Enterprise Deployment | Acadify AI Docs

VPC & On-Premise Integrations

Deploy Acadify's evaluation pipelines and deterministic execution sandboxes directly within your private cloud infrastructure for absolute data security.

Kubernetes & Helm

Deploying our execution engine directly onto your massive EKS or GKE clusters.

Data Residency

Ensuring zero outbound proprietary data transmission for SOC2, HIPAA, and ITAR.

IAM & SSO

Integrating SAML 2.0 Identity Management via Okta, Ping, and Azure AD.

High Availability

Configuring multi-region redundant sandboxes for zero-downtime CI/CD evaluations.

1. Kubernetes & Helm Deployment

For elite frontier AI labs and defense contractors, exposing pre-training checkpoints to external APIs is a non-starter. Acadify offers full on-premise and Virtual Private Cloud (VPC) deployments of our deterministic execution sandboxes.

The Execution Engine Container

The Acadify Execution Engine is fully containerized. We provide official Helm charts allowing you to deploy the exact same deterministic SWE-bench environments on your own massive GPU/CPU clusters, entirely air-gapped.

helm repo add acadify https://charts.acadifysolution.com
helm repo update

helm install acadify-sandbox acadify/execution-engine \
  --set environment.airgapped=true \
  --set cluster.provider="aws-eks" \
  --set resources.cpus=1024 \
  --set license.key="ACA_ENTERPRISE_KEY"

Node Affinity and GPU Tainting

If you are routing evaluations directly to massive LLM pods within the same cluster, ensure that the Acadify execution sandboxes are tainted to CPU-only nodes to avoid monopolizing H100 GPUs required for your inference endpoints.

2. Data Residency & ITAR Compliance

When running Acadify within your VPC, data privacy is absolute. Our architecture guarantees that your proprietary data never leaves your infrastructure.

Zero Outbound Transmission

Unlike cloud-hosted SaaS tools, our VPC deployment does not send your code, datasets, or evaluation trajectories back to our servers.

Inbound Only: The execution sandboxes receive data from your internal CI/CD pipelines.
Local S3 Logging: All trajectory logs and evaluation outputs are written to your internal AWS S3 buckets or Azure Blob Storage.
Telemetry Heartbeat: The only outbound ping is an encrypted, 1kb heartbeat containing zero user data. This is strictly required for Enterprise License validation.

Air-Gapped Mode: For defense contractors (ITAR/FedRAMP High), we can completely disable the telemetry heartbeat and provide a static, cryptographically signed offline license file.

3. Identity & Access Management (SSO)

Enterprise deployments require strict role-based access control (RBAC). Acadify natively supports SAML 2.0, allowing you to govern access to the Internal Dashboard using your existing Identity Provider.

Supported Providers

Provider	Integration Protocol	SCIM Provisioning
Okta	SAML 2.0 / OIDC	Supported
Azure Active Directory	SAML 2.0	Supported
Ping Identity	SAML 2.0	Manual Sync

Role Based Access Control (RBAC)

You can automatically assign Acadify roles based on AD Groups. For example, assign the acadify_viewer role to product managers who only need to see final SWE-bench pass rates, while assigning the acadify_admin role to DevOps engineers managing the Helm deployments.

4. High Availability & Multi-Region Setup

If your CI/CD pipeline triggers thousands of SWE-bench evaluations per day, the Acadify Execution Engine must be highly available. We recommend deploying the Helm charts across multiple Availability Zones (AZs).

The Control Plane

The Acadify Control Plane manages the queue of evaluation jobs. It is built on Redis and requires a persistent, clustered setup to avoid data loss during a region failure.

# Recommended HA overrides in values.yaml
controlPlane:
  replicas: 3
  redis:
    architecture: replication
    auth:
      enabled: true
workerNodes:
  autoscaling:
    enabled: true
    minReplicas: 10
    maxReplicas: 500

Enterprise VPC Deployment