Deployment
Built for the perimeter your buyers actually have.
Marker is built for regulated enterprise teams that cannot send call audio, transcripts, credentials, or evaluation evidence to a generic SaaS boundary. The same product can run hosted, in your cloud, connected on-prem, or fully air-gapped.
-
Marker-managed
Hosted
For teams that can start in a managed environment and want the fastest path to production verification.
Marker operates the deployment boundary.
-
Your account
Customer cloud / BYOC
For buyers who need Marker deployed in their cloud account, region, network, and storage perimeter.
Customer-owned infrastructure with Marker deployment artifacts.
-
Your datacenter
Connected on-prem
For environments where call audio, transcripts, credentials, and evaluation data stay inside the customer network.
Outbound access is limited to approved endpoints.
-
No outbound internet
Fully air-gapped
For isolated environments that install and update from signed offline artifacts instead of live package pulls.
No phone-home path; updates are pulled by the customer.
Familiar pieces, packaged for restricted environments.
Marker is not asking platform teams to bless a bespoke appliance. It fits into the infrastructure patterns regulated buyers already audit.
Kubernetes and Helm
Marker is packaged for Kubernetes with Helm, so platform teams can deploy it through the same review, promotion, and rollback process they use for internal services.
One image set
Hosted, customer cloud, connected on-prem, and air-gapped installs run the same product images. The deployment boundary changes by injected config and install profile, not by a separate enterprise fork.
Portable state
Marker uses Postgres for relational state and durable jobs, plus object storage for audio, transcripts, bundles, and worker artifacts.
Enterprise identity
Human access federates through SAML or OIDC. Marker stores no passwords, and authorization remains a Marker policy decision instead of an IdP side effect.
Supply-chain evidence
Deployment artifacts are designed around signed images, per-release SBOMs, and offline bundles that can be verified before they enter a restricted network.
Customer-pulled updates
A vendor or customer portal can expose release notes, Helm charts, images, SBOMs, signatures, and offline bundles for customers to pull into their own artifact process.
Customers pull releases into their own process.
Regulated buyers often need their security, platform, and release teams to inspect artifacts before anything reaches production. Marker can support a vendor or customer portal model where authorized operators pull update artifacts on their schedule.
- What is pulled
- Helm charts, signed container images, release notes, SBOMs, signatures, and offline bundles.
- Who controls promotion
- The customer's platform team promotes artifacts through their registry, cluster, change window, and evidence process.
- How air-gap works
- Offline bundles are transferred into the restricted network, verified in place, loaded into the local registry, and deployed with the same Helm-based shape.
Credible for procurement without pretending every customer is the same.
The deployment conversation stays high-level until your platform team picks the boundary: hosted, customer cloud, connected on-prem, or air-gapped. From there, the design centers on your Kubernetes standard, your identity provider, your object storage, and your artifact controls.