Air-Gapped Deployments: Running Intended On-Premise

Why On-Premise Still Matters

The cloud-first era has not eliminated the need for on-premise deployment. It has made it more selective. The organizations that require on-premise deployment are the ones with the most stringent security requirements: defense contractors, intelligence agencies, financial institutions, healthcare systems, and critical infrastructure operators.

These organizations cannot send governance data to a cloud service, no matter how well that service is secured. The data classification alone may prohibit it. The regulatory framework may require it. The threat model may demand it. For these organizations, the AI governance layer must run inside their perimeter, on their hardware, under their control.

Intended supports four deployment models, ranging from fully managed cloud to fully air-gapped on-premise. Here is how each one works.

Model 1: Managed Cloud (Multi-Tenant)

The simplest deployment. Intended runs in our cloud infrastructure, and your AI agents communicate with our API endpoints over TLS. Your governance data is logically isolated from other tenants through database-level partitioning and encryption.

This model works for organizations without strict data residency or air-gap requirements. Setup takes minutes. There is no infrastructure to manage. Updates are deployed automatically. The SLA covers availability, latency, and data durability.

The trade-off is control. You are trusting Intended's infrastructure, Intended's operational team, and Intended's security practices. For many organizations, our SOC 2 Type II report and security posture provide sufficient assurance. For others, it does not.

Model 2: Managed Cloud (Single-Tenant)

A dedicated Intended instance running in our cloud infrastructure, but isolated at the infrastructure level. Your instance has its own compute, its own database, its own encryption keys. No shared resources with other tenants.

Single-tenant deployment provides stronger isolation guarantees. Your data is physically separated from other customers. You can choose your deployment region (US, EU, APAC). You can bring your own encryption keys. You get a dedicated support channel and a named technical account manager.

The trade-off is cost. Single-tenant infrastructure costs more than shared infrastructure. But for organizations that need the assurance of physical isolation without the overhead of on-premise operations, it is the right balance.

Model 3: Hybrid (Customer VPC)

Intended runs in your cloud account, in your VPC, managed by Intended. We deploy the Intended stack into your AWS, GCP, or Azure environment using infrastructure-as-code templates. The compute runs in your account. The data stays in your account. The network traffic never leaves your VPC.

Intended manages the software: updates, patches, monitoring, and incident response. But the infrastructure is yours. You control the network configuration, the security groups, the encryption keys, and the data retention policies.

This model is popular with organizations that have cloud presence but strict data residency requirements. The governance data never leaves their cloud account, but they get the operational simplicity of a managed service.

The deployment process takes 2-4 weeks. We work with your infrastructure team to configure the VPC, set up the deployment pipeline, and validate the installation. After deployment, updates are applied through a controlled release process with your approval.

Model 4: Air-Gapped On-Premise

The most secure deployment model. Intended runs entirely on your hardware, in your data center, with no outbound network connectivity. No telemetry. No update phones home. No cloud dependencies.

Air-gapped deployment is fundamentally different from the other models. Here is what changes.

**Installation.** We provide a deployment package: container images, configuration templates, and deployment scripts. Your infrastructure team deploys the stack on your Kubernetes cluster or bare-metal servers. We provide documentation and engineering support during the initial deployment, either remotely (for classified environments, via a classified communication channel) or on-site.

**Updates.** Without network connectivity, updates cannot be pushed. We provide update packages on physical media or through your organization's secure transfer mechanism. Your team reviews the update, tests it in a staging environment, and applies it to production on your schedule.

**Licensing.** Air-gapped deployments use offline license validation. The license is tied to a hardware fingerprint (based on CPU, memory, and storage identifiers). License renewal does not require network access; we provide renewal codes through your procurement channel.

**Monitoring.** Intended's monitoring stack runs locally. Dashboards, alerts, and health checks all operate within the air-gapped environment. There is no external monitoring dependency.

**Key Management.** In air-gapped deployments, you manage all cryptographic keys. Intended's authority signing keys, audit chain keys, and transport encryption keys are generated and stored within your infrastructure. We provide key generation procedures and recommend HSM integration for production deployments.

**Support.** Support for air-gapped deployments is provided through your organization's approved communication channels. For classified environments, we support communication through appropriate secure facilities.

Architecture for On-Premise

The Intended on-premise architecture consists of five components.

**Authority Engine.** The core policy evaluation engine. Stateless, horizontally scalable. Deployed as a Kubernetes Deployment or a set of containers on bare metal. Requires CPU and memory but no GPU. Typical resource requirements: 2 vCPU and 4 GB RAM per instance, with 3 instances minimum for high availability.

**Audit Ledger.** The hash-chained audit store. Backed by PostgreSQL with serializable transaction isolation. Requires reliable storage with good write throughput. Typical requirements: 100 GB storage to start, growing at approximately 1 GB per million decisions.

**Intent Compiler.** The natural language to structured intent classification service. Stateless, horizontally scalable. For on-premise deployments, the compiler uses a local classification model rather than an external API. The local model is included in the deployment package.

**Connector Gateway.** The ingestion layer that receives events from connected systems and routes them to the intent compiler. Deployed as a Kubernetes Service with a load balancer or a reverse proxy on bare metal.

**Console.** The administrative web interface. Deployed as a static web application served by Nginx or a similar web server. Communicates with the Authority Engine API for data.

All five components are containerized and published as OCI-compliant images. For air-gapped environments, the images are provided on physical media alongside SHA-256 checksums for integrity verification.

Operational Considerations

Running Intended on-premise means your operations team is responsible for infrastructure operations. Here is what that entails.

**Database operations.** PostgreSQL maintenance: vacuuming, index maintenance, backup and recovery testing. The audit ledger grows continuously, so storage capacity planning is important.

**Certificate management.** Internal TLS certificates for inter-service communication. Certificate rotation procedures and monitoring for expiration.

**Capacity planning.** Monitoring CPU, memory, and storage utilization. Scaling horizontally by adding Authority Engine and Intent Compiler instances as governance volume grows.

**Disaster recovery.** Backup procedures for the audit ledger and configuration data. Recovery procedures and RTO/RPO targets. Regular DR testing.

We provide runbooks for all of these operations, and our enterprise support team is available to assist through your approved communication channels.

Making the Decision

The right deployment model depends on your organization's specific requirements. Here is a decision framework.

If you have no data residency or air-gap requirements, managed multi-tenant cloud is the simplest and most cost-effective option. If you need physical data isolation but can use cloud infrastructure, single-tenant cloud is the right choice. If your data must stay in your cloud account, the hybrid model provides managed simplicity with data sovereignty. If your data cannot leave your physical premises, air-gapped on-premise is the only option.

Most organizations start with managed cloud and move to more isolated models as their governance needs mature and their compliance requirements crystallize. Intended supports migration between deployment models, so you are not locked into your initial choice.