Customer-controlled execution for every environment
Zof generates governed test intelligence, packages signed capsules, and executes through customer-controlled runners, without requiring protected applications to call external AI services.
Inbound access nnhia
External model frɛ fi network a wɔahwɛ mu nnhia
Signed immutable test capsule
Onipa apatow a wɔhwɛ nsiesie
Execution kɔ wo environment ho, governance wɔ nhyehyɛe ase
Cloud yɛ okwan baako, na ɛnyɛ okwan nkoaa. Zof hyehyɛ wɔ enterprises a wɔhia customer-controlled execution, segmented networks, ne regulated operating nhyehyɛe ho.
- Cloud-managed ne dedicated private cloud control planes
- Customer VPC/VNet execution a ɛwɔ outbound-only connectivity nhyehyɛe
- Hybrid architectures a ɛka public cloud orchestration ne local execution bɔ mu
- Edge runners ne endpoint agents wɔ branch, factory, ne desktop nsusuwii ho
- Enclave-style execution a ɛwɔ capsules a wɔasɛn wɔn ne telemetry egress a wɔhwɛ so
- Private Kubernetes-compatible execution wɔ customer-managed clusters mu
Planes mmiɛnsa. Execution nhyehyɛe baako wɔ governance ase.
Nyansa ne nhyehyɛe tena baabi a policy bɛma; execution tena wo boundary mu. Nsɛnkyerɛnne data tena execution plane mu sɛdeɛ wonhu wo okwan mu.
Intelligence Plane
Hwehwɛ nimdeɛ a wɔhwɛ so
Dwumaakyɛ, nhyehyɛ, ne priority da baabi a policy gyae, Zof Cloud, private cloud, anaasɛ on-prem.
- -System Graph ne workflow nteaseɛ
- -Amammere priority ne hwehwɛ nhyehyɛ
- -Capsule a wɔasina nhyehyɛ
- -Asiesie dwumaakyɛ wɔ baabi a wɔagyae
- -Nkɔmhyɛ titiriw firi ho mmu a ɛwɔ SaaS so tia applications a wɔakyɛ wɔ pɛ
Control Plane
Assentie ne policy
Customer-tumi so kwan ma sinia, nhyehyɛ, audit trails, ne adanse kwan.
- -Onipa assentie workflows
- -Cryptographic sinia ne policy enforced
- -Capsule nsusuwii ne adwuma
- -Role-based access ne SSO nkabom
- -Audit-ready hɔ ma adwuma biara
Execution Plane
Customer-tumi so dwumadwuma
Hwehwɛ di adwuma wɔ wo nhyehyɛ mu. Nimdeɛ a ɛwɔ ho amane tena mu sei a wo gyae agyagyae.
- -Beaeɛ edge runner dwumadwuma
- -Browser, API, ne desktop sɛsɛsɛ
- -Beaeɛ adanse di na wɔahintaw
- -Agyagyae a wɔasiesie anaasɛ metadata-nko ara kwan a wɔwɔ ho kwan
- -Nkɔmhyɛ model frɛ firi networks a wɔakyɛ wɔ pɛ berɛ so mma
Ahoban enclave architecture
Nimdeɛ ne tumi so hwɛ di adwuma wɔ ɛfan a wɔakyɛ no wɔ pɛ; dwumadwuma ne adanse tena mu firi capsules a wɔasina ne customer-tumi so runners.
