Skip to main content

On-Prem Deployment

Every component on your infrastructure. No external dependencies at runtime.

Complete Control

For organizations where no data or traffic can leave the corporate network, Webrix On-Prem deploys the entire platform inside your own Kubernetes cluster. The runtime, admin console, authentication layer, database, and all supporting services run on your infrastructure — fully isolated from Webrix SaaS.

There is no call-home requirement. Once deployed, Webrix On-Prem operates entirely within your network boundary.

How It Works

All Webrix microservices are deployed into your Kubernetes cluster:

  • Runtime — executes MCP protocol and tool calls inside your network
  • Admin app — the management console, served from your cluster
  • db-service — the backing database layer, running on your infrastructure
  • Connect — handles OAuth flows and external tool authentication, proxied through your network
  • User management and permissions — all identity and access data stored locally

Your users connect their AI assistants (Claude, Cursor, or any MCP-compatible client) to the on-prem runtime endpoint. Authentication is handled by the on-prem identity layer, which integrates with your existing SSO provider. No traffic is routed through Webrix infrastructure.

Why On-Prem?

Complete Data Isolation

Tool execution, authentication, audit logs, and configuration all remain within your network. No data transits a third-party cloud at any point — not during setup, not during operation. This satisfies the strictest data residency and sovereignty requirements.

No External Dependencies at Runtime

Once deployed, Webrix On-Prem does not require outbound internet access to function. AI assistants, tool calls, and admin operations all resolve entirely within your infrastructure. This makes it suitable for air-gapped environments and networks with strict egress controls.

Compliance and Regulated Industries

On-Prem is designed for industries where regulatory frameworks — HIPAA, FedRAMP, financial services regulations, or internal security policy — require that all processing and data storage occur on company-controlled infrastructure. You retain full ownership of the deployment, the data, and the audit trail.

Full Administrative Control

You manage the deployment lifecycle: upgrades, scaling, backups, and configuration are all under your control. Webrix provides Helm charts, upgrade guides, and support — but nothing changes in your environment without your approval.

Architecture Overview

┌──────────────────────────────────────────────────────────┐
│                   Your Infrastructure                    │
│                                                          │
│  Admin App ─── db-service ─── Runtime                   │
│  SSO ──────── Connect ──────── Audit Logs               │
│               Permissions ──── User Management          │
│                                                          │
│  Claude ──▶ Runtime                                      │
│  Cursor ──▶ Runtime                                      │
└──────────────────────────────────────────────────────────┘
                 Managed entirely by you

Requirements

  • A Kubernetes cluster (EKS, GKE, AKS, OpenShift, or any conformant distribution)

Get Started

On-Prem deployment is available on Webrix Enterprise plans. Contact your account team or reach out to us to receive the Helm charts, deployment guide, and onboarding support.