FAQs
Can Tensor9 support my entire stack?
Tensor9 supports containers, virtual machines, serverless functions, and any cloud-native infrastructure that can be expressed with Terraform (e.g. queues, storage buckets, managed databases).
What public clouds does Tensor9 support?
Amazon Web Services, Google Cloud, and Microsoft Azure.
A customer appliance can be provisioned in any of these public clouds. Similarly, vendors can run their facades in any of these clouds.
Why should a vendor trust Tensor9 with their proprietary software and/or ML model weights?
Customers cannot log in to or inspect the running state of a virtual machine running vendor software.
Vendor software runs on virtual machine capacity provisioned with keys owned by the vendor. This capacity runs in an isolated VPC within the customer's appliance with no external network access. Serial port access is also disabled. The customer only has external access to virtual machine capacity: they can see it exists, monitor its resource utilization, modify its network access, and delete it.
See Vendor experience > Security for more details.
Why should a customer trust Tensor9 with their sensitive data?
The customer's appliance runs in their cloud account, on hardware they own and control. Customers can also change their appliance's configuration. For example, they can restrict the range of IP addresses that can access their appliance's endpoint. Another example: they can shutdown appliance-provisioned hardware at any time using their cloud provider's console or APIs. Such changes can, of course, break the vendor's software. The appliance software is open source. Network traffic that egresses their appliance is appended to an audit log. Vendor software running in their appliance has no external access except through the appliance's firewall, which the customer controls.
See Customer experience > Security and control for more details.
How does Tensor9 deploy software to the customer's cloud?
For container-hosted software, vendor engineers take their existing built container and run it through the tensor9
CLI to build a facade container image. The facade container image has embedded into it all the necessary information to deploy the real container image to a specific customer’s appliance. Engineers can deploy their facade container image anywhere they like (e.g. AWS ECS) – this will behind-the-scenes start a real container inside the customer’s appliance. Network packets sent to the resulting facade container will be tunneled to the corresponding real container inside the appliance.
For virtual-machine-hosted software, vendor engineers use the tensor9
CLI to build a facade AMI. The facade AMI has embedded into it all the necessary information to provision a real VM inside a specific customer’s appliance. the engineers can deploy their facade AMI to a nano-sized instance – this will behind-the-scenes provision and start a real VM inside the customer’s appliance. Network packets sent to the resulting facade VM will be tunneled to the corresponding real VM inside the appliance.
See Facades for more details.
How does the vendor control what code runs in the customer's appliance?
Vendors deploy facades with their existing continuous deployment tooling. In the case of containerized code, the vendor builds a new container, builds a facade of that container using the tensor9
CLI, and then deploys that facade using their familiar continuous deployment tooling.
When an old container facade is terminated by the deployment tooling, its corresponding real container in the customer's appliance will be terminated. And, when a new container facade is started by the deploying tooling, a new real container will be started in the customer's appliance - thereby completing the deployment cycle.
The vendor is always in control of what software is running inside the customer's appliance.
See Facades for more details.
Can container facades be deployed anywhere? AWS Fargate? Google CloudRun?
Vendor's can deploy container facades wherever they want. All the information necessary to connect to a customer's appliance, deploy the real container embedded in the facade, and run the vendor’s real container in the appliance, are all within the facade.
See Facades for more details.
Are facade resource as large as their real counterparts in the appliance? That sounds expensive.
No, facades are designed to be lightweight.
In the case of machine facades, these are nano-sized virtual machines, which cost $0.10/day (on AWS).
Who pays for the appliance?
The customer does; the appliance runs in their cloud account.
Does the customer need to have a business relationship with Tensor9?
No, Tensor9 white-labels its software to vendors.
We do recommend to vendors that they include our team on sales, engineering and support calls with prospective and existing on-prem customers. In those settings, the Tensor9 team acts as part of the vendor's team.