We build developer platforms, data engineering pipelines, and self-service infrastructure for organisations that operate where the hyperscalers don't follow — data centres, air-gapped networks, and regulated environments where your data stays yours.
We've built the same platform six times across six organisations. We productised that experience into reusable, open-source infrastructure — then specialised in deploying it where traditional tooling breaks down.
Backstage-powered internal developer portals that give your engineers a single pane of glass — service catalogue, scaffolding, deployment, documentation. Self-service from day one.
Data platforms where data scientists and engineers are first-class citizens. Self-service data lake access, automated lineage, one-click workspaces with the IDEs and GPU access they actually need.
Immutable, secure-by-design Kubernetes on bare metal, Proxmox, and OpenStack. We specialise in Talos Linux for production-grade clusters that don't require babysitting.
AI-powered sheepdip pipelines that inspect every package, container, ISO, and artefact before it enters your environment. Purpose-built for air-gapped and data-diode architectures.
Grafana Mimir, Loki, and Alloy wired across your entire stack from day one. Falco for runtime security. Alertmanager for intelligent incident routing. Nothing dark in your cluster.
OpenTofu and Terraform module libraries for multi-account AWS, Proxmox clusters, and hybrid cloud architectures. Repeatable, auditable, and owned by your team — not a black box.
Every tool we sell exists because we built it first for a client. Cloudyard and CloudGate are the hardened, open-source versions of platforms we've deployed in production — packaged so you don't have to start from scratch.
Bare metal to production Kubernetes in under two hours. Talos, Cilium, Rook-Ceph, and Keycloak — fully automated, 100% open source, no vendor lock-in.
Cloud-native self-service on your infrastructure. Developer portals, data lakes, and workspaces — running on your hardware, not someone else's cloud.
AI-powered sheepdip for every artefact entering your environment. Nothing uninspected. Purpose-built for air-gapped and regulated infrastructure.
GPG/OpenPGP end-to-end encrypted secret sharing from the terminal. Share credentials, API keys, and sensitive files with cryptographic confidence — self-hosted, open source.
Platform engineering is not a report. It's months of hard-won configuration, integration debugging, and edge-case archaeology. We've done that work already. We bring it with us.
We map your current state — infrastructure, toolchain, team topology, pain points. We identify the highest-leverage improvements and design a platform architecture that fits your constraints.
We deploy the foundation — Talos Kubernetes, networking, identity, observability. Your team gets a running cluster with all the hard parts already solved: CNI, PKI, OIDC, storage.
We layer Cloudyard and CloudGate onto the foundation. Developer portal, data platform, secure package registry — pre-integrated, opinionated, and tuned to your team's workflow.
We don't leave you dependent on us. Every deployment comes with team training, comprehensive runbooks, and the acceleration knowledge to operate, extend, and evolve the platform yourselves.
Our specialisation is environments where standard cloud-native tooling breaks down: offline networks, data centre tenants, and regulated industries with strict data residency requirements.
SaaS and software companies hosting in third-party data centres who need cloud-native self-service without migrating to AWS. We give you the developer experience without the hyperscaler dependency.
Banks, trading platforms, and fintech companies with data residency mandates and air-gap requirements. Full DevSecOps stack that satisfies your compliance team without slowing your engineers.
Classified and official-sensitive environments. Air-gapped platform deployments, one-way package transfer via data diode, and IL-compliant infrastructure built on zero-trust principles.
NHS trusts, clinical systems, and pharmaceutical R&D with HIPAA/DSP Toolkit requirements. Data engineering platforms where patient data never leaves your controlled environment.
Energy, utilities, and CNI operators under NIS2. Operational technology environments that need software supply chain security and platform engineering done to a standard that regulators accept.
Companies leaving VMware vSphere after Broadcom's pricing changes. We provide a clean migration path to Proxmox or OpenStack with a full modern platform replacing what VMware provided.
Every component we deploy has a thriving open source community, extensive documentation, and a path to enterprise support that doesn't go through us. We believe the open source ecosystem is the support contract.
"We've watched organisations pay millions in VMware and proprietary tooling licences for capabilities that open source communities have matched or exceeded. The only thing holding most teams back is integration — and that's exactly what we provide."
Whether you're planning a VMware migration, building out a data platform, securing an air-gapped environment, or just trying to give your developers the self-service experience they deserve — let's talk.