We are now part of the NVIDIA Inception Program.Read the announcement
Documentation

Air-Gapped Deployment

Deploy MX4 Atlas in fully disconnected environments.

Last updated on February 2, 2026

Overview

Air-gapped deployment provides the highest level of security by ensuring complete physical and network isolation. No data ever leaves your facility, and all operations occur in a zero-trust environment on your infrastructure.

Security Classification

This deployment option is designed for TOP SECRET facilities and critical infrastructure where network connectivity is prohibited.

System Requirements

Hardware Requirements

  • • NVIDIA H100 or A100 GPU clusters (minimum 4 GPUs)
  • • High-speed NVMe storage (minimum 2TB)
  • • Redundant power supplies with UPS
  • • Hardware Security Module (HSM) for key management
  • • Physical security controls (biometric access)

Software Requirements

  • • Red Hat Enterprise Linux 8.6+ or Ubuntu LTS 22.04+
  • • CUDA 12.0+ with cuDNN and cuBLAS
  • • Docker Enterprise or Podman for containerization
  • • Offline package repositories
  • • Security-hardened kernel configuration

Pre-Deployment Checklist

Network Isolation

Confirm Faraday cage is complete, no WiFi/cellular signals detected, Ethernet cables removed

Hardware Verification

All GPUs recognized, BIOS settings locked, physical tamper seals installed

Security Setup

HSM initialized, encryption keys generated, SELinux configured to enforcing

Documentation Ready

All installation media signature verified, serial numbers recorded, chain of custody documented

Deployment Process

Pre-Installation Assessment

Our engineers perform a comprehensive security assessment of your facility and infrastructure. This includes hardware validation and network isolation verification with your security team.

Duration: 1-2 weeks
Deliverables: Security assessment report, infrastructure validation certificate

Offline Package Transfer

All installation packages, models, and dependencies are transferred via encrypted physical media. No network connectivity is required or permitted during this phase.

bash
1# Verify package integrity
2sha256sum -c packages.sha256
3

4# Install offline dependencies
5./install-offline.sh --verify-signatures \
6  --security-level=top-secret \
7  --activity-journal=/secure/logs/install.log

Secure Installation

Installation is performed in a secure environment with continuous monitoring. Operations can be recorded locally for operational visibility.

Security measures: Faraday cage protection, electromagnetic shielding, continuous video surveillance

Configuration and Testing

System configuration with your specific security policies, followed by comprehensive testing in isolated environments.

yaml
1# Air-gapped configuration
2deployment:
3  mode: air_gapped
4  security:
5    level: top_secret
6    activity_journal: enabled
7    data_sovereignty: strict
8

9  network:
10    isolation: complete
11    allowed_interfaces: none
12

13  monitoring:
14    local_only: true
15    encrypted_logs: true

Operational Handover

Final validation, documentation handover, and training for your operations team. System enters production with local activity journaling enabled.

Post-Deployment Verification

Isolation Verification

bash
1# Test network isolation
2nmcli device show | grep -i "connected"
3# Should show NO connections
4

5# Verify no DNS/network access
6nslookup google.com
7# Should timeout - NOT resolve
8

9# Check for unauthorized network interfaces
10ip link show
11# Should only show lo (loopback)

Performance Baseline

bash
1# Record baseline metrics for future comparison
2nvidia-smi --query-gpu=index,name,memory.total --format=csv > gpu_baseline.csv
3inxi -v2 > system_baseline.txt
4

5# Test inference latency
6time python -c "from mx4 import AtlasServe; serve = AtlasServe(); print(serve.health())"

License Management

Air-gapped deployments use physical license keys that are cryptographically bound to your hardware.

License Options

Hardware Security Module (HSM)Recommended
Encrypted USB DongleAlternative
Offline License FileBasic

Troubleshooting

GPU Not Recognized

System fails to detect installed GPUs.

Solution: Update NVIDIA drivers from offline repository, check PCIe slot connections, verify BIOS GPU configuration.

License Validation Fails

System rejects license key or HSM connection issues.

Solution: Verify HSM is properly initialized, check license file hasn't been modified, ensure hardware serial numbers match license.

Maintenance and Updates

Security updates and model improvements are delivered via encrypted physical media with scheduled maintenance windows.

Important: All maintenance activities require the presence of certified MX4 engineers and follow the same security protocols as initial installation.

Support and Operations

24/7 support is available through secure communication channels. Critical issues are addressed within 4 hours with on-site response if required.

Support Channels

  • • Secure phone lines (encrypted VoIP)
  • • Encrypted email with digital signatures
  • • Physical document courier for complex issues
  • • On-site engineer dispatch for critical problems