Skip to main content

Why Tensor9?

Tensor9 makes it easy to convert an existing SaaS product to work on-prem without changing code.

Benefits

A SaaS-like experience

Tensor9 gives software vendors a SaaS-like development and operational experience despite the fact their software and infrastructure is distributed across customer appliances.

A facade stack living in the vendor's cloud synchronizes with a real stack in the customer's appliance. Vendor engineers use these facades in their own cloud to affect the software and infrastructure in remote customer appliances. They also use facades to understand the operational health of their system -- despite the fact that the real stack is remote.

See Vendor experience for more details.

Vendor software (and ML models) are kept private

Tensor9 uses the following mechanisms to secure vendor software so that customers cannot access it:

  • Bring-Your-Own-Key: The vendor owns the keys to the virtual machine capacity in the appliances that run their software.

  • Isolation: Virtual machine capacity is deployed into an isolated VPC in the customer's appliance that has no external network access - except through a VPC peering connection with the customer's firewall.

Customers are in control

Customers own their infrastructure

The customer owns the appliance, which runs in their cloud on infrastructure they own. Customers access their on-prem software at their own endpoint (e.g. vendor-name.customer-name.com) instead of the vendor's SaaS endpoint (e.g. vendor-name.com) This is a clear trust signal to the customer that they are dealing with their own infrastructure.

Customers control data egress

Vendor software running inside an isolated VPC inside customer's appliance. This isolated VPC has no network routes to the outside world. The only way it can communciate with the outside world is through the appliance's firewall (via VPC peering). The customer owns and can audit the VPC configuration and the firewall enforcing this network isolation. The firewall inspects all data going into and out of the isolated VPC; it does not allow encrypted or unsanctioned data to egress.

Transparent audit log

An audit log captures any data going into and out of the appliance. The customer can inspect the audit log to ensure it matches their own request patterns to the appliance. Customers can also enforce their own network security policies around their appliance. For example, they can use Google Cloud Security Command Center to analyze events from the audit log.

Why not build your own on-prem stack?

The Tensor9 engineering team has decades of experience building large scale systems, including early and critical parts of AWS S3. Our team works hard to continuously improve the experience vendors have with their on-prem offering, including: new features, integrations, security patches, and support. Ultimately, vendors that choose Tensor9 can invest more of their engineering resources in building their unique, differentiated value. Our opinion is that vendors should not have to think about their on-prem offering differently from their SaaS offering.