Skip to content

Deployment postures

Fabric deploys in three postures. Deployment posture is configuration, not a code fork — set once per organization. The identical governed control plane (scope, policy, approval, audit) runs in all three, so governance never weakens when Fabric moves inside your perimeter.

Dimension Cloud (managed) Private cloud / on-premises Air-gapped
Hosting Wexa-hosted, SOC 2 region Inside your VPC / cluster Fully isolated cluster, no internet
Models Managed gateway + routing Your gateway or local models Local models only (e.g. vLLM / Ollama)
Secrets Wexa-managed key vault Your KMS / Vault In-cluster Vault / KMS
External egress Allowed Customer-controlled None
Assets CDN-served CDN or in-cluster Fully bundled, no CDN

Sovereignty — bring your own cloud, model, and secrets

Section titled “Sovereignty — bring your own cloud, model, and secrets”
  • Bring your own cloud — the entire stack deploys into your private cloud or cluster via the same charts, with no mandatory Wexa-managed dependency on-prem or air-gapped.
  • Bring your own secrets — credentials live in your own key-management system (Azure Key Vault, AWS Secrets Manager, Google Secret Manager, or HashiCorp Vault) and never appear in code.
  • Bring your own model — no hard-coded provider; the registry routes across cloud and local models by data class, cost, and sovereignty.
  • Data residency — cloud installs are pinned to a SOC 2 region; private-cloud and air-gapped keep all data (graph, documents, embeddings, audit) inside your boundary.

This documentation site builds to a fully static, self-contained bundle (offline search included, no external CDN), so it can be hosted at a docs.wexa.ai-style address and shipped inside the air-gapped install bundle and served from within your cluster. See the project README.md for build and bundling instructions.