Secure Your Enterprise with Architecture That Fits Your Environment
IT leaders manage unique landscapes. You balance innovation with security. You balance speed with data sovereignty. Krista respects this reality. We designed our platform architecture to adapt to your infrastructure requirements.
You choose the topology. Krista provides the automation.
Core Platform Components
Understanding the platform requires defining its four primary components.
The Instance
services to host multiple workspaces and orchestrates interactions with appropriate data appliances and access points. Krista DevSecOps automates and manages all deployments, updates, and migrations. We deploy the Instance into a Kubernetes-based Infrastructure.
The Workspace
This is your secure tenant. It is a single logically segregated tenant within a Krista Instance. It is typically dedicated to a specific customer and delivers the Krista Studio and Krista Client. Workspaces are isolated by separate databases within the same engine, isolated file systems, authentication of every API call into and within Krista, and many other means.
The Data Appliance
This component secures your information. It stores all data for the connected workspace(s). Data is not stored outside the data services at any time except for transient caching of latency-sensitive use. We deliver this as a set of Kubernetes Services that can be hosted in a variety of ways. This approach is considered the most challenging to operationalize, but it offers significant control.
The Access Point
This acts as the secure bridge. It is a component in Krista that is responsible for hosting extensions, enabling Krista connectivity to customer applications and data. We deliver this as Kubernetes or Docker components that can be hosted in a variety of ways. Many Access Points may be used in a single deployment. Every Krista Instance has at least one Access Point deployed.
The SaaS Advantage
Krista operates as SaaS in every model. This ensures reliability and continuous security updates regardless of where the infrastructure lives.
Security and Access
We partner with you to secure the platform. Our obligation to monitor, maintain, and secure your data and our IP remains constant. Zero-day patching is non-negotiable for us. Krista DevSecOps maintains continuous connectivity to monitor and patch the environment. This keeps your deployment secure against emerging threats.
LLM Flexibility
You retain control over your AI models. You have flexibility with Krista regarding which LLMs you use and when. You can connect to the Krista Cloud from your Instance or use third-party providers. You can also deploy GPU-based servers to run Krista LLMs locally. Most customers access both Krista LLMs and third-party models to optimize performance and cost.
Three Deployment Models
We support three topologies to match your specific compliance and operational goals.
Krista SaaS Deployment (Public Cloud)
This model delivers maximum speed and global accessibility. The entire Krista Instance and Data Appliance run in the Krista Public Cloud. We manage all compute and storage. You simply connect your internal systems via a secure on-premise Access Point. This ensures full adherence to Krista’s audit standards and certifications.
Krista Data Appliance Deployment (Hybrid Cloud)
This model prioritizes data sovereignty. The Instance runs in the Krista Public Cloud. You host the Data Appliance in your own data center. Data stays on your premises to meet regulatory needs. You retain full physical control over your information while leveraging cloud compute for logic.
Krista Dedicated Cloud Deployment
This model ensures maximum isolation. We deploy a dedicated Krista Instance solely for your organization. You do not share infrastructure with any other customer. You can deploy this in the Krista Cloud, your private cloud, or on-premises. Krista DevSecOps maintains 24/7 access to ensure security integrity across the environment.
Operational Considerations
Choosing a self-hosted model increases your control. It also shifts operational responsibility to your team.
- Cost Management: Self-hosting may reduce direct infrastructure fees. However, you must account for the labor costs required to manage the environments.
- Audit Scope: When you host part of the system, we list you as a ‘sub-service organization.’ This excludes your specific deployment from our standard compliance audits. It allows you to apply your own facility and disaster recovery controls to that portion of the stack.
Choose the model that fits your mission. Krista delivers the flexibility to scale securely. For the complete technical blueprint behind these deployment options, download the Krista Platform Architecture white paper.
