Architecture
Built for Sovereignty. Designed for Choice.
Every deployment option, connectivity model, and security layer is architected to keep you in control of your data, your network, and your operations.
Architecture
Every deployment option, connectivity model, and security layer is architected to keep you in control of your data, your network, and your operations.
Full on-premise sovereignty or managed SaaS through an encrypted VPN tunnel. You choose. Your databases never move either way.
Deploy the entire platform on your infrastructure. The portal, the repository database, and all background agents run inside your network. You choose where AI runs — local Ollama on your own GPU hardware, or cloud AI with your own API keys (BYOK).
We host the portal. You host your databases. An encrypted VPN tunnel connects the two. AI runs on cloud providers (Gemini, OpenAI, Kimi) with managed API pooling — fast, GPU-backed responses without hardware investment. Your databases never leave your network.
Other SaaS platforms dictate how you connect. We offer three options because every network is different.
Fast, crypto-agile, and simple. For teams running cloud-native infrastructure who need performance without complexity.
IKEv2 with X.509 certificate authentication. The same technology your network engineers already approve. Site-to-site tunneling as a first-class citizen.
Runs over TCP 443. Works through HTTP proxies, captive portals, and the most restrictive corporate firewalls. If HTTPS works, this works.
Traditional SaaS monitoring platforms require an agent on your database host that streams telemetry outward. Query text, execution plans, schema metadata, and metrics all flow to the vendor's cloud. The volume is massive and continuous.
NetDBA4U's VPN-Tunnel SaaS inverts that model. The portal lives on our infrastructure but connects to your databases through an encrypted tunnel. Your tables, rows, and query results never leave your network. Only diagnostic metadata necessary for incident response is stored in the portal repository — a fraction of what traditional platforms collect.
Eight independent security layers protect your data, credentials, and infrastructure at every touchpoint.
WireGuard (Curve25519/ChaCha20), IPsec IKEv2 (AES-256-GCM), and OpenConnect TLS 1.3. Every tunnel is cryptographically hardened.
AES-256-GCM encryption for credentials, AI chat sessions, and sensitive incident fields. Transparent encrypt-on-write, decrypt-on-read.
Local secure hashing, Active Directory (3 modes), SAML 2.0 SSO, and DUO Universal Prompt MFA. Account lockout with automatic unlock.
SSH key-based authentication only. Dedicated OS user per target. No passwords stored. Oracle BEQ and Wallet support for privileged access.
READONLY, OPERATOR, and ADMIN roles with database-level restrictions. Fail-closed design. Every action logged to Oracle Unified Auditing.
Comprehensive session security with hardened cookie policies, automatic inactivity termination, and server-side session management with cleanup.
OWASP-aligned LLM defenses. Comms Sanitizer strips topology and masks passwords. Destructive DDL trapped. HITL approval required.
Comprehensive and robust password policy with complexity enforcement, automatic rotation, and secure hashing. Configurable to align with your organizational standards.
Every AI-generated destructive command is trapped, queued, and requires explicit human approval via cryptographically signed email links or the web dashboard.
Safe commands execute immediately. Destructive commands (DROP, TRUNCATE, SHUTDOWN, KILL SESSION) are trapped and queued. The admin receives an HMAC-signed email with Approve / Deny / Regenerate options. Every step is logged.
An honest inventory of what resides in your network versus what is stored in the portal repository.
When you run SELECT * FROM employees, result rows stream to your browser through the tunnel and are discarded from memory. No result data is persisted in the portal repository.
RMAN, PostgreSQL, MySQL, and MongoDB backups are orchestrated by the platform but stored entirely on customer infrastructure. Backup files never traverse the VPN tunnel.
SSH authentication uses key-based auth only. Private keys remain on customer hosts. Database passwords are encrypted with AES-256-GCM and never exposed in logs.
Incident titles, descriptions, and HTML performance reports are stored in the portal PostgreSQL repository. These contain truncated SQL snippets (up to 150 characters), wait events, and segment names — not query results.
Chat messages are stored for session continuity. Self-hosted: Local AI processes everything on your hardware; chat history stays in your PostgreSQL repository. SaaS: Chat prompts are sent to managed cloud AI (Gemini/OpenAI) through the Comms Sanitizer. Chat history is stored in the hosted PostgreSQL repository. Encrypted at rest in both cases.
Commands proposed by the Triage Agent and Sentinel AI are stored in the approval queue. These include SQL fixes, bash commands, and DDL statements awaiting human approval.
If your compliance framework (HIPAA, SOX, PCI-DSS) requires zero third-party data access, the self-hosted deployment places the entire portal repository under your direct control.
Self-hosted deployments can run Ollama locally on your own GPU hardware for complete air-gapped AI, or use cloud AI with your own API keys (BYOK). You control the hardware, the models, and the data flow.
SaaS deployments use managed cloud AI (Gemini, OpenAI, Kimi) with pooled, metered API keys. This delivers fast, GPU-backed responses without requiring you to provision AI hardware. All outbound requests pass through the Comms Sanitizer: topology details are stripped, passwords are masked, and "DO NOT TRAIN" restrictions are embedded.
Need a security questionnaire, architecture diagram, or deployment guide for your procurement team? We have them ready.