Architecture.

01 · Uptime

Targets, not promises we can't keep.

Uptime is measured per seat, per calendar month, with maintenance windows announced 48 hours in advance excluded. Vault and Survival Kit tiers carry contractual SLA with service credits.

Live region status

02 · Architecture

Multi-cloud by design, not by accident.

Each seat runs on a dedicated KVM virtual machine on a chosen cloud provider, with a static IPv4 address that is yours alone for the duration of service. Provider selection is per-workload, never one-size-fits-all.

• Vultr · Primary (KR / JP / SG). High-CPU, predictable cost. Default for office VDI and dev workstations.
• AWS · Enterprise (ap-northeast-2). GPU, compliance, deep ecosystem integration.
• Oracle Cloud · Cost-optimized (ap-seoul-1). Free egress, ARM Ampere — long-running idle desktops and burst capacity.
• DigitalOcean · Specialty (SG / NYC / FRA). Predictable pricing, clean IP pools.
• Hetzner · Bulk (FSN / HEL / ASH). Best € per core in Europe, EU jurisdiction.

A thin operations layer above all providers handles provisioning, monitoring, billing, and lifecycle. The customer sees one interface, one engineer, one invoice — regardless of which cloud the seat lives on.

03 · Scale

Vertical when you need it. Horizontal when it matters.

Per-seat specs scale from a 2 vCPU starter to a 32 vCPU / 128 GB workstation with optional GPU passthrough. Fleet size is uncapped — start with one seat, scale to a hundred without re-negotiating contracts.

• Vertical scale · 2c / 4GB → 32c / 128GB + GPU (NVIDIA T4 / A40 on request)
• Horizontal scale · 1 seat to fleet, no per-tenant cap
• Burst provisioning · New seat live in 15–30 min once baseline image is built
• Capacity headroom · Reserved capacity maintained across primary providers; no waiting on quota approvals

04 · Reliability

What happens when things go wrong.

Reliability isn't a number on a dashboard — it's the runbook that runs when the dashboard turns red. Here's what's automated, what's manual, and what's on call.

• Backups · Automated 24h snapshots, 7-day retention by default. Custom schedules (4h / 12h) on request. Restore tested monthly.
• Disaster recovery · Cross-region replication available for Vault and Survival Kit tiers. 4-hour RTO target for region-level failures.
• Patch management · Weekly OS / security patches on a tested cycle. Emergency CVEs (CVSS ≥ 9) applied within 24 hours.
• Staged rollouts · Image and config changes flow canary → 10% → fleet. Customer seats never get untested code.
• Incident response · 60-minute MTTR commitment for seat-level. Engineer on call 24/7 — the one who built your deployment.

05 · Defaults

What ships enabled. What's on by default.

Encryption, MFA, region locking — all on from day one, no opt-in required. If your situation needs formal documentation for an auditor, we can produce it. Otherwise it just works in the background.

• Encryption at rest · LUKS (Linux) or BitLocker (Windows) on every seat disk. Cloud-provider KMS for object storage and backups.
• Encryption in transit · TLS 1.3 only. Cloudflare Tunnel option for Vault+ removes public-facing ports entirely.
• Access control · MFA enforced for all admin access (TOTP / WebAuthn). Per-seat isolation — no admin can access seats outside their own customer scope.
• Audit logs · Operational metadata only — provisioning events, login attempts, configuration changes. No user content, no traffic payloads, no command history.
• Data residency · Customer-selected region. No cross-region replication occurs without explicit consent. EU customers get EU-only seats by default.
• Jurisdictional flexibility · Region-locked deployments, retention controls, and data handling adapt to where your customers and data sit. Formal documentation (GDPR / PIPA / CCPA / etc.) available when an auditor asks.

06 · Automation

The boring work, automated. The judgment calls, still human.

Provisioning, monitoring, patching, billing — all automated. The reason an engineer answers at 3 AM is precisely because the routine never needs one.

• Seat lifecycle pipeline · spec → provision → harden → handoff → monitor → destroy. Each stage triggered by event, never by ticket.
• Image build · Immutable baseline images, weekly rebuild. Per-customer overlays applied at provision time. Reproducible — same input, same output, every time.
• Monitoring stack · Prometheus (metrics) + Loki (logs) + Grafana (dashboards). Internal — customers see uptime, not gauges.
• Alert routing · Telegram (primary, instant). PagerDuty for Vault+ (paid escalation). No customer is ever paged — that's our job.
• Billing automation · Usage metered hourly, invoiced monthly. Crypto invoices use fresh wallet addresses per invoice. No double-billing, no manual reconciliation.

07 · Field notes

Operational observations, distilled.

A rotating selection of what we've seen running the stack. Specifics intentionally vague — the value of this data depends on it staying ours.

• Q3 2024 — Elevated false-positive rate observed on certain bot-management-protected targets from KR residential ranges. Affected workloads migrated to SG egress. Resolution: 72 hours, zero customer-facing downtime.
• Q1 2025 — Upstream rate-limit pattern changes detected at a major vendor. Profile rotation cadence adjusted within the same release window. Customer-facing impact: zero.
• 18 months — Continuous operation on Tokyo /24 primary egress range with zero upstream-initiated rotation events. Singapore secondary shows comparable stability profile.
• 12 months — Graphics-sensitive workloads on A40 SR-IOV deployments maintained consistent WebGL fingerprint identity across all reboots and session resumes. Zero detection-attributable migrations.
• Ongoing — IPv4 ranges automatically retired from the rotation pool when reputation telemetry crosses internal thresholds. Average pool turnover: ~4% per quarter.

If you have a specific target in mind, ask — we'll share what we've seen without naming the parties involved.