Dwumaakyɛ baabi a wɔagyae
Intelligence Plane
Cloud, private cloud, anaasɛ on-prem
Control Plane
Hwehwɛ Capsule a Wɔasina
Customer Kwan Boundary
Customer-tumi so baabi
Execution Plane
Enclave Gateway
Edge Runner
Applications a Wɔhwehwɛ So
Beaeɛ Adanse Store
Agyagyae a Wɔasiesie Wɔ Ho Kwan
Dwumaakyɛ baabi a wɔagyae
Intelligence Plane
Cloud, private cloud, anaasɛ on-prem
Control Plane
Hwehwɛ Capsule a Wɔasina
Customer Kwan Boundary
Customer-tumi so baabi
Execution Plane
Enclave Gateway
Edge Runner
Applications a Wɔhwehwɛ So
Beaeɛ Adanse Store
Agyagyae a Wɔasiesie Wɔ Ho Kwan
Twe deployment nhyehyɛe nhwɛso
Twe nhwɛso wɔ baabi a dwumadiifo sɛ ɛtumi di dwuma, baabi a tests si ne nkyerɛanim, ne sɛnea adanse betumi firi wo boundary mu. Nhyehyɛe betumi wɔ hybrid topologies mu.
| Deployment model | Baabi AI dwumaakyɛ di adwuma | Baabi dwumadwuma di adwuma | Internet nhia | Data agyagyae model | Nhwɛso pa | Nsɛmdie adwuma | Akyi bɔ |
|---|---|---|---|---|---|---|---|
| Zof Cloud | Zof Cloud | Zof-tumi so anaasɛ customer runners | Standard outbound | Customer-nhyehyɛ | Cloud-native nnipa, ahwɛ a ɛyɛ mmerɛ | Self-serve kosi enterprise | Tiers a wɔatwerɛ ase + enterprise |
| Zof Private Cloud | Private cloud a wɔakyekyɛ | Customer-tumi so runners | Policy-tumi so outbound | Beaeɛ-first; agyagyae a wɔagyae wɔ ho kwan | Industries a wɔhwɛ so den, nhia a ɛwɔ ntɔkwa ho | Enterprise nsɛmdie | Dwumadi bɔ, kasa kyerɛ nsɛmdie |
| Zof Hybrid Enclave | Cloud anaasɛ private cloud | Enclave gateway + edge runners | Nhia wɔ network a wɔakyɛ mu | Beaeɛ-nko ara default; agyagyae a wɔasiesie wɔ ho kwan | Banks, insurance, apps a ɛwɔ mu nko ara | Ahoban deployment nkɔmmɔbɔ | Dwumadi bɔ, kasa kyerɛ nsɛmdie |
| Zof On-Prem Control Plane | Customer data center | Customer-tumi so runners | Wɔ ho kwan / air-gapped hyɛ ase | Beaeɛ-nko ara boro no kɛkɛ | Internet mma, ntɔkwa den, mu tumi so hwɛ | Architecture hwɛso hwehwɛ | Dwumadi bɔ, kasa kyerɛ nsɛmdie |
| Zof Local Edge Runner | Paired control plane | Mfitiaseɛ, adwumakɛseɛ, edge site | Nhia ma dwumadwuma | Beaeɛ adanse; sɛsɛsɛ a wɔwɔ ho kwan | Sites a wɔakyekyɛ, networks a wɔahwie ase | Botaeɛ ma enterprise deployment | Dwumadi bɔ, kasa kyerɛ nsɛmdie |
| Customer VPC / VNet | Cloud anaasɛ private cloud | Customer VPC runners | Outbound-nko ara boro no kɛkɛ | Beaeɛ-first; policy-tumi so | Enterprise SaaS wɔ wo cloud account mu | Architecture hwɛso | Dwumadi bɔ, kasa kyerɛ nsɛmdie |
| Private Kubernetes dwumadwuma | Customer-gyae control plane | Customer-tumi so cluster agents | Policy-tumi so | Namespace-ahwie ase adanse | Platform nnipa a wɔwɔ K8s adwumadie | Architecture hwɛso | Dwumadi bɔ, kasa kyerɛ nsɛmdie |
| Endpoint agents | Paired control plane | Desktop / VDI / legacy UI | Outbound nhyehyɛ boro no kɛkɛ | Beaeɛ di; agyagyae a wɔasiesie wɔ ho kwan | ERP, Citrix, mu desktop apps | Enterprise deployment | Dwumadi bɔ, kasa kyerɛ nsɛmdie |
Ahoban deployment akyi bɔ da model, footprint, ne nhyehyɛ kɔkɔ so. Hwɛ enterprise deployment akyi bɔ
Control planes, okwan nhyehyɛe, ne audit adanse
Deployment ahofama ne autonomy a ɛwɔ governance ase di dwuma: onipa okwan, access a ɛso kyɛ, ne adanse routing a wo hyehyɛ.
