin UI for managing users, sessions, and a simple dashboard for viewing server utilization.

Depending on configuration, admins are able to limit available resources per user or user group within guardrails, meaning that certain users may have access to small resources while power users have access to more resources for computationaly intensive work.

The Posit Workbench application and all sessions execute on the same Linux host. Load-balanced server and cluster or container-based configurations on Slurm or Kubernetes are supported where applicable.

Workbench automatically distributes incoming network traffic across backend servers to enable peak performance and minimize downtime. High-availablility can be used to avoid overall Workbench downtime in the case of a node failure.

Users can access Workbench backed by native integration with Kubernetes clusters on-premise or in Cloud. This also adds support for Container-backed sessions for more distinct isolation of environments including Python / R or system dependencies.

Users can access Workbench backed by native integration with SLURM, a high performance computing (HPC) framework. Also includes Apptainer/Singularity -- a variant of Slurm with support for container-backed sessions.

Posit Workbench access is gated behind enterprise-grade authentication, including SSO via SAML, OIDC, Okta, AzureAD/EntraID. PAM/Kerberos or LDAP are also supported.

Auditing includes the ability to audit user-run code in RStudio as well as session use. Monitoring is focused on more robust server metrics that are beneficial for high user counts or load-balanced/cluster setups of Workbench, including Prometheus metrics.

Workbench can manage and refresh short-lived OAuth tokens for seamlessly accessing Cloud-based data and services without the need for PATs.

Current support for AWS, Azure, Snowflake and Databricks credentials for RStudio Pro; AWS, Snowflake, and Databricks credentials for Positron Pro and VS Code.

Posit Workbench can communicate with Posit Package Manager to display custom metadata associated with specific packages, including risk or CVE scores.

For teams that want to simplify the management of Posit Workbench, they can offload administration to our Cloud partners. This includes Snowflake Native Apps, AWS SageMaker (RStudio Pro only), AzureML, and Google Cloud Workstations.

Refer to PTD terms of service for details

Workbench Jobs provide a way to offload long-running tasks to a separate session. When Workbench is backed by Kubernetes or Slurm, users also have support for Workbench Jobs that scale up in that attached Cluster.

You can configure Posit Workbench to track auditing information alongside Workbench job output. This includes digital signatures, environment information, and user-defined ad hoc information. Audited Workbench jobs are available in the RStudio IDE.

The Databricks Cluster pane in RStudio Pro provides a way to seamlessly manage, connect to, and access existing Clusters in Databricks.

Production + Staging

Your contract and license determines the actual named user count allowed on your system.

Stand up a passive disaster recovery environment that matches your production installation. Refer to the Software License Description.

Easy-to-use publishing options designed to fit your deployment workflows: Push-button, Git-backed, or CLI.

Content-scoped controls for scaling and tuning Python or R code execution on the server.

Content-scoped custom environment variables that are encrypted on-disk and in-memory.

An interface that displays execution details for each process associated with a piece of content. Standard output and standard error are captured and streaming log entries appear in real time.

Options to delete or deactivate content items.

A content listing interface that provides basic search functionality and tag-based organization.

A developer-style API for publishers and administrators who want to deploy and manage content programmatically, automate tasks, retrieve server information, and perform various administrative functions using HTTP-based requests.

Role-scoped API key generation and management interface.

Support for content types that have no server component: Plots, Pins, HTML, Jupyter Notebooks (not Voila), Quarto (not Shiny), R Markdown (not Shiny), and R or Python scripts.

Support for content types that are seen as interactive and have a hosted server component: Shiny for R, Shiny for Python, Shiny Quarto, Shiny R Markdown, Jupyter Voila, Dash, Streamlit, Bokeh, Panel, and Gradio.

Support for content types that are seen as request-based and have a hosted server component: Plumber, WSGI API types (Flask, Bottle, Falcon, pycnic), and ASGI API types (FastAPI, Quart, Sanic, Falcon-ASGI, Starlette).

Support for hosting TensorFlow models using TensorFlow Serving.

Integrate with a number of 3rd party products and authentication providers for user authentication.

Connect only supports one active authentication provider at a time.

Secure publishing and interactions with content using SSL/TLS.

Configuration options for package repository integrations, environment management, and process execution.

Re-execute rendered content published with source code on a set (customizable) schedule and view past renderings (using the History tool).

Schedule an email to be sent (or conditionally suppressed) every time rendered content is re-executed.

An interface for users to change inputs on a parameterized R Markdown document and create variations on a single report.

Content owners can allow other Publishers or Administrators to make updates to the content item by giving them collaborator access.

Content owners can share content access with everyone on the server, or specific sets of authenticated users or groups.

Users who are not authenticated with Connect can view a content item when the content owner chooses this access level. A "Powered by Posit Connect" tag is applied to this content.

Users who are not authenticated with Connect can view a content item when the content owner chooses this access level.

Users who are not authenticated with Connect can only view interactive or request-based API-type content if it is open to the public internet.

