We are now part of the NVIDIA Inception Program.Read the announcement
Documentation

Air-Gapped Deployment

Deploy MX4 Atlas in fully disconnected environments.

Last updated on February 2, 2026

Overview

Air-gapped deployment provides maximum isolation by running Atlas without external network connectivity. Data stays within your facility by default, and all operations occur inside your controlled environment.

Use Cases

Ideal for highly regulated or sensitive environments where external connectivity is restricted or prohibited.

System Requirements

Hardware Requirements

  • • GPU capacity sized to your target models and throughput
  • • High‑speed storage for model artifacts and logs
  • • Redundant power and facility‑level resiliency
  • • Optional HSM for key management
  • • Physical security controls aligned to your policies

Software Requirements

  • • Linux LTS distribution validated during onboarding
  • • GPU drivers and runtime libraries appropriate to your hardware
  • • Container runtime (Docker/Podman) as approved by your security team
  • • Offline package repositories and signed artifacts
  • • Security‑hardened kernel configuration (as required)

Pre-Deployment Checklist

Network Isolation

Confirm physical and logical network isolation per facility policy

Hardware Verification

Validate GPU recognition, BIOS configuration, and physical controls

Security Setup

Initialize key management and apply hardened OS policies

Documentation Ready

Verify signed installation media and document chain of custody

Deployment Process

Pre-Installation Assessment

Our engineers align on facility requirements and validate hardware and network isolation with your security team.

Timeline: Defined per project scope
Deliverables: Assessment report and deployment plan

Offline Package Transfer

All installation packages, models, and dependencies are transferred via encrypted physical media. No network connectivity is required or permitted during this phase.

bash
1# Verify package integrity
2sha256sum -c packages.sha256
3

4# Install offline dependencies
5./install-offline.sh --verify-signatures \
6  --activity-journal=/secure/logs/install.log

Secure Installation

Installation is performed in a secure environment with continuous monitoring. Operations can be recorded locally for operational visibility.

Security measures: Faraday cage protection, electromagnetic shielding, continuous video surveillance

Configuration and Testing

System configuration with your specific security policies, followed by comprehensive testing in isolated environments.

yaml
1# Air-gapped configuration
2deployment:
3  mode: air_gapped
4  security:
5    level: top_secret
6    activity_journal: enabled
7    data_sovereignty: strict
8

9  network:
10    isolation: complete
11    allowed_interfaces: none
12

13  monitoring:
14    local_only: true
15    encrypted_logs: true

Operational Handover

Final validation, documentation handover, and training for your operations team. System enters production with local activity journaling enabled.

Post-Deployment Verification

Isolation Verification

bash
1# Test network isolation
2nmcli device show | grep -i "connected"
3# Should show NO connections
4

5# Verify no DNS/network access
6nslookup google.com
7# Should timeout - NOT resolve
8

9# Check for unauthorized network interfaces
10ip link show
11# Should only show lo (loopback)

Performance Baseline

bash
1# Record baseline metrics for future comparison
2nvidia-smi --query-gpu=index,name,memory.total --format=csv > gpu_baseline.csv
3inxi -v2 > system_baseline.txt
4

5# Test inference latency
6time python -c "from mx4 import AtlasServe; serve = AtlasServe(); print(serve.health())"

License Management

Air-gapped deployments use physical license keys that are bound to your hardware.

License Options

Hardware Security Module (HSM)Recommended
Encrypted USB DongleAlternative
Offline License FileBasic

Troubleshooting

GPU Not Recognized

System fails to detect installed GPUs.

Solution: Update NVIDIA drivers from offline repository, check PCIe slot connections, verify BIOS GPU configuration.

License Validation Fails

System rejects license key or HSM connection issues.

Solution: Verify HSM is properly initialized, check license file hasn't been modified, ensure hardware serial numbers match license.

Maintenance and Updates

Security updates and model improvements are delivered via secure offline channels with scheduled maintenance windows.

Important: Maintenance procedures and on-site support are defined by your support plan and security requirements.

Support and Operations

Support hours and response times are defined in your support plan. Critical issues can be escalated with on-site response if required.

Support Channels

  • • Secure phone or conferencing channels
  • • Encrypted email
  • • Offline transfer workflows for air-gapped environments
  • • On-site engineer dispatch for critical problems (as agreed)