Platform Engineer DevOps Engineer CISO CTO
Customer Cloud / On-Prem

Run the platform
on your infrastructure.

Whether you're operating Kubernetes in your customer's data centre, running a sovereign private cloud, or managing an air-gapped environment — mogenius deploys in-cluster, requires no data egress, and gives you governed AI operations on infrastructure that never leaves your control.

Talk to Us See Deployment Scenarios →
The Challenge

Enterprise K8s doesn't
live in one cloud.

Regulated industries, ISVs delivering into customer environments, and sovereign cloud operators face a constraint most K8s tools ignore: the platform must run where the data lives — not where it's convenient for the vendor.

🏦

Regulated industries

Banks, insurers, and healthcare organisations operating under DSGVO, BSI IT-Grundschutz, or BaFin requirements cannot route operational data through external SaaS platforms. Governance must be local.

DSGVO · BSI · BaFin
🏢

ISVs & managed service providers

Software vendors and MSPs deploying Kubernetes into customer environments need a platform that runs inside the customer's perimeter — not phoning home to a vendor-controlled control plane.

Customer-cloud delivery
🔒

Air-gapped & sovereign cloud

Defence, critical infrastructure, and public sector organisations running K8s in fully isolated networks need AI governance that functions without any external network dependency — including the LLM endpoint.

Air-gapped · sovereign
Deployment Scenarios

Any infrastructure.
Full governance.

01
Supported

On-Premises Deployment

The mogenius operator deploys directly to your on-prem Kubernetes cluster — bare metal, VMware, OpenShift, or any CNCF-conformant distribution. All platform state is stored as CRDs in your cluster. No control-plane traffic leaves your network boundary.

  • Full platform feature parity with cloud deployments
  • Control plane runs in-cluster — no external dependency for enforcement
  • Audit log stored locally in open JSON format
  • Compatible with internal PKI, LDAP/AD identity providers
  • LLM endpoint configurable — use your own self-hosted model
On-Prem Deployment · Data Flow
mogenius operatorin-cluster ✓
Policy enginein-cluster ✓
Audit loglocal storage ✓
LLM endpointself-hosted ✓
External egressnone required ✓
Network boundary100% your perimeter
Air-Gapped · Component Status
Operator image registryprivate registry ✓
Helm chart deliveryair-gap bundle ✓
LLM inferenceOllama / local model ✓
Upgrade mechanismOLM offline ✓
Compliance exportlocal file / internal SIEM
Internet dependencyzero ✓
02
Supported

Air-Gapped Environments

For environments with no internet connectivity — defence, critical infrastructure, classified networks — mogenius ships as a fully self-contained air-gap bundle. Container images via private registry, LLM inference via Ollama or your own model, upgrades via OLM offline delivery.

  • Air-gap installation bundle with all container images
  • Private image registry support (Harbor, JFrog, Nexus)
  • Ollama integration for fully local LLM inference
  • Offline OLM-based operator upgrades
  • Compliance export to local file or internal SIEM — no external SaaS required
03
Supported

Customer Cloud Delivery

ISVs and MSPs use mogenius as the governance and operations layer they deploy into customer environments. Each customer gets their own operator instance running in their cluster — fully isolated, independently managed, no cross-customer data flow.

  • Per-customer operator instance — full isolation by design
  • Configurable branding and white-label packaging
  • Multi-tenant control plane optional for MSPs managing fleets
  • Compliance evidence exportable to customer's own ISMS platform
  • Works inside customer VPCs, private clouds, and on-prem DCs
ISV / MSP Delivery Model
Customer A · their cluster
mogenius operatorisolated instance
Audit logcustomer storage
Customer B · their cluster
mogenius operatorisolated instance
Audit logcustomer storage
Cross-customer data flownone ✓
Data Sovereignty

DACH-ready.
Compliance-first.

mogenius is built and operated in Germany. For enterprises operating under BSI IT-Grundschutz, DSGVO, or sector-specific regulatory requirements, the data sovereignty model is explicit and auditable.

📍

Data stays where you define it

Operational data — action logs, audit trails, cluster state — never leaves your infrastructure boundary unless you explicitly configure export targets. The operator enforces this at the network policy level, not just by configuration.

  • No required egress of operational or workload data
  • LLM API calls routable to in-cluster or private endpoint
  • Compliance export targets fully configurable (internal SIEM, S3-compatible, or none)
📋

Regulatory alignment

For enterprises undergoing ISO 27001 certification or BSI IT-Grundschutz assessment, the mogenius on-prem deployment model maps directly to control requirements around cloud service governance, data residency, and third-party access.

  • ISO 27001 A.5.23 — Cloud services governance control mappable to on-prem config
  • BSI IT-Grundschutz OPS.1.1 — infrastructure operations evidence generated continuously
  • DSGVO Art. 28 — processor agreement scoped to what mogenius actually receives
No lock-in

Enforcement runs
without us.

The mogenius operator is open-source under Apache 2.0. Policies are stored as CRDs in your cluster. If mogenius ceases to exist tomorrow, enforcement continues — because governance cannot have a single point of vendor failure.

Apache
2.0 open-source operator — fork it, own it, run it
CRD
Policies stored in your cluster, not in a vendor SaaS
Open
JSON audit log — import to any log pipeline or SIEM
Zero
Required egress — enforcement works fully disconnected
Get Started

Your infrastructure.
Full governance.

Tell us about your environment — on-prem, air-gapped, customer cloud, or sovereign. We'll show you exactly what deployment looks like.

Book a Meeting See Full Platform