Hardware-enforced one-way data transfer, fully managed by Airgap Solutions. Available in two delivery models: hosted in our datacenter with VPN connectivity, or installed and maintained on your own premises.
Both models use certified Advenica hardware and are fully managed by us. The difference is where the data diode lives and how your network connects to it.
The hardware lives with us. Your network connects to it over VPN.
We rack and manage a data diode in our own datacenter. Two VPN tunnels connect it to your environment: one from your source network to the diode, and a separate tunnel from the diode to your destination network. Data passes through the physical hardware in one direction — the VPN tunnels carry it securely over the internet, but unidirectionality is enforced in hardware, not in software.
No hardware at your site. No installation at your premises. Suited for organisations that want a hardware airgap without any on-site infrastructure.
The hardware is at your premises. We own it, manage it, and maintain it.
A certified data diode is installed in your rack at your location. Airgap Solutions owns the hardware — it is leased to you as part of the subscription. Our engineers install and commission it on site, and we remain responsible for firmware, maintenance, fault response, and hardware refresh throughout the contract.
Suited for organisations with strict data residency requirements, high-throughput use cases, or where the data must never leave the premises — even encrypted.
Note: The on-premise managed model requires a dedicated management network or out-of-band network to be available at your site. This is mandatory for remote monitoring, firmware management, and SLA-backed fault response.
Both models follow a structured engagement process. The hosted model is faster to activate; the on-premise model involves an on-site installation phase.
We map your source and destination networks, agree on data flows, and define the VPN architecture — tunnel endpoints, protocols, and routing.
We rack and configure the data diode in our datacenter, set up both VPN tunnel endpoints, and test end-to-end connectivity before you connect.
You connect your source and destination networks to the two VPN endpoints we provide. We verify one-way enforcement and data flow integrity remotely.
We monitor hardware health, manage the VPN tunnels, handle firmware updates, and respond to any faults under SLA. No action required on your side.
We visit your site, map the network boundaries that need protection, and select the right data diode model and protocol configuration for your environment.
We source the hardware, pre-configure it at our facility, and test it before delivery. No work is done on your network until the hardware is ready.
Our engineers install and integrate the data diode at your premises, test the data flows end-to-end, and verify that one-way enforcement is operating correctly.
We monitor hardware remotely, manage firmware, conduct scheduled on-site reviews, and handle faults under SLA — including physical hardware replacement.
Both models provide the same hardware-enforced unidirectionality and the same managed service wrapper. The right choice depends on your data residency requirements, throughput, and site constraints.
| Factor | Model 1 — Hosted | Model 2 — On-premise lease |
|---|---|---|
| Hardware location | Airgap Solutions datacenter | Your premises |
| Connectivity | Two VPN tunnels (source → diode → destination) | Direct inline — no VPN overhead |
| Data leaves your site | Yes — encrypted over VPN | No — stays on premises |
| On-site installation | Not required | Required — our engineers visit |
| Time to activate | Fast — days once VPN is configured | 3–6 weeks including site work |
| Throughput | Limited by VPN and internet link | Full hardware throughput, no VPN overhead |
| Data residency | Data transits our datacenter | Data never leaves your environment |
| Hardware ownership | Airgap Solutions — fully managed | Airgap Solutions — leased, fully managed |
| Best for | Organisations without on-site rack space or with multiple distributed sites | OT environments, high-throughput use cases, strict data residency requirements |
Tell us about your environment and we'll put together a proposal tailored to your network, your compliance requirements, and your budget.
Request a proposal Start with consultancy