Deployment — Sonoda Dynamics

Model 01 · Default

Managed cloud

We host the tenant on our infrastructure (Render + AWS). Fastest path to production. Standard for Quick Start engagements.

Provisioning: < 5 minutes

Region: us-east-1 default

Multi-tenant DB: no

Model 02

Customer VPC

Deployment runs inside your AWS / GCP / Azure account. Network controlled by you. We retain operational responsibility via a least-privilege role.

Provisioning: 5–10 business days

Region: your choice

Network access: your IAM

Model 03

On-premise

Docker Compose or Kubernetes Helm chart for self-hosted deployment behind your firewall. Air-gapped operation supported with a pinned LLM provider or local inference.

Provisioning: 2–4 weeks

Air-gap: supported

Update cadence: customer-controlled

Model 04

Hybrid

Sensitive data layer (documents, audit log) stays on-prem; orchestration plane is managed by us. Useful when data residency rules out cloud but ops capacity is limited.

Provisioning: 3–6 weeks

Data plane: on-prem

Control plane: managed

Capability matrix

What each model gives you.

Capability	Managed	VPC	On-prem	Hybrid
Region pinning	us-east-1	✓ any	✓ any	✓ any
Customer KMS / BYOK	—	✓	✓	✓
VPC peering / PrivateLink	—	✓	native	✓
Air-gapped operation	—	—	✓	—
Local LLM inference	—	scoped	✓	scoped
Customer-managed updates	—	opt-in	✓	partial
Multi-region failover	—	on engagement	customer's responsibility	on engagement
SOC 2 audit boundary	our boundary	your boundary	your boundary	shared

Provisioning

From SOW signature to live tenant.

T+0

SOW signed

50% invoice issued

T+1d

Tenant config

firm_id · industry · RBAC roles

T+2d

Workflows loaded

vertical template pack provisioned

T+3d

Integrations wired

Gmail / O365 / Slack / IdP

T+5d

Cutover

production keys · monitoring on

Above timeline assumes managed-cloud. VPC: add 5–10 business days for network access and IAM role review. On-prem: add 2–4 weeks for environment validation. All commitments are written into the SOW with explicit milestones — no vague "soon".

Rollback & change management

Every change is reversible.

Workflow definitions are versioned per tenant. Promoting a new version does not delete the previous — operators can revert with a single call (POST /api/v1/workflows/{firm_id}/{wf_id}/rollback). The Operational Time Machine records intent, params, and decision context for every approval, so post-incident review reconstructs exactly what an operator (or agent) saw.

Platform upgrades on managed cloud are blue-green: traffic shifts only after the new revision passes health checks. Managed-cloud customers get a 24-hour change window opt-out; VPC and on-prem customers control their own upgrade cadence.

Tenant-level "freeze" is available — pauses all agent action while keeping read APIs live. Used during sensitive periods (M&A diligence, year-end close, regulator visits).

Service-level commitments

Written into the SOW.

Metric	Quick Start	Professional	Enterprise
Uptime target (managed)	99.5%	99.9%	99.95% + credits
Provisioning SLA	5 business days	5 business days	negotiated
Incident acknowledgement	4 business hours	1 business hour	15 min · 24×7
Backup & restore	daily · 30d retention	hourly · 90d retention	continuous · custom
Audit log retention	1 year	3 years	7+ years

Four deployment models.