On-prem

Full no-cloud governance.

RelayOne's most distinctive posture. The integrity story lives in the application and database layer. No CloudTrail dependency. No KMS dependency. No S3 dependency. One binary plus a Postgres database, inside your walls.

Why the application layer carries the integrity

Most AI governance tools lean on cloud-provider audit services as the foundation of their integrity story. If you run inside AWS, CloudTrail is the backstop. That is a fine shape for customers who trust AWS with the evidence, but it rules out air-gapped environments, sovereign jurisdictions where no US cloud is acceptable, and customers who need integrity guarantees that do not rest on a third party.

RelayOne moves the integrity into the application. Every receipt is Ed25519-signed at the node that produced it. The database stores receipts in an append-only table with DB-layer integrity extensions. Verification is offline, against public keys pinned in the evidence bundle. The cloud is not in the threat model.

Hardware requirements

  • CPU: 8 vCPU minimum for the control plane; 16 vCPU recommended for production
  • RAM: 16 GB minimum; 32 GB recommended
  • Disk: 200 GB for the control plane and operational data; evidence retention scales with traffic (plan 1 GB per million requests as a rough shape)
  • Database: Postgres 15 or later; integrity extensions listed below
  • Network: outbound only required at install time for signed update bundles (optional in air-gapped mode)
  • OS: Linux (Debian 12, Ubuntu 22.04, RHEL 9, Rocky 9 supported)

Air-gapped installation

  1. Obtain the signed install bundle (tar.gz) from your RelayOne account manager.
  2. Verify the bundle signature against the RelayOne release key pinned in your procurement contract.
  3. Drop the binary on the control-plane host; run the schema migration against your Postgres cluster.
  4. Seed the operator identity: one Ed25519 keypair per operator, stored in the HSM or KMS of your choice.
  5. Import your default policy set. CEL-compatible rules are plain text; review before importing.
  6. Start the control plane. Point RelayGate (or your middleware) at the control-plane endpoint.

No outbound network call is required at install time. Software updates arrive as signed delta bundles; verify and apply on the same air-gapped schedule.

Database options

  • Postgres 15+ (default). Integrity via append-only table design, row-level checksums, and the pgcrypto extension. Recommended for all new deployments.
  • Postgres with pg_tde or equivalent TDE extension. For customers who require transparent data encryption at rest; RelayOne's integrity model layers on top.
  • BYO storage backend. For customers with a specialized tamper-evident store (for example, an append-only ledger appliance). Integration requires an adapter; available under professional services.

RelayOne does not require an object store. Evidence bundles are produced directly from the database; you can archive them to any destination after the fact, including tape.

Backup, recovery, and upgrade

  • backup: standard Postgres point-in-time recovery; evidence retention is governed by your Postgres retention
  • recovery: restored receipts remain verifiable because signatures do not depend on DB state
  • upgrade: signed delta bundles; schema migrations are idempotent; rollback is supported for one release window
  • signing-key rotation: rotate the Ed25519 keys on a schedule; rotation emits a chain-of-custody event recorded in evidence

Procurement

On-prem licenses are annual, with optional premium support. The pricing page covers the commercial shape. Procurement paperwork includes: BAA where applicable, DPA, SOC 2 Type II report under NDA, custom MSA.