Product / Enterprise

EP Enterprise

Hardened deployment for regulated environments that require private infrastructure, data residency, and compliance-grade evidence.

Request Enterprise Pilot

Enterprise capabilities

EP Enterprise provides the full trust-control plane deployed within your infrastructure. Every feature available in EP Cloud, plus the controls required by regulated environments.

VPC / private deployment

EP runs entirely within your infrastructure boundary. No trust data, policy configurations, or signoff records leave your network. Reference AWS CloudFormation template ships in infrastructure/aws/.

Data residency

All trust data, event records, and policy configurations reside in your chosen jurisdiction. Meet data sovereignty requirements without architectural compromise.

Evidence retention & legal hold

Configurable retention policies for all trust events. Legal hold capability preserves evidence across retention boundaries for litigation, investigation, or regulatory response.

Regulator artifact exports

Generate structured evidence packages for regulatory examination, mapped to control families used in SOX and sector-specific frameworks (full FISMA / PCI-DSS mapping is roadmap).

Investigation tooling

Query and reconstruct action sequences across time, principals, and trust surfaces. Investigation mode provides forensic-grade evidence chains for incident response and internal audit.

Delegated administration

Hierarchical administration with scoped permissions. Delegate policy management, signoff configuration, and evidence access to business units without granting global control.

Roadmap (pilot-track)

Asked-for, not yet shipped.

Items below come up in nearly every enterprise pilot conversation. They are scoped per engagement rather than shipped off-the-shelf.

SSO / SCIM (SAML 2.0, OIDC, automated provisioning)

Pilot-track work. EP currently authenticates via API keys + EP-IX identity bindings. SAML / OIDC / SCIM integration is scoped per pilot when an enterprise IdP is in play.

On-prem Kubernetes / VMware / OpenShift packaging

Container images and AWS CFN templates ship today. Helm charts, OpenShift operators, and VMware OVF templates are roadmap — pilots needing them get them as part of the engagement.

Air-gap installer

Air-gapped deployment is a pilot-track engagement, not a downloadable installer. The runtime supports offline operation; the packaging is bespoke for now.

Deployment models

EP Enterprise supports multiple deployment topologies based on your security requirements and infrastructure constraints.

Customer VPC (AWS today)

EP control plane deployed in your cloud account. You control the network boundary, encryption keys, and data lifecycle. We provide the container images, the AWS CloudFormation template (infrastructure/aws/template.yaml), configuration, and operational runbooks.

Private cloud / on-prem (pilot-track)

On-premises deployment for environments that require physical infrastructure control. Container images run anywhere Linux runs; Helm charts, OpenShift operators, and VMware OVF templates are scoped per pilot rather than shipped as off-the-shelf artifacts.

Hybrid

Policy management and event explorer in EP Cloud. Signoff orchestration and evidence storage in your infrastructure. Minimizes operational burden while maintaining data residency for sensitive records.

Request Enterprise Pilot

Name

Organization

Title

Trust surface of interest

Problem description

Notes