Hybrid Deployment
The hybrid deployment model gives you the best of both worlds: your operational data stays on-prem inside the Tenant Plane while the Atlas Cloud Control Plane provides managed AI inference, model updates, and cross-tenant intelligence.
Architecture Overview
┌─────────────────────────────┐ ┌──────────────────────────┐
│ Your Infrastructure │ │ Atlas Cloud │
│ │ │ │
│ ┌───────────────────────┐ │ HTTPS │ ┌────────────────────┐ │
│ │ Tenant Plane │◄─┼────────┼─►│ Control Plane │ │
│ │ (data, incidents, │ │ │ │ (AI, billing, │ │
│ │ automations) │ │ │ │ provisioning) │ │
│ └───────┬───────────────┘ │ │ └────────────────────┘ │
│ │ │ │ │
│ ┌───────▼───────────────┐ │ └──────────────────────────┘
│ │ Edge Agents │ │
│ │ (hosts, VMs, k8s) │ │
│ └───────────────────────┘ │
└─────────────────────────────┘Prerequisites
- All requirements from the On-Prem Installation guide
- Outbound HTTPS (port 443) from Tenant Plane to
cp.atlastechlab.com - DNS resolution for
cp.atlastechlab.comfrom the Tenant Plane host - Edge Agent installer access for each host you want to monitor
Step 1: Deploy the Tenant Plane
Follow the On-Prem Installation guide to install the Tenant Plane on your infrastructure:
curl -fsSL https://install.atlastechlab.com/tp | bashDuring setup, select Hybrid when prompted for deployment mode. This configures the Tenant Plane to route AI inference requests to the Control Plane while keeping all raw telemetry local.
Step 2: Verify Control Plane Connectivity
After installation, confirm the Tenant Plane can reach the Control Plane:
curl -s https://cp.atlastechlab.com/api/healthThe Tenant Plane performs a connectivity check every 60 seconds. You can verify the connection status in the UI under Settings → Control Plane Connection. The status should show Connected with a green indicator.
Step 3: Install Edge Agents
Deploy Edge Agents on every host, VM, or Kubernetes node you want to monitor. Agents report directly to the Tenant Plane — they never communicate with the Control Plane.
Linux hosts:
curl -fsSL https://install.atlastechlab.com/agent \
| bash -s -- \
--tenant-url https://<tenant-plane-ip>:8443 \
--api-key <AGENT_API_KEY>Kubernetes (DaemonSet):
kubectl apply -f https://install.atlastechlab.com/agent/k8s-daemonset.yaml
kubectl set env daemonset/atlasai-agent -n atlasai \
TENANT_URL=https://<tenant-plane-ip>:8443 \
API_KEY=<AGENT_API_KEY>Step 4: Configure Data Flow Policies
In hybrid mode, you control exactly what data leaves your network. Navigate to Settings → Data Policies to configure:
| Policy | Default | Description |
|---|---|---|
| AI Inference | Enabled | Send anonymized incident context to Control Plane for RCA |
| Telemetry Metadata | Enabled | Share aggregate statistics (not raw data) for benchmarking |
| Raw Log Export | Disabled | Never send raw logs to Control Plane |
| Model Download | Enabled | Pull updated ML models from Control Plane |
All policies can be individually toggled. When AI Inference is disabled, the Tenant Plane falls back to local models (requires GPU or additional CPU resources).
Step 5: Validate End-to-End
Create a test incident to confirm the full pipeline is operational:
- Open the Tenant Plane UI at
https://<tenant-plane-ip>:8080 - Navigate to Incidents → New Incident
- Create a P4 test incident
- Click Run RCA — this triggers an AI inference call to the Control Plane
- Verify the RCA result appears within 30 seconds
If RCA completes successfully, your hybrid deployment is fully operational. The AI request was routed to Atlas Cloud, processed, and the result was returned to your Tenant Plane — all while your raw data remained on-prem.
Network Troubleshooting
If the Control Plane connection shows Disconnected:
- Verify DNS resolution:
nslookup cp.atlastechlab.com - Test HTTPS connectivity:
curl -v https://cp.atlastechlab.com/api/health - Check proxy settings if your network requires them
- Review firewall rules for outbound port 443
- Check Tenant Plane logs:
docker compose logs ai-gateway