Deployment

Built for the perimeter your buyers actually have.

Marker is built for regulated enterprise teams that cannot send call audio, transcripts, credentials, or evaluation evidence to a generic SaaS boundary. The same product can run hosted, in your cloud, connected on-prem, or fully air-gapped.

  • Marker-managed

    Hosted

    For teams that can start in a managed environment and want the fastest path to production verification.

    Marker operates the deployment boundary.

  • Your account

    Customer cloud / BYOC

    For buyers who need Marker deployed in their cloud account, region, network, and storage perimeter.

    Customer-owned infrastructure with Marker deployment artifacts.

  • Your datacenter

    Connected on-prem

    For environments where call audio, transcripts, credentials, and evaluation data stay inside the customer network.

    Outbound access is limited to approved endpoints.

  • No outbound internet

    Fully air-gapped

    For isolated environments that install and update from signed offline artifacts instead of live package pulls.

    No phone-home path; updates are pulled by the customer.

Familiar pieces, packaged for restricted environments.

Marker is not asking platform teams to bless a bespoke appliance. It fits into the infrastructure patterns regulated buyers already audit.

Kubernetes and Helm

Marker is packaged for Kubernetes with Helm, so platform teams can deploy it through the same review, promotion, and rollback process they use for internal services.

One image set

Hosted, customer cloud, connected on-prem, and air-gapped installs run the same product images. The deployment boundary changes by injected config and install profile, not by a separate enterprise fork.

Portable state

Marker uses Postgres for relational state and durable jobs, plus object storage for audio, transcripts, bundles, and worker artifacts.

Enterprise identity

Human access federates through SAML or OIDC. Marker stores no passwords, and authorization remains a Marker policy decision instead of an IdP side effect.

Supply-chain evidence

Deployment artifacts are designed around signed images, per-release SBOMs, and offline bundles that can be verified before they enter a restricted network.

Customer-pulled updates

A vendor or customer portal can expose release notes, Helm charts, images, SBOMs, signatures, and offline bundles for customers to pull into their own artifact process.

Customers pull releases into their own process.

Regulated buyers often need their security, platform, and release teams to inspect artifacts before anything reaches production. Marker can support a vendor or customer portal model where authorized operators pull update artifacts on their schedule.

What is pulled
Helm charts, signed container images, release notes, SBOMs, signatures, and offline bundles.
Who controls promotion
The customer's platform team promotes artifacts through their registry, cluster, change window, and evidence process.
How air-gap works
Offline bundles are transferred into the restricted network, verified in place, loaded into the local registry, and deployed with the same Helm-based shape.

Credible for procurement without pretending every customer is the same.

The deployment conversation stays high-level until your platform team picks the boundary: hosted, customer cloud, connected on-prem, or air-gapped. From there, the design centers on your Kubernetes standard, your identity provider, your object storage, and your artifact controls.