Nsiesie patowsem nhyehyɛe
Kwan a wɔahwɛ mu fi ahunu besi asiesie a wɔayi adi.
- Role-based access, SSO, ne duties te mu wɔ capsule promotion ho
- Onipa okwan ansa wɔannya remediation a ɛwɔ governance ase wɔ production okwan mu
- Evidence nhyehyɛe a wɔtumi hyehyɛ: local-only, sanitized, anaa metadata-only
- Audit trails wɔ dwumadiifo, execution, okwan, ne nsakrae ho
Hwɛ deployment nhyehyɛe
Secure enclave
Capsules a wɔasɛn wɔn, enclave gateway, ne local edge runners wɔ segmented ne restricted networks ho.
Private cloud
Zof environment a ɛwɔ customer-approved region mu a isolation ne residency nhyehyɛe yɛ den.
Hybrid cloud
Ka cloud anaa private cloud orchestration ne VPC, edge, ne endpoint execution bɔ mu wɔ nhyehyɛe a ɛwɔ governance ase baako mu.
Private Kubernetes
Sɛ execution-compatible agents di dwuma wɔ customer-managed clusters a control ne execution planes wɔ wɔn ho wɔn ho.
On-prem control plane
Customer-managed infrastructure wɔ residency tirim, air-gapped, anaa connectivity a ɛso kyɛ ho anidaso.
Local edge runner
Nsusuwii a ɛsan wɔ branch, factory, anaa edge sites, a wonhyɛ local systems adi wɔ internet so.
Banking secure enclave
Nsusuwii a ɛwɔ governance ase wɔ core banking workflows ho wɔ customer-controlled execution ne audit adanse mu.
Regulated environments
Nhyehyɛe wɔ healthcare, financial services, ne public-sector segmentation ho a wonka certifications hodoɔ.
Sɛnea regulated enterprises de Zof di dwuma
Industry nhyehyɛe a wɔahintaw ho wɔ deployment approaches a ɛfa anomaase a ɛte saa kyerɛ. Ɛnyɛ customer apam anaa nhyehyɛe.
This representative scenario is an anonymized industry model used to explain how Zof AI can be deployed in similar enterprise environments. It does not identify or imply a specific customer relationship.
Regulated advisory environment
Client data ne advisory nnipa ntam nnipa ntam nsɛnkyerɛnne nsɛ sɛ wɔhyɛ public SaaS execution adi.
- Infrastructure nhwɛso
- Residency tirim, AI frɛ a wɔnhwɛ so nfiri advisory networks.
- Network segmentation
- VLANs te mu wɔ client-facing apps, research tools, ne admin nnipa ntam.
- Deployment architecture
- Private cloud control plane a ɛwɔ enclave gateway ne local runners.
- Endpoint / edge execution
- Edge runners susuw internal portals; endpoint agents wɔ desktop workflows ho.
- Governance nhyehyɛe
- Capsule asɛn, okwan mmienu wɔ production remediation ho, audit export titiriw.
- Telemetry boundaries
- Metadata-only egress kɔ dashboards titiriw; adanse titiriw tena local.
- Remediation governance
- PR-based siesie a ɛwɔ onipa okwan; production sesa hintaw biara nni ho.
Payment processing environment
Cardholder data environments hia segmented execution ne egress a wɔhwɛ so.
- Infrastructure nhwɛso
- PCI-aligned segmentation; runner placement a ɛwɔ nnipa ase.
- Network segmentation
- CDE-isolated segments a ɛwɔ dedicated gateways wɔ zone biara ho.
