Run Zof inside your environment.
Deploy Zof’s control plane, orchestration, and execution runners in customer-managed infrastructure for strict security, residency, and governance requirements.
Customer-managed control plane
Designed for limited or no internet connectivity
Signed capsules and local execution
Enterprise implementation and support
Who needs on-prem deployment
Organizations where cloud connectivity, data residency, or internal governance rules require Zof to run entirely inside customer infrastructure.
- -Air-gapped or highly restricted networks
- -Strict data residency and sovereignty requirements
- -Internal model governance and approved runtime policies
- -Defense-adjacent and public-sector environments
On-prem architecture
Intelligence and control planes run in your data center; execution stays on customer-managed runners behind your network boundaries.
Private Kubernetes execution
Execution-compatible agents in customer-managed clusters—not a full platform install.
- -Optional connectivity for updates, policy-controlled
- -Same signed capsule model as cloud and enclave
- -Local evidence store by default
- -No inbound access to protected segments
Infrastructure requirements
Sized during architecture review based on applications, execution volume, and high-availability expectations.
- -Kubernetes or customer-approved orchestration
- -Hardware and storage sized to your retention policy
- -Integration with corporate identity (SSO/SAML/OIDC)
- -Network policies aligned to your segmentation model
Model and runtime options
Planning and generation run where your policy permits, using approved models and runtimes in your environment.
- -Customer-approved model endpoints where required
- -No external model calls from protected execution segments
- -Governed remediation with human approval
- -Audit-ready configuration and change records
Runner deployment options
Distribute edge runners across data centers, campuses, or segments as needed for local validation.
- -Signed runner binaries and allowlists
- -Per-segment gateway and runner placement
- -Desktop, browser, and API validation
- -Local-only reporting modes
Update and support model
Enterprise-only engagement with defined update channels and dedicated support options.
- -Controlled release and update windows
- -Dedicated support tiers and SLAs available
- -Implementation services for initial rollout
- -Architecture review included in enterprise deployment
Pricing model
On-prem is enterprise-only, priced separately from standard cloud tiers, and scoped after architecture review.
- -Custom pricing, contact sales
- -Factors: footprint, runners, retention, compliance scope
- -Implementation and dedicated support optional
- -Conservative pilot path available before full rollout
Implementation timeline
Typical enterprise rollouts follow architecture review, security validation, pilot, and phased production expansion.
- -Architecture and security review (weeks 1-2)
- -Pilot with signed capsules and local runners
- -Production hardening and governance sign-off
- -Phased expansion across applications and environments
On-prem deployment questions
Common questions from infrastructure and security teams.
Discuss secure deployment with Zof
Review segmentation, capsule governance, and runner placement with teams who support regulated enterprises.
