Deployment Profiles
Profile your NOXA deployment before committing architecture choices.
These profiles align with runtime, exploitation, and trust-chain documentation. They are deployment planning profiles, not fixed benchmark promises.
Profile Catalog
Demo, single-server, on-prem, hardened, air-gapped, AI-enabled
Demo / Lab
ImplementedUsage
Fast validation, demos, and feature walkthroughs.
Network Exposure
Limited internal access, not intended for production exposure.
DNS / TLS
Local HTTPS and test certificates are supported.
System Profile
Minimum baseline profile.
Use Cases
POC, training, workflow validation.
Supportability
Support for production incidents is out of scope for demo-only setups.
Observability
Basic health, logs, and metrics recommended.
Single Server
ImplementedUsage
Production start for one dedicated host.
Network Exposure
Internal network with controlled inbound access.
DNS / TLS
Client FQDN and TLS certs configured by integrator.
System Profile
Recommended baseline without cluster overhead.
Use Cases
SMB or single-site production.
Supportability
Eligible when official signed artifacts and strict controls are respected.
Observability
Metrics and JSON logs are available out of the box.
Standard On-Prem
ImplementedUsage
Internal infrastructure with Kubernetes or Helm.
Network Exposure
Ingress plus internal service segmentation.
DNS / TLS
Ingress hostnames and TLS secrets managed by platform operations.
System Profile
Recommended or optimal profile depending on load.
Use Cases
Multi-team production with internal platform governance.
Supportability
Strong supportability with documented runbooks and signed artifacts.
Observability
Prometheus scrape and SIEM log ingestion are expected.
Hardened On-Prem
ImplementedUsage
Security-sensitive production requiring additional controls and hardening evidence.
Network Exposure
Strict segmentation and minimized exposed services.
DNS / TLS
Internal CA, certificate rotation policy, and strict HTTPS enforcement.
System Profile
Recommended to optimal with security overhead.
Use Cases
Regulated and high-compliance environments.
Supportability
Handled through strict production guard checks and integrator validation dossier.
Observability
Enhanced alerts and compliance-friendly log retention usually required.
Air-Gapped
ImplementedUsage
Disconnected runtime with offline artifact transfer.
Network Exposure
No internet dependency for runtime license verification.
DNS / TLS
Internal DNS and CA practices are mandatory and client-specific.
System Profile
Recommended or optimal profile, depending on update cadence.
Use Cases
Restricted infrastructure and disconnected operations.
Supportability
Support requires strict artifact conformity and validated transfer procedures.
Observability
Local metrics/log pipelines only; no external SaaS dependency assumed.
AI-Enabled
ImplementedUsage
Same deployment profiles with local Ollama/Open WebUI services enabled.
Network Exposure
Internal TLS between runtime and local AI endpoints.
DNS / TLS
TLS enforced for backend to Ollama and optional AI UI access paths.
System Profile
Requires larger CPU/RAM footprint; GPU optional based on model size.
Use Cases
Teams using local drafting/triage assistance workflows.
Supportability
Support scope remains tied to official signed NOXA artifacts.
Observability
Track worker and API metrics plus AI endpoint health in operations dashboards.
Delivery Status
Implemented, partially in place, and planned profile enablement
Deployment profile model
ImplementedImplemented: Profile taxonomy and validation rules are implemented in packager and aligned with runtime deployment docs.
Partially in place: Auto-generated reverse-proxy/TLS install templates are not fully materialized from profile inputs.
Planned: Full profile-driven Compose/Helm preset generation.
Source: ../Noxa-Packager/docs/DELIVERY_STATUS.md
Deployment context artifact
ImplementedImplemented: install/deployment-context.json is generated and verify-time coherence checks are enforced.
Partially in place: Operational policy packs per profile are still lightweight and integrator-led.
Planned: Richer profile policy packs and stronger install template coupling.
Source: ../Noxa-Packager/docs/DEPLOYMENT_PROFILES.md