FOR OPERATORS
If your platform needs to reach customer data on customer infrastructure, you have three options. Build it yourself. Push the work to your customers via VPN setup guides. Or run Ewii. This page is for operators considering option three.
The Hub runs as an OCI container in your infrastructure: your VPC, your Kubernetes cluster, your bare-metal. Resource footprint is moderate — a single Hub instance handles thousands of concurrent Client connections. We provide the binary, the image signed with Cosign, the deployment manifest, and the operational runbook. Your team owns the rollout. We back you up.
A single Hub serves many customers concurrently. Tenants are cryptographically isolated: each customer’s SPIFFE trust bundle is independent, and the Hub enforces tenant boundaries at the connection layer before any application traffic flows. There is no shared-key cross-tenant code path. A compromise of one tenant’s Client provides no path to another tenant’s traffic via the cryptographic boundary.
The Client container can be retagged and branded with your product name. The web experience your customers see when installing the Client — setup instructions, status page, support links — is fully customizable. Your customers see your brand; we sit behind it. Trust attribution stays with us only when a customer asks where the security model comes from, and you point them here.
Prometheus metrics out of the box: connection counts, handshake latency, ChaCha20-Poly1305 throughput, replay-window rejections, certificate-rotation events. Structured logs (JSON) for SIEM ingestion. SLA targets: 99.95% steady-state availability per Hub region, 99.9% during planned windows. Pager-duty integration is your call; we don’t ship a paging system.
Every operator engagement starts with a 60-minute Architecture Review. Our senior architect and security lead attend. No account executive, no sales pitch. We walk through your platform’s data flow, your customers’ security posture, and the deployment shape that fits both. You leave with three artifacts: a draft architecture diagram, a security-responsibilities matrix (who owns what), and a deployment plan. Whether you adopt Ewii after that is your call — we don’t bill for the review.