Requires a Public Access license.

The Posit Connect application service and all published content execute on the same host. Load-balanced server and container-based configurations on Kubernetes are supported where applicable.

Published content is executed in an off-host container that is isolated from the Posit Connect service. Requires Kubernetes. Does not support “Current User Execution”.

Administrators can change the execution user for a piece of content by changing the default "RunAs" user.

Connect can use a local Unix account associated with the currently logged-in user when executing applications.

Not available for Off-Host Content Execution.

Refer to PTD terms of service for details

Interactive content can support OAuth integrations for viewer identity delegation, ensuring a viewer’s data access in Connect is consistent with data-level access control lists defined in the data governance system.

Interactive and rendered content can support OAuth integrations for the client credentials grant type. This integration provides an OAuth access token which represents a service account identity and can be used to access external resources from a content item.

A record of changes triggered either by a user or the system which can be accessed by Connect Administrators for auditing purposes.

An interface available to Connect Administrators which provides basic visibility into historical metrics such as resource usage over time and currently running processes.

A tool available to Connect Administrators that performs tests on a running Connect server and its process execution environments.

Instrumentation endpoints in the Connect Server API to report on content usage.

Configuration settings for customizing the default product branding and user experience.

Production + Staging

A repository is a set of packages that you want to make available to a set of users. For example, one repository might be a full-mirror of CRAN for development work, and a second one a separate curated repository with just a set of regulatory-approved packages for use in production.

Can also be used to provide different sets of packages for use by different teams and/or projects.

Stand up a passive disaster recovery environment that matches your production installation. Refer to the Software License Description.

Provide full mirrors of public repositories internally within your own network/firewall, eliminating the need for end users to access the public repositories directly.

Access older versions of packages to help easily reproduce projects or preserve future compatibility.

Posit-built binary versions of CRAN packages for Windows, macOS, and many versions of Linux, providing faster installation without the need to build the package from source.

Support for adding your own packages (in source and/or binary format) and make those available for installation using the same tools used for installing from public repositories (e.g. pip or install.packages()).

View download statistics by package or license type to monitor server utilization and most frequently installed packages.

Integrate Package Manager with AI agents and coding tools to improve model knowledge of repository structure and locally-available packages.

Package Manager can be deployed across multiple servers for high availability and redundancy.

Create repositories containing only a subset of packages from a public repository, and optionally adding in your own internal packages to create a unified "one-stop shop" repository of approved packages for users.

Augment built-in package data with your own custom metadata values to be displayed on the Packages page. Include internal package metrics, links to supplemental documentation, or any other information useful to those browing available packages. Metadata can also be imported via API (Advanced tier only).

Require token-based authentication for viewing and installing packages from specified repositories. Provide access to protected internal packages only to approved systems or teams.

Ability to block all package versions with a known vulnerability reported on the OSV.dev vulnerability database.

Create custom override exceptions to allow installation of a package with a known vulnerabilitiy, or set a threshold to only block vulnerabilities above a desired CVSS score.

Full Single Sign-on (SSO) integration with OIDC-compliant Identity Providers (IdPs) such as Okta and Microsoft Entra ID. Manage groups in the IdP and map those groups to permission scopes in Packaage Manager for both repository access and administration functions.

Support for environments where the Package Manager server does not have outbound Internet access. Administrators must use the Offline Downloader on an Internet-connected machine to download public packages to disk and then copy those files to the air-gapped Package Manager server every time they wish to update the available packages.

Note: All product tiers permit using Package Manager as an internal, online repository mirror, as long as a firewall can be opened to allow the Package Manager server to access the Posit Package Service. Individual users do not require Internet access, only access to the internal Package Manager server.

Fully-customizable package blocking rules to allow blocking of individual packages by name, version, or partial name matching; or to provide override exceptions to allow packages that are blocked by other rules. Also provides for remote API integration with other sources of package blocking lists.

Allows creation of rules for blocking packages with specific open-source licenses (e.g. AGPL), or allowing only packages with approved license types (e.g. MIT).

Refer to PTD terms of service for details

Monitor a public or internal Git repository containing R or Python package source and automatically build a new version of the source package and add it to Package Manager whenever the Git repo is updated. Can be configured to rebuild the package on every commit to a specific branch, or whenever a new tag is added.

Enables remotely publishing new packages via a secure API using our remote tools. Designed for teams that have their own CI/CD systems (Jenkins, TravisCI, GitHub Actions, etc.) for building Python or R packages and want to be able to automatically publish the built packages to Package Manager as part of that pipeline. Also can be used for remote publishing directly by trusted package developers.

Allows server admins to generate an API Token permitting remote administration of Package Manager, without requiring shell access to the server. This can be used to grant non-IT users access to perform administration commands, or to build custom integrations with other tools or applications to perform any Package Manager functions.

Allows integration with Artifactory or Nexus as the upstream source of public packages. Typically used in environments where all packages must come through Artifactory/Nexus to be scanned/approved, but users still want the benefits of using Package Manager.