- Deployment architecture
- Hybrid: cloud planning wɔ region a wɔagyei ho, execution wɔ customer VPC mu.
- Endpoint / edge execution
- Kubernetes-compatible agents wɔ customer clusters mu; API nsusuwii wɔ VPC mu.
- Governance nhyehyɛe
- PAM-brokered credentials, runners a wɔasɛn wɔn, change-control integration.
- Telemetry boundaries
- Sanitized egress a ɛwɔ field masking; retention wɔ compliance program ase.
- Remediation governance
- Staging-first remediation a ɛwɔ verification suites ansa promotion.
Manufacturing operations environment
Plant-floor ne MES nnipa ntam hia local nsusuwii a wonhyɛ internet adi.
- Infrastructure nhwɛso
- OT/IT boundaries, connectivity a ɛkɔ so ɛkɔ so, latency-sensitive checks.
- Network segmentation
- Factory networks te mu afiri corporate cloud control planes.
- Deployment architecture
- Central orchestration a ɛwɔ distributed edge runner fleet wɔ site biara ho.
- Endpoint / edge execution
- Edge runners wɔ plants so; optional outbound-only sync wɔ capsule nkɔsoɔ ho.
- Governance nhyehyɛe
- Site-level policies, fleet inventory, ne local adanse bundles.
- Telemetry boundaries
- Local-only ripɔt default; optional aggregated health metadata.
- Remediation governance
- Onipa okwan wɔ sesa a ɛhaw production lines ho.
Identity ne gyidi environment
Identity platforms hia testing a ɛwɔ quality mu wɔ gyidi boundaries mu.
- Infrastructure nhwɛso
- Secrets ne tokens nsɛ sɛ wɔfiri execution plane mu a wɔnkaa wɔn.
- Network segmentation
- DMZ, internal service mesh, ne admin tools wɔ okwan te mu.
- Deployment architecture
- Customer VPC execution a ɛwɔ secure enclave nhyehyɛe wɔ flows a wɔwɔ nhyehyɛe ho.
- Endpoint / edge execution
- API ne browser nsusuwii wɔ VPC mu; endpoint agents wɔ admin consoles ho.
- Governance nhyehyɛe
- Credentials a ɛtɛtɛ ntɛntɛ, execution allowlists, audit a ɛkɔ so.
- Telemetry boundaries
- Adanse sanitization ansa cross-zone transfer biara.
- Remediation governance
- Governed remediation a ɛwɔ rollback nsusuwii wɔ staging mu.
Enterprise nnipa ntam integration environment
SI programs ka ERP, CRM, ne middleware a wɔyɛ wɔn ho wɔ hybrid estates mu.
- Infrastructure nhwɛso
- Multi-region customers, cloud ne on-prem endpoints a ɛwɔ mu.
- Network segmentation
- Per-tenant anaa per-project network boundaries wɔ nsusuwii dwumadie ho.
- Deployment architecture
- Hybrid cloud gyinaɛ: cloud control plane ne VPC ne on-prem runners.
- Endpoint / edge execution
- Testing fleets a ɛsane wɔ System Graph change impact mu.
- Governance nhyehyɛe
- Project-scoped policies ne adanse routing wɔ engagement biara ho.
- Telemetry boundaries
- Wɔtumi hyehyɛ wɔ environment biara mu; analytics titiriw baabi a wɔagyei ho.
- Remediation governance
- Okwan nhyehyɛe a ɛfa customer CAB processes so.
Healthcare administration environment
Nnipa ntam nnipa ntam a ɛhwɛ PHI hia execution a ɛhwɛ residency so.
- Infrastructure nhwɛso
- HIPAA-aligned hwɛho; yi data kwan ntɛntɛ a ɛfiri boundary mu.
- Network segmentation
- Clinical ne administrative network te mu.
- Deployment architecture
- Private cloud anaa on-prem control plane a ɛwɔ local execution workers.
- Endpoint / edge execution
- Application nsusuwii a ɛwɔ mu nkoaa; desktop agents wɔ legacy admin UIs ho.
