Skip to main content
IIOS — The platform for organizational reasoning
Operate

Deployment

The same IIOS build runs in our managed cloud, in a dedicated VPC, or fully on-premises — including air-gapped facilities. Topology is configuration; applications and the control plane are identical everywhere.

ForIT organizationsPlatform / SRE teamsSecurity & compliance

Deployment topologies

Every topology ships the same runtime, control plane, and knowledge graph. What changes is where data lives and who operates it. This lets you start in the managed cloud and graduate to a sovereign installation without re-architecting.

Three topologies, one platform
Managed cloudDedicated / VPCOn-prem / air-gappedControl planeidentity · policy · auditControl planetenant-isolatedControl planelocal root of trustIIOS runtimemulti-tenantIIOS runtimesingle tenantIIOS runtimecustomer-operatedKnowledge graphregionalKnowledge graphin-VPCKnowledge graphnever leaves site
Control plane and runtime are identical; the sovereignty boundary moves.
TopologyOperated byData residencyTypical use
Managed cloudIndustrialGraphRegional, multi-tenantFast start, pilots
Dedicated / VPCIndustrialGraph in your accountIn your VPCEnterprise production
On-prem / air-gappedYour teamNever leaves siteRegulated / classified

Installation

Installations are declarative. A single values file describes topology, sovereignty boundary, storage, and key management; the installer reconciles the cluster to match.

values.yaml
# values.yaml — a dedicated / VPC installation
iios:
  topology: dedicated        # managed | dedicated | on-prem
  region: us-east-1
  sovereignty:
    boundary: acme-vpc        # data residency + isolation domain
    egress: deny-all          # explicit allowlist below
    allowEgress:
      - identity.acme.internal
  knowledgeGraph:
    storage: in-vpc           # never leaves the customer network
    replicas: 3
  controlPlane:
    audit: immutable          # append-only ledger
    keyManagement: customer   # BYOK / HSM
Bring your own keys
In dedicated and on-prem topologies, encryption keys can be customer-managed (BYOK/HSM). The platform never requires plaintext access to customer key material.

Upgrades & release management

Releases are version-pinned and reversible. Graph migrations are planned as a dry-run first, then applied with a canary strategy that halts and rolls back automatically on policy drift.

upgrade.sh
# Zero-downtime, version-pinned rollout
iiosctl release plan --to 2025.3       # dry-run: shows graph migrations
iiosctl release apply --to 2025.3 \
  --strategy canary --canary 10% \
  --pause-on-error                     # halts + rolls back on policy drift

Operational patterns

Start managed, grow sovereign

Prove value in the managed cloud, then lift the same workload into a VPC or on-prem boundary with a config change — not a rewrite.

Air-gapped by design

On-prem installs run with deny-all egress and a local root of trust, so classified environments stay fully disconnected.

Immutable audit everywhere

The append-only audit ledger is part of every topology, so compliance evidence is identical regardless of where you run.

Canary + auto-rollback

Progressive rollouts with automatic rollback keep upgrades safe even for stateful graph migrations.