Dedicated Instance (VPC) Deployment

Single-tenant deployment inside the customer's cloud account with full network isolation, customer-managed encryption keys, and the security posture most regulated enterprises require.

Dedicated instance (often called VPC deployment) is the standard posture for regulated-industry customers and any enterprise whose security review requires single-tenant infrastructure. Beth and Isaiah deploy inside a dedicated cloud account or VPC under the customer's control — full network isolation, customer-managed encryption keys, and audit logs that never leave the customer's perimeter.

Architecture

Single-tenant deployment in the customer's cloud account (AWS, Azure, GCP) or in a Huper-managed cloud account dedicated to the customer. Customer-managed encryption keys (BYOK) via AWS KMS, Azure Key Vault, or GCP KMS. Network isolation via VPC with customer-controlled ingress/egress rules. Audit logs written to customer-controlled logging infrastructure.

Key Features

Customer-controlled key management

Customer manages encryption keys via AWS KMS, Azure Key Vault, or GCP KMS. Keys never leave the customer's perimeter; Huper-managed services authenticate via the customer's IAM.

Network isolation

VPC deployment with customer-controlled network ACLs, egress rules, and private connectivity options. Optional disconnection from public internet entirely.

Sovereign cloud paths

Microsoft 365 GCC / GCC High, AWS GovCloud, EU Sovereign Cloud, and APAC sovereign-cloud regions supported where the customer's compliance posture requires.

Bring-your-own-cloud-account

Deploy inside the customer's existing cloud account so deployment economics align with the customer's existing cloud commit.

Security Features

Single-tenant infrastructure — no shared compute or storage across customers

Customer-managed encryption keys (BYOK)

VPC with customer-controlled network ACLs and egress rules

Audit logs in customer-controlled logging infrastructure

Private connectivity options (AWS PrivateLink, Azure Private Link, GCP Private Service Connect)

Compatible with customer's existing IAM, SSO, and conditional-access policies

Compliance Mapping

SOC 2 Type II pathISO 27001 pathHIPAA-compatible (with BAA)GDPRSectoral frameworks (FERPA, PCI-DSS, FERC, etc.)

When to Choose Dedicated Instance (VPC)

Regulated industries (finance, healthcare, pharmaceutical, energy, government)

Security reviews requiring single-tenant infrastructure

Customers with explicit BYOK and customer-controlled key management requirements

Workloads handling sensitive data (PHI, PII, pre-release financials, M&A pre-announcement)

Multi-cloud or sovereign-cloud requirements (GCC, EU Sovereign, APAC sovereign)

Frequently Asked Questions

Does Huper have access to data inside our VPC?

Operational access is scoped per the customer's security review — typically read-only for monitoring and metric purposes, with break-glass access for incident response. Customer data is never accessed for model training.

What about disaster recovery and backup?

DR posture follows the customer's existing cloud DR strategy; Beth and Isaiah deployments inherit the customer's regional redundancy and backup policies. Pilot scoping confirms RTO/RPO requirements.

Deploy with Dedicated Instance (VPC)

Tell us your requirements. We\u2019ll architect the right deployment for your security and compliance needs.

Talk to Us

Other Deployment Models

On-PremiseCloud-HostedHybrid