Deployment Checklist

Checklist

A practical checklist for planning and executing an AKIOS Pro self-hosted deployment. Use this to ensure your infrastructure, networking, storage, and security teams are aligned.

1. Infrastructure#

Compute

Docker Engine 24+ on Linux x86_64 or ARM64. Minimum 8GB RAM, 4 vCPUs for evaluation. Production: 16GB+ RAM, 8+ vCPUs.

Storage

Minimum 50GB available for evidence storage. SSD recommended. Plan for growth: ~1GB per 10K traces with findings. Network-attached storage for multi-node deployments.

Network

AKIOS Pro requires outbound access to your LLM gateway and agent telemetry endpoints. No cloud egress required. Port 8080 for dashboard access.

Container runtime

Docker Engine 24+ or containerd 1.6+. Kubernetes 1.24+ with CSI storage driver for production deployments.

Backup

Configure periodic backups of the evidence store. AKIOS Pro supports live backup without downtime. Recommended: daily snapshots with 30-day retention.

2. Networking#

Dashboard access

Port 8080 (configurable). Restrict to internal network or VPN. No public exposure required.

Evidence sources

Outbound to LLM gateways, model APIs, and agent telemetry endpoints. Configure per-source in AKIOS Pro.

SIEM forwarding

Outbound to SIEM endpoints (Splunk HEC, Sentinel, syslog). TCP 514 or HTTPS 443 depending on your SIEM configuration.

DNS

AKIOS Pro does not require external DNS resolution in air-gapped mode. Internal DNS for artifact registry and SIEM endpoints only.

Load balancing

Optional for multi-node deployments. Round-robin across AKIOS Pro instances. Session affinity not required.

3. Security#

Authentication

AKIOS Pro supports OIDC and SAML 2.0 for dashboard access. Local user accounts for evaluation environments.

Encryption at rest

Evidence store encrypted using AES-256. Encryption keys managed via environment variable or KMS integration.

Encryption in transit

TLS 1.3 for dashboard, API, and SIEM forwarding. Self-signed certificates supported for air-gapped deployments.

Audit logging

All administrative actions logged: user authentication, configuration changes, evidence export, data deletion.

Network isolation

Deploy in isolated network segment with strict ingress/egress rules. No cloud dependencies reduce attack surface.

Secrets management

API keys, tokens, and license keys stored via environment variables or mounted secrets. Integration with Vault, AWS Secrets Manager, or Kubernetes secrets.

4. Operations#

Monitoring

Health endpoint at /health for load balancer probes. Prometheus metrics for evidence ingestion rate, storage usage, and API latency.

Backup

Evidence store backup: volume snapshots or akios export --full. Configuration backup: export akios config. Schedule daily backups minimum.

Upgrades

Rolling upgrades supported. AKIOS Pro maintains backward compatibility for at least 2 minor versions. Test upgrades in staging environment first.

Incident response

AKIOS Pro failure mode: evidence collection stops, existing evidence is preserved. Recovery: restart container, backlog is processed automatically.

Scaling

Single-node handles 10K+ traces/day. Multi-node for 100K+. Evidence store can be scaled independently from compute.

Need help planning your deployment?

Our engineering team can review your infrastructure and provide deployment guidance for AKIOS Pro evaluation and production rollout.

Contact Engineering