On-Premise Deployment: Architecture Documentation That Lives Where Your Code Does - Archyl Blog

Not every organization can send its architecture data to the cloud. Regulated industries, government agencies, and security-conscious teams need their tools to run inside their own walls. Archyl now ships as a self-hosted deployment you can run on your own infrastructure — same features, your network, your rules.

On-Premise Deployment: Architecture Documentation That Lives Where Your Code Does

There's a conversation that happens in every enterprise procurement process. The tool looks great. The team wants it. The features check every box. Then someone from security or compliance asks: "Where does the data live?"

And if the answer is "on someone else's servers," the conversation gets a lot longer — or it ends.

This isn't paranoia. It's reality. Financial institutions have regulators who dictate where customer-adjacent data can be stored. Healthcare organizations operate under HIPAA constraints that make third-party data residency a legal question, not a preference. Government agencies have classification requirements that rule out SaaS entirely for certain workloads. And plenty of companies without regulatory mandates simply have a policy: sensitive systems stay inside the perimeter.

Architecture documentation is one of those sensitive systems. Your C4 diagrams describe your entire software estate — what services exist, how they connect, what protocols they speak, what databases store what data. It's a map of your attack surface, your infrastructure topology, and your organizational structure all at once. For many organizations, that map is as sensitive as the systems it describes.

We built on-premise deployment for Archyl because those organizations deserve architecture documentation tooling too.

What You Get

The on-premise version of Archyl is the same product as the cloud version. Not a stripped-down "enterprise lite" variant. Not a different codebase with a subset of features. The same application, packaged to run inside your infrastructure.

That means:

  • Full C4 modeling across all four levels — systems, containers, components, code elements
  • AI-powered discovery that analyzes your repositories and generates architecture documentation automatically
  • Real-time collaboration with live cursors, presence indicators, and concurrent editing
  • Architecture Decision Records, documentation, user flows, and insights
  • API contracts linked to your architecture elements
  • Release management for tracking deployments across environments
  • Marketplace integrations with Datadog, Prometheus, GitHub, GitLab, SonarQube, ArgoCD, and PagerDuty
  • MCP server for connecting your architecture to AI assistants
  • Architecture Change Requests for governed architecture evolution
  • SSO authentication via SAML 2.0 and OpenID Connect

Everything. Running on hardware you control, in a network you manage, behind a firewall you own.

Why On-Premise Matters

The benefits go beyond checking a compliance checkbox. Running Archyl inside your own infrastructure changes the security and operational model fundamentally.

Your Data Never Leaves Your Network

Every piece of architecture data — systems, relationships, diagrams, ADRs, documentation, AI analysis results — stays on your servers. No data transits to our cloud. No third-party infrastructure stores your architecture metadata. If your network policy says "nothing leaves the VPC," Archyl respects that completely.

This isn't just about storage. It's about transit. When your team opens a diagram, the data travels from your database to your application server to your team's browser — all within your network. When AI discovery analyzes a repository, the code content moves from your Git server to your Archyl instance to your AI provider (which can also be self-hosted with Ollama). The entire data path is under your control.

Your AI, Your Models

AI-powered discovery is one of Archyl's most powerful features. It reads your codebase and generates C4 architecture documentation automatically. For many organizations, the idea of sending source code to an external AI provider is a non-starter.

With on-premise Archyl, you choose your AI provider:

  • Ollama for fully air-gapped setups — run open-source models like Mistral, Llama, or CodeLlama on your own GPUs. Zero data leaves your infrastructure.
  • OpenAI or other cloud providers if your policy allows it — the connection goes directly from your Archyl instance, not through our servers.

The AI provider is a configuration choice, not an architectural constraint. Switch between providers without changing anything else.

Compliance Without Compromise

Regulated industries have specific requirements about data residency, access control, and audit trails. On-premise deployment addresses these structurally:

  • Data residency: Your architecture data lives in the geographic region and data center you choose. Full stop.
  • Access control: Integrate with your existing identity provider via SAML or OIDC. Your directory, your groups, your policies.
  • Network isolation: Run Archyl in a private subnet with no internet access if needed. The application works fully offline after initial setup.
  • Audit logging: All access and modifications flow through your infrastructure, visible to your monitoring and SIEM tools.

For teams operating under SOC 2, ISO 27001, HIPAA, FedRAMP, or similar frameworks, on-premise deployment means the architecture tool fits within your existing compliance perimeter rather than creating a new exception to manage.

Git Provider Flexibility

Archyl supports a wide range of Git providers, and several of them are designed specifically for self-hosted environments:

  • GitHub Enterprise on your own servers
  • GitLab Self-Hosted behind your firewall
  • Gitea for lightweight self-hosted Git
  • Azure DevOps for Microsoft-ecosystem organizations

When both your Git server and your Archyl instance run inside the same network, repository analysis is fast, secure, and doesn't touch the public internet at any point.

How It Works

Archyl's on-premise deployment runs as a set of containers:

  • Backend API — The Go application server handling all business logic, authentication, and API endpoints
  • Frontend — The React application serving the UI
  • PostgreSQL — Primary data store for all architecture data

A standard docker-compose setup gets you running in minutes. For production environments, the same containers deploy to Kubernetes, ECS, Nomad, or whatever orchestration platform your team operates.

Configuration is environment-variable driven. Database credentials, AI provider settings, SSO configuration, Git provider OAuth — everything is set through environment variables or a config file. No phone-home, no license server, no external dependencies beyond what you choose to connect.

Who This Is For

On-premise deployment is available on the Custom plan and is designed for organizations where cloud isn't an option — or isn't the preferred option:

  • Financial services teams operating under regulatory data residency requirements
  • Healthcare organizations where HIPAA governs how system metadata is handled
  • Government agencies with classification or sovereignty constraints
  • Defense and aerospace companies with air-gapped or ITAR-controlled environments
  • Large enterprises with internal policies mandating on-premise tooling for infrastructure-related data
  • Security-conscious startups that simply prefer to control their entire stack

If your security team's default answer to "can we use this SaaS tool?" is "let's talk about self-hosting first," then on-premise Archyl is built for you.

What Doesn't Change

The deployment model is different. The product is not.

Your team gets the same features, the same UI, the same AI discovery, the same collaboration tools. The documentation and guides are the same. The MCP server works the same way. The API contracts, release management, marketplace integrations — all identical.

The only difference is where the software runs. And that difference is entirely yours to define.

Getting Started

If your organization needs on-premise architecture documentation tooling, reach out to our team at sales@archyl.com. We'll work with you on deployment, configuration, and making sure Archyl fits your infrastructure and security requirements.

Your architecture documentation should live where your architecture does — inside your walls, under your control, on your terms.

Learn more about Archyl's enterprise capabilities: Enterprise SSO for centralized authentication, or Marketplace Integrations for connecting your monitoring and CI/CD tools directly to your architecture.