Skip to main content
    FORGE · DEPLOYMENT TOPOLOGIES
    Available Now

    Four Topologies. One Governance Posture.

    Forge runs in SaaS, Dedicated Cloud, Customer Cloud, or Air-Gapped. The same audit-grade controls apply across every component (Governed Tooling Layer, Forge AI Substrate, FSAI), so your topology choice is determined by data sovereignty and auditor acceptance, not by feature trade-offs.

    Operating mission-critical regulated environments for enterprises across banking, capital markets, life sciences, semiconductor, and defense in North America and Europe.

    SaaS
    Native cloud tools
    Dedicated Cloud
    AWS and Azure hosted
    Customer Cloud
    Your AWS/Azure/GCP
    Air-Gapped
    Your data center

    Where your toolchain runs is a governance decision, not just an infrastructure one. Data residency, regulatory scope, and your security team's threat model all shape what "acceptable" looks like — and most platforms force a single answer.

    Forge meets your environment where it is. Run it in the cloud for elasticity and speed, on-premises where data residency or control requirements demand it, or fully air-gapped for the most sensitive workloads. The governance model, identity integration, and evidence collection stay consistent across all three, so moving from one to another does not mean rebuilding your controls or retraining your teams.

    For regulated enterprises, that consistency is the point: the same posture, the same audit trail, and the same operational model whether a workload sits in a public region or behind an air gap.

    HOW TOPOLOGY RELATES TO THE COMPONENTS

    Deployment topology is a cross-cutting concern at iTmethods.

    Whether you are buying the Governed Tooling Layer, the Forge AI Substrate, or FSAI, the four topologies are uniform and the governance posture is identical. SaaS for fast onboarding. Dedicated Cloud for single-tenant isolation under iTmethods operation. Customer Cloud for workloads that must remain inside your AWS, Azure, or GCP account. Air-Gapped for environments with no external network egress. The control plane, audit trail, and policy enforcement do not change. Only the boundary changes.

    THE FOUR OPTIONS

    Choose your deployment model.

    Each topology is fully supported with enterprise SLAs, security posture, and 24/7 Forge engineering.

    SaaS

    Fastest Path to Value

    Vendor-hosted cloud versions of your tools, configured and operated by iTmethods. The fastest path to value when there is no strict data residency. A common starting point for FSAI Assess engagements.

    Best for

    • Mid-market and growth-stage enterprises without strict data residency
    • Common starting point for FSAI Assess engagements
    • Rapid onboarding with minimal setup

    Key features

    Vendor-managed infrastructure
    Always latest features
    Native SSO and identity
    Vendor SLAs and compliance
    iTmethods configuration and support
    Seamless tool integrations

    Considerations

    • Vendor pricing applies
    • Less customization flexibility

    Dedicated Cloud

    Single-Tenant Forge Operated by iTmethods

    Single-tenant Forge inside an isolated account, operated by iTmethods on a governed AWS foundation. The default for regulated SaaS vendors, healthcare ISVs, and growth-stage fintechs.

    Best for

    • Regulated SaaS vendors
    • Healthcare ISVs
    • Growth-stage fintechs

    Key features

    Hosted on AWS and Azure
    Single-tenant isolation
    99.95% uptime SLA
    24/7 monitoring and support
    Built-in DR and backups
    SOC 2 and ISO 27001 aligned

    Considerations

    • Data hosted in iTmethods infrastructure
    • Network connectivity to iTmethods cloud

    Customer Cloud

    Forge Inside Your AWS, Azure, or GCP

    Forge deployed inside the customer's own AWS, Azure, or GCP account. Operated by iTmethods. The standard topology for Tier 1 banks, insurance carriers, and federal civilian agencies.

    Best for

    • Tier 1 banks
    • Insurance carriers
    • Federal civilian agencies

    Key features

    Deployed in your VPC or VNet
    Your cloud billing and contracts
    Data never leaves your account
    Custom networking and security
    Integration with existing services
    Managed by iTmethods engineers

    Considerations

    • Requires cloud account access
    • Cloud infrastructure costs separate

    Air-Gapped

    No External Network Egress

    Forge deployed inside environments with no external network egress. Defense, intelligence, sovereign-cloud regulators, and BioCompute customers operating Reign LS with intoDNA STRIDE under classified or export-controlled regimes.

    Best for

    • Defense and intelligence
    • Sovereign-cloud regulators
    • BioCompute customers operating Reign LS with intoDNA STRIDE under classified or export-controlled regimes

    Key features

    100% on your infrastructure
    Complete data sovereignty
    Custom security configurations
    Integration with internal systems
    No external dependencies
    Full audit trail access

    Considerations

    • Requires infrastructure team
    • Hardware and hosting responsibility
    COMPARE

    Side-by-side comparison.

    Feature
    SaaS
    Dedicated Cloud
    Customer Cloud
    Air-Gapped
    Setup TimeHoursDays1-2 Weeks2-4 Weeks
    Operational OverheadNoneNoneMinimalModerate
    Data LocationVendor CloudiTmethods CloudYour CloudYour Data Center
    UpdatesAutomaticAutomaticManagedCoordinated
    CustomizationLimitedStandardHighFull
    Security ControlVendorSharedSharedFull
    ComplianceVendor CertsSOC 2, ISO, HIPAASOC 2, ISO, HIPAAAll plus Custom
    Support ModelVendor + iTmethods24/7 Full24/7 Full24/7 plus On-site
    DECISION GUIDE

    Which is right for you?

    Choose SaaS if...

    • You want native vendor experience
    • Always-latest features matter
    • Minimal setup is priority
    • Vendor compliance is sufficient

    Choose Dedicated Cloud if...

    • You want zero operational burden
    • Speed to value is critical
    • Single-tenant isolation needed
    • You prefer predictable costs

    Choose Customer Cloud if...

    • You have cloud commitments
    • Data must stay in your account
    • You need custom networking
    • Integration with cloud services

    Choose Air-Gapped if...

    • Regulatory requirements demand it
    • You have data center capacity
    • Full infrastructure control needed
    • Custom security configurations
    Cloud Platforms · AWS

    Forge on AWS. Managed Runtime for the Enterprise.

    See how Forge runs on AWS across Enterprise DevOps, Enterprise SaaS, AI tooling, and agentic AI. Full AWS partner credentials and co-sell detail on the dedicated Forge on AWS page.

    Explore Forge on AWS

    Let's find your deployment.

    Forge engineering will assess your requirements and recommend the optimal topology for your data residency, audit posture, and operational profile.

    Or call us directly: 1-877-533-8876

    Frequently asked questions

    What deployment models does Forge support?
    Cloud, on-premises, and air-gapped — with the same governance and evidence model across all three.
    Can we start in the cloud and move on-prem later?
    Yes. Because the control and identity model is consistent, changing deployment posture does not require rebuilding your governance.
    Is air-gapped genuinely isolated?
    Yes — air-gapped deployments run without external network dependencies for the most sensitive environments.
    How does deployment choice affect compliance evidence?
    It does not change what you can prove. Evidence is collected the same way regardless of where the workload runs.