Skip to main content

Air-Gapped Deployment

Objective

Deploy and operate Cyprob EE in restricted networks without direct internet connectivity while preserving security and operational reliability.

Deployment Principles

  • No runtime dependency on public cloud endpoints.
  • Controlled artifact transfer from connected zone to restricted zone.
  • Repeatable install, update, and rollback workflow.
  • Verifiable integrity at every handoff.

Scope

This guide covers:

  • Offline artifact preparation
  • Secure transfer into restricted network
  • Installation and first validation
  • Offline update cycle
  • Rollback checkpoints

Required Artifacts (Prepared in Connected Zone)

  • Cyprob EE container images (or deployment package, depending on model)
  • Docker Compose manifests and environment templates
  • Database migration bundle (if shipped separately)
  • License file and required secrets bootstrap inputs
  • Checksums/signatures for integrity validation

1. Prepare Release Bundle (Connected Zone)

  • Pull required images from approved registry.
  • Save images to tar archives.
  • Export deployment manifests and config templates.
  • Generate integrity manifest (hash list).

2. Transfer to Restricted Zone

  • Use approved secure media/process.
  • Record transfer event and operator identity.
  • Validate hashes before import.

3. Import and Install

  • Load images into local registry/engine.
  • Apply environment config for restricted mode.
  • Start platform services.
  • Run health checks and baseline smoke validation.

4. First-Run Validation

Minimum validation after installation:

  • Health endpoint returns healthy (/health or deployment-specific /healthz).
  • Login works and org context is available.
  • One scan can be started and completed.
  • Findings are retrievable.
  • One report can be generated/downloaded.

5. Offline Update Cycle

For each update window:

  • Build new offline release bundle in connected zone.
  • Transfer + integrity verify.
  • Apply staged rollout (control plane, then workers).
  • Re-run smoke tests.
  • Keep previous known-good image set for rollback.

Operational Controls for Air-Gapped Environments

  • Change window required for updates.
  • Operator dual control for release import in regulated environments.
  • Immutable audit logging enabled for deployment and admin actions.
  • Periodic backup export of database and critical runtime configuration.

Limitations and Clarifications

  • “Air-gapped ready” does not mean “no maintenance”: vulnerability/feed refresh still requires periodic controlled import.
  • Time synchronization and internal PKI/cert handling must be provided by customer environment.
  • Integration endpoints (SIEM/ITSM) must be reachable within the restricted network boundary.

Evidence Checklist

  • Artifact hash verification records retained.
  • Install/update execution logs retained.
  • Health + first-scan validation evidence retained.
  • Rollback procedure tested at least once in non-production.

Next Action

Continue with Security Model to define trust boundaries and control expectations in restricted deployments.