Deployment Models

Five Ways to Deploy. One Trust Architecture.

Managed SaaS, dedicated single-tenant, self-hosted/sovereign, regional gateway pools, and customer-controlled hardware appliances all run the same post-quantum transport, the same signed policy pipeline, and the same fail-closed enforcement. Where you run AegisWire sets your control and residency boundary — it never changes the security model.

No vendor lock-in · AWS + Vultr Commissioned on customer scope
Full CNSA 2.0 suite (US NSA) · UK NCSC-aligned — every customer, every packet

Choose your posture

Same guarantees, different boundaries

Each model changes who owns the infrastructure and where data lives — not how sessions are encrypted, how policy is signed, or how the kill-switch fails closed. Pick the boundary your control and residency requirements demand.

Managed SaaS

AegisWire-operated control plane and gateway fabric with managed infrastructure, signed policy workflows, and governed update distribution.

Fastest adoption path. We run infrastructure, operations, and updates; your team retains policy publication authority, certificate ownership, and administrative governance.

  • AegisWire-managed infrastructure and operations
  • Signed policy workflows under tenant administrative control
  • Governed, signed update distribution with rollback
  • Privacy-preserving monitoring — no metadata exposure
  • Regional gateway pool selection by policy intent
  • Enterprise admin console with role-based access

Dedicated Single-Tenant

Physically isolated infrastructure per customer with dedicated trust boundaries, isolated key material, and customer-driven update timing.

Stronger isolation for organizations that require dedicated environments. Same trust architecture, separate infrastructure boundary, custom rollout and update cadence.

  • Dedicated infrastructure per customer
  • Isolated trust boundaries and key material
  • Custom update and rollout schedules
  • Tenant-specific operational monitoring
  • Same signed policy and automated certificate management
  • Tailored scaling per customer requirements

Self-Hosted / Sovereign

Customer-controlled infrastructure with full administrative ownership. The same trust architecture, deployed entirely inside your environment.

Full infrastructure control for regulated, sovereignty-sensitive, or operationally isolated environments — AegisWire's policy, trust, and evidence model running on infrastructure you own.

  • Full infrastructure control and administrative ownership
  • Data residency and jurisdictional alignment
  • Customer-managed, signed update governance
  • Same signed policy and automated certificate management
  • Compatible with air-gapped and restricted networks
  • On-premises or private cloud deployment

Regional Gateway Network

Regional gateway pools with policy-aware publication, controlled draining, governed failover, and capacity-aware scaling — deployable on AWS, Vultr, or your own cloud.

Pools publish capabilities by region; selection reflects policy and administrative intent, not just latency. Draining and failover run as governed lifecycle operations with full administrative visibility.

  • Regional pool publication with explicit capabilities
  • Policy-aware gateway selection
  • Controlled draining without session disruption
  • Capacity-aware scaling per region
  • Multi-vendor (AWS + Vultr) — no lock-in
  • Failover with administrative visibility

Hardware Appliance

Customer-controlled edge enforcement hardware. Run the full AegisWire trust model on your own premises, on hardware you physically control.

A managed-device supply chain with signed firmware brings local enforcement to branch, field, and enclave sites — the identical trust model, policy architecture, and post-quantum transport as every cloud deployment.

  • Customer-controlled edge presence
  • Local enforcement and routing
  • Same trust model as cloud deployment
  • Branch, field, and enclave use cases
  • Aligned with the self-hosted operational model
  • Managed-device supply chain with signed firmware

Constant across every model

The security model is not a deployment variable

Move from managed SaaS to a sovereign air-gap and these guarantees travel unchanged. The boundary moves; the cryptography, signing, and fail-closed posture do not.

Post-quantum transport

The same hybrid PQ handshake protects every session, on every model — SaaS to sovereign.

Signed policy & updates

Policy and software ship as signed, verifiable artifacts with rollback — identical pipeline everywhere.

Fail-closed kill-switch

If policy can't be verified or the tunnel can't be trusted, traffic stops. Default-deny, never default-allow.

Privacy-preserving telemetry

Operational visibility without metadata exposure — the same monitoring contract regardless of who operates it.

Post-quantum cryptography

The primitives behind every session

Hybrid key exchange
Quantum-safe + classical, combined
ML-KEM-1024X25519
Identity signatures
Post-quantum signed trust chains
ML-DSA-87
Record encryption
Authenticated, per-session keys
AES-256-GCM
Keyed hashing · STREAMHEAL
Integrity and rapid rekey
BLAKE3
Implements US NSA CNSA 2.0 in full · aligned with UK NCSC post-quantum guidance

Beyond a single site

Connect, extend, and run anywhere

Deployment models compose. Federate gateways across regions, run on the cloud of your choice, and extend admission control with separately-licensed defense.

What moves, what stays

Isolation & control boundaries

Ownership and residency shift by model. Policy authority, certificate ownership, and the security model stay with you, everywhere.

Boundary Managed Dedicated Self-Hosted
Infrastructure ownership AegisWire AegisWire Customer
Tenant isolation Logical Physical Physical
Policy control Customer Customer Customer
Certificate ownership Customer Customer Customer
Update governance Managed Custom schedule Customer
Data residency Region-selected Region-selected Customer-controlled
Cloud vendor AWS / Vultr AWS / Vultr Customer choice
Post-quantum transport Identical Identical Identical

Endpoints supported across every deployment model

Clients macOS iOS Linux Windows Android

Controls posture is built to the requirements that SOC 2, ISO 27001, GDPR, and HIPAA-style reviews examine. Embed post-quantum transport directly with the token-metered, staff-provisioned developer SDK.

Talk to engineering

Request an architecture briefing

A technical walkthrough of the transport, trust model, and deployment options — mapped to your environment and procurement requirements.

Implements US NSA CNSA 2.0 in full · aligned with UK NCSC post-quantum guidance