ArkiNetwork

Your customer just asked where their data lives. Here's an answer you can stand behind.

ArkiNetwork provisions a dedicated Firecracker VM for your organisation — isolated infrastructure, under your encryption keys, on hardware no other customer touches. An answer precise enough to put in writing.

Book a Demo

Here's what you tell them.

Not “we take security seriously.” Specific, verifiable, technical facts about where their data lives and who can reach it.

Your org gets its own Firecracker microVM — not a row in a shared database, a hard KVM boundary
Dedicated VM
LUKS full-disk encryption per VM, Shamir 2-of-3 escrow anchored on Hedera — the operator cannot recover your key alone
Your keys
Separate bridge, VXLAN overlay, nftables isolation — no path for lateral movement exists
Zero shared network
Nemotron 4B runs locally inside your VM on CPU — no data leaves your environment for inference
AI stays in your VM

What's in every VM - Your team is productive on day one. Not after an integration sprint.

Every ArkiNetwork VM ships with the same five tools, fully configured and connected. No installs, no wiring, no credentials to distribute. Your team logs in once with WebAuthn and the full stack is there.

your-org.arkivist.io

  • Parrot
    /admin
  • CloudBeaver
    /db
  • Grafana + Loki
    /grafana
  • Nextcloud
    /files
  • Infisical
    /secrets

All paths served under your tenant subdomain. WebAuthn session shared across all tools — one login, full stack access.

  • Parrot. Your private AI assistant. Reasons over your data locally — no API calls out, no data leaving your VM.
  • CloudBeaver. Query and manage your databases from a browser. No client installs, no shared credentials.
  • Grafana + Loki. Full observability out of the box — metrics, logs, and a complete audit trail from day one.
  • Nextcloud. Secure file storage and collaboration inside your environment. The answer to "can we stop using Dropbox?"
  • Infisical. Manage every secret your team touches — encrypted under your LUKS-derived key, never outside your VM.

Security - Isolation isn't a feature. It's the architecture.

Most platforms secure shared infrastructure with policies and access controls. ArkiNetwork removes shared infrastructure from the equation. There is nothing to breach that reaches another tenant.
  • Cryptographic isolation. Full-disk LUKS encryption per VM. Shamir 2-of-3 key split — one share held by you, anchored on Hedera's public ledger. The platform operator cannot decrypt your data unilaterally. Recovery requires your share.
  • Network segmentation. Each VM runs on a dedicated bridge with a VXLAN overlay and nftables egress allowlist. There is no route between tenants at the network layer — not a firewall rule that could be misconfigured, a physical absence of a path.
  • Identity without passwords. WebAuthn + FIDO2 for humans. mTLS with SPIFFE SVIDs for every service. No passwords, no static API keys, no shared secrets anywhere in the stack. Every identity is cryptographic and short-lived.
  • Compliance trail built in. Every write, query, and configuration change is dual-written to your local audit log and the Mothership compliance ledger. You arrive at a security review with a complete, tamper-evident record — not a promise to produce one.

Build vs. Buy - You could build this. Here's what that actually looks like.

We did. It took longer than we expected, and the list below is why.
  • Firecracker VM provisioning and lifecycle management
  • Per-tenant LUKS key generation and Shamir 2-of-3 escrow
  • VXLAN overlay networking and per-tenant nftables rules
  • SPIFFE/SPIRE deployment and SVID rotation
  • step-ca PKI with offline root
  • Bastion fleet management across providers
  • WebAuthn integration across five separate tools
  • Compliance dual-write with tamper-evident audit trail
  • Ongoing security patching across the full stack

Realistic timeline

6–12 months

of senior engineering time to reach production parity — before ongoing maintenance, security patching, and compliance updates.

Every month your team spends on this is another month your customers are still waiting for a real answer. We provisioned all of it so you don't have to.

Configure - Pick your spec. We handle everything else.

Select the resources your team needs. We'll provision a dedicated VM, wire the full stack, and have it running within one business day. No migration project. No integration sprint.

vCPU

RAM

Storage

Pilot

Perfect for evaluating ArkiNetwork with a small team.

Get the answer you can show your customers.

We'll provision a live VM for your org — full stack, your data, your encryption keys. Book a slot and we'll have it ready before the call.

  • A dedicated VM provisioned for your org — ready before your demo call
  • The exact answer to "where does our data live?" — specific enough to put in a vendor questionnaire
  • Your private AI running locally — no data leaving your environment, ever
  • One login for your whole team — WebAuthn across every tool in the stack