- Governance nhyehyɛe
- Retention policies, access hwɛ, ne audit exports a ɛsiesie wɔ breach ho.
- Telemetry boundaries
- Local-first adanse; metadata summaries wɔ enterprise dashboards ho.
- Remediation governance
- Onipa wɔ mu wɔ sesa a ɛka PHI workflows ho.
Security operations environment
Security tools ne SOAR-adjacent workflows hia nsusuwii a ɛte mu.
- Infrastructure nhwɛso
- Logs ne configs a ɛyɛ den; nnnoa nkɔ SOC segments mu.
- Network segmentation
- SOC VLAN, tool integrations, ne staging mirrors a ɛte saa sɛ production.
- Deployment architecture
- Enclave-style execution a ɛwɔ packages a wɔasɛn wɔn ne outbound a wɔhwɛ so.
- Endpoint / edge execution
- Runners wɔ SOC segment mu; API nsusuwii wɔ integrations ne playbooks ho.
- Governance nhyehyɛe
- Capsules a wɔntumi nsesa wɔn, okwan nhyehyɛe, integration ne GRC tools.
- Telemetry boundaries
- Telemetry egress a wɔhwɛ so a ɛwɔ adanse sanitization.
- Remediation governance
- Siesie workflow a wɔasusuw wɔ mu a ɛwɔ security okwan mu.
Nhwɛso yi yɛ industry nhyehyɛe a wɔahintaw a wɔde kyerɛ deployment approaches wɔ enterprise environments a ɛte saa mu. Ɛnnkyerɛ customer biara titiriw.
Enterprise deployment topologies
Nhyehyɛe nhwɛso wɔ buyer hwɛ anomaase a ɛwɔ ho. Wo architecture hwɛ bɛhyehyɛ baabi a plane biara bɛsi.
Cloud-tumi so architecture
Zof-tumi so control plane a wɔtumi nhyehyɛ dwumadwuma wɔ ho.
Customer VPC dwumadwuma
Nsakraeɛ wɔ cloud a wɔapatow no; nnwuma wɔ wo VPC ano mu.
Hybrid dwumadie nhyehyɛe
Cloud nhyehyɛe a ɛfam dwumadie fleet ahodoɔ.
Edge runner nhyehyɛe
Ɛfam dwumadie a nhyehyɛeɛ wɔ ɛnnɛ.
Endpoint asuafo nhyehyɛe
Desktop ne nkyerɛnne a wɔde ɔtenefo asuafo adi dwuma no nsɛso.
Banko a wɔahwɛ mu yie dwumadie
Dwumadie a wɔakyekyere ne signed capsule nsakrae.
Private Kubernetes dwumadie
Asuafo a ɛyɛ dwumadie-tumi wɔ ɔtenefo-hwɛfo cluster mu, ɛnyɛ platform install a ɛmee.
Dwumadie fleet a wɔakyɛ
Fleet ahodoɔ a nhyehyɛe baako tumi hwɛ.
Nsiesie patowsem nhyehyɛe
Kwan a wɔahwɛ mu fi ahunu besi asiesie a wɔayi adi.
Telemetry kwan
Runner na ɔkɔ so kwa egress a wɔahwɛ mu.
Adanse kwan
Ɛkwan a validation artifact betumi fi dwumadie ano.
Bɔ wo deployment nhyehyɛe ho plan ne Zof
Twa kwan fa architecture, adanse nhyehyɛe, ne pilot kwan a ɛyɛ den ho nsɛm ne yɛn deployment ahenkwa.
Kɔ so hwɛ
Architecture, industry solutions, bɔ, ne ahobammɔ nhwɛso nnwuma.
Secure Enclave
Signed capsules and customer-controlled runners for restricted networks
Banking Secure Enclave
Governed validation for core banking workflows
Enterprise Deployment Pricing
Private cloud, on-prem, enclave, and edge pricing
Security Review Checklist
Procurement-ready deployment review checklist
