Safeguard.sh Documentation Center

Air-Gapped Deployment

Run Safeguard end-to-end inside isolated, classified, or regulated environments with no internet egress required.

Air-Gapped Deployment

Classified environments, regulated industries, and critical-infrastructure operators often require no outbound internet from production. Safeguard ships a complete air-gapped deployment that runs every capability — scanning, reachability, Griffin, Eagle, Lino, Gold, self-healing — inside your perimeter.

What Runs Air-Gapped

Every product and platform capability has an air-gapped equivalent:

  • ESSCM, Portal, TPRM, OSM — the full web app.
  • Griffin / Eagle / Lino — quantized builds that run on customer GPUs.
  • Gold Registry — synced from upstream Gold via signed snapshots.
  • Continuous scanning — driven by delta-shipped vulnerability feeds.
  • MCP Server, API, CLI, Desktop App, Runner — all available.
  • Kubernetes admission controller — admits images without needing cloud connectivity.
  • Self-healing containers — rebuilds inside your environment using your mirrored registries.

Reference Architecture

    Upstream snapshot bundle         Your air-gapped perimeter
    ─────────────────────────         ─────────────────────────
    Safeguard Cloud ──(signed)──►  Receiver ──► Safeguard Control Plane
                                   (daily /        │
                                   hourly)         ├── Web App
                                                   ├── API + MCP
                                                   ├── Inference (Griffin/Eagle/Lino)
                                                   ├── Scanner
                                                   ├── Gold Mirror
                                                   └── Storage (Postgres, S3-compat, Vault)
  • A snapshot bundle ships from Safeguard on your chosen cadence.
  • The Receiver is a DMZ-positioned service that verifies signatures and pushes deltas to the Control Plane.
  • The Control Plane runs every Safeguard component.
  • No component inside the perimeter ever calls outbound.

Snapshot Contents

Each signed bundle contains:

  • Vulnerability feed deltas (NVD, GitHub Advisory, OSV, Safeguard Research, CISA KEV, EPSS daily).
  • Gold artifact deltas (tarballs and OCI layers).
  • Eagle classification model deltas (behavioral signatures).
  • Policy template updates.
  • Platform binaries when releases ship.

Every bundle is signed with Safeguard's air-gap signing key and independently verifiable against a public transparency log (or a private transparency log for classified tenancies).

Delivery Options

ChannelTypical use
One-way diodeClassified / IL7 / NERC CIP environments
Manual mediaSigned USB / removable media, human courier
Scheduled sync (DMZ)Short outbound window (daily or hourly) on a separate DMZ
Pull replicaA replica site pulls and mirrors to one or more air-gapped sites

Cadence configurable from hourly down to quarterly.

Install Footprint

Minimum for a production air-gapped deployment:

  • Kubernetes cluster (OpenShift / EKS-Anywhere / Rancher / vanilla k8s) — 3 control-plane, 6 worker nodes.
  • Postgres 15+.
  • S3-compatible object storage (MinIO, CephRGW, AWS on GovCloud).
  • Optional GPU pool for Griffin/Eagle/Lino inference (A10 / L4 / H100 depending on scale).

Scaled down, a single-node POC works for evaluations; we ship a 1-VM appliance image for that case.

Inference at the Edge

For scenarios where even the air-gapped site can't afford GPU time:

  • CPU-only quantized builds of Griffin, Eagle, Lino — usable for triage and summarization, slower than GPU.
  • Batch inference mode — queue analysis jobs and process nightly.
  • Retrieval-only mode — static answers from the shipped knowledge base without live inference.

Compliance

Air-gapped Safeguard is the default deployment for:

  • DoD IL4 / IL5 / IL7.
  • FedRAMP HIGH (with authorized boundary configuration).
  • NERC CIP (critical electric infrastructure).
  • CMMC Level 3.
  • ITAR / EAR-controlled environments.
  • China MLPS 2.0 Level 3 — with separate tenancy in country.

See Compliance for the full framework matrix.

Operational Runbook

Install

The install runbook is provided as a private repository to authorized tenants. It covers:

  • Pre-deployment hardening baselines.
  • Helm values with safe defaults.
  • Day-0 signing key ceremony.
  • Disaster recovery and restore.

Upgrade

  • Validate the new snapshot bundle signatures.
  • Blue/green Helm install in a new namespace.
  • Cutover through your ingress.
  • Keep the prior namespace for one release cycle as rollback.

Key Rotation

  • Signing keys rotate on a configurable cadence (default: annually).
  • Rotation is a two-person, signed, logged operation.
  • Both old and new keys are trusted for a grace period during rotation.

Access

Because the control plane is air-gapped, access uses:

  • Your existing SSO (SAML / OIDC) against your directory.
  • Bastion hosts or PAM-gated access for operators.
  • SCIM sync inside the perimeter.

Support

Air-gapped tenants get:

  • A named customer engineer.
  • A secure one-way channel for snapshot delivery issues.
  • Hot-patch bundles for critical zero-days with accelerated signing.
  • Quarterly on-site architecture reviews (Enterprise).

RBAC, Teams & Organizations

Organizations, teams, roles, SSO, API keys, and audit logging — how Safeguard handles identity and access.

Web Application

The Safeguard web application — the primary interface for ESSCM, Portal, TPRM, and OSM in any modern browser.

On this page

Air-Gapped DeploymentWhat Runs Air-GappedReference ArchitectureSnapshot ContentsDelivery OptionsInstall FootprintInference at the EdgeComplianceOperational RunbookInstallUpgradeKey RotationAccessSupportRelated