Four Topologies. One Governance Posture.
Forge runs in SaaS, Dedicated Cloud, Customer Cloud, or Air-Gapped. The same audit-grade controls apply across every component (Governed Tooling Layer, Forge AI Substrate, FSAI), so your topology choice is determined by data sovereignty and auditor acceptance, not by feature trade-offs.
Operating mission-critical regulated environments for enterprises across banking, capital markets, life sciences, semiconductor, and defense in North America and Europe.
Where your toolchain runs is a governance decision, not just an infrastructure one. Data residency, regulatory scope, and your security team's threat model all shape what "acceptable" looks like — and most platforms force a single answer.
Forge meets your environment where it is. Run it in the cloud for elasticity and speed, on-premises where data residency or control requirements demand it, or fully air-gapped for the most sensitive workloads. The governance model, identity integration, and evidence collection stay consistent across all three, so moving from one to another does not mean rebuilding your controls or retraining your teams.
For regulated enterprises, that consistency is the point: the same posture, the same audit trail, and the same operational model whether a workload sits in a public region or behind an air gap.
Deployment topology is a cross-cutting concern at iTmethods.
Whether you are buying the Governed Tooling Layer, the Forge AI Substrate, or FSAI, the four topologies are uniform and the governance posture is identical. SaaS for fast onboarding. Dedicated Cloud for single-tenant isolation under iTmethods operation. Customer Cloud for workloads that must remain inside your AWS, Azure, or GCP account. Air-Gapped for environments with no external network egress. The control plane, audit trail, and policy enforcement do not change. Only the boundary changes.
Choose your deployment model.
Each topology is fully supported with enterprise SLAs, security posture, and 24/7 Forge engineering.
SaaS
Fastest Path to Value
Vendor-hosted cloud versions of your tools, configured and operated by iTmethods. The fastest path to value when there is no strict data residency. A common starting point for FSAI Assess engagements.
Best for
- Mid-market and growth-stage enterprises without strict data residency
- Common starting point for FSAI Assess engagements
- Rapid onboarding with minimal setup
Key features
Considerations
- Vendor pricing applies
- Less customization flexibility
Dedicated Cloud
Single-Tenant Forge Operated by iTmethods
Single-tenant Forge inside an isolated account, operated by iTmethods on a governed AWS foundation. The default for regulated SaaS vendors, healthcare ISVs, and growth-stage fintechs.
Best for
- Regulated SaaS vendors
- Healthcare ISVs
- Growth-stage fintechs
Key features
Considerations
- Data hosted in iTmethods infrastructure
- Network connectivity to iTmethods cloud
Customer Cloud
Forge Inside Your AWS, Azure, or GCP
Forge deployed inside the customer's own AWS, Azure, or GCP account. Operated by iTmethods. The standard topology for Tier 1 banks, insurance carriers, and federal civilian agencies.
Best for
- Tier 1 banks
- Insurance carriers
- Federal civilian agencies
Key features
Considerations
- Requires cloud account access
- Cloud infrastructure costs separate
Air-Gapped
No External Network Egress
Forge deployed inside environments with no external network egress. Defense, intelligence, sovereign-cloud regulators, and BioCompute customers operating Reign LS with intoDNA STRIDE under classified or export-controlled regimes.
Best for
- Defense and intelligence
- Sovereign-cloud regulators
- BioCompute customers operating Reign LS with intoDNA STRIDE under classified or export-controlled regimes
Key features
Considerations
- Requires infrastructure team
- Hardware and hosting responsibility
Side-by-side comparison.
| Feature | SaaS | Dedicated Cloud | Customer Cloud | Air-Gapped |
|---|---|---|---|---|
| Setup Time | Hours | Days | 1-2 Weeks | 2-4 Weeks |
| Operational Overhead | None | None | Minimal | Moderate |
| Data Location | Vendor Cloud | iTmethods Cloud | Your Cloud | Your Data Center |
| Updates | Automatic | Automatic | Managed | Coordinated |
| Customization | Limited | Standard | High | Full |
| Security Control | Vendor | Shared | Shared | Full |
| Compliance | Vendor Certs | SOC 2, ISO, HIPAA | SOC 2, ISO, HIPAA | All plus Custom |
| Support Model | Vendor + iTmethods | 24/7 Full | 24/7 Full | 24/7 plus On-site |
Which is right for you?
Choose SaaS if...
- You want native vendor experience
- Always-latest features matter
- Minimal setup is priority
- Vendor compliance is sufficient
Choose Dedicated Cloud if...
- You want zero operational burden
- Speed to value is critical
- Single-tenant isolation needed
- You prefer predictable costs
Choose Customer Cloud if...
- You have cloud commitments
- Data must stay in your account
- You need custom networking
- Integration with cloud services
Choose Air-Gapped if...
- Regulatory requirements demand it
- You have data center capacity
- Full infrastructure control needed
- Custom security configurations
Frequently asked questions
- What deployment models does Forge support?
- Cloud, on-premises, and air-gapped — with the same governance and evidence model across all three.
- Can we start in the cloud and move on-prem later?
- Yes. Because the control and identity model is consistent, changing deployment posture does not require rebuilding your governance.
- Is air-gapped genuinely isolated?
- Yes — air-gapped deployments run without external network dependencies for the most sensitive environments.
- How does deployment choice affect compliance evidence?
- It does not change what you can prove. Evidence is collected the same way regardless of where the workload runs.