Ewii
Schedule a Review

GOVERNMENT

Ewii for Government

The Canadian public sector’s AI roadmap runs into the same wall every time: how do you let a modern AI or analytics platform reach data that the government refuses, correctly, to move? Ewii is the connectivity layer for that intersection. Outbound-only. Identity-verified. Protected B-aligned. Built for the security questionnaire your operator is going to receive.

Data sovereignty

All Ewii relays run in Canadian datacenters operated by Canadian-controlled entities. Encryption keys are managed in Canadian KMS infrastructure. The control plane never sees customer payload data — ChaCha20-Poly1305 encryption is end-to-end between Hub and Client, with the relay unable to decrypt. There is no US-jurisdiction code path in our deployment.

Procurement-fit

We provide the security artifacts a federal or provincial procurement office expects to see: ITSG-33 control mapping, threat model summary, security-questionnaire pre-filled answers (CAIQ-Lite), and the cryptographic primitive matrix in formal language. Our Trust Center pack is designed to drop straight into a procurement folder. We don’t ask procurement officers to take our word for security claims; every claim points to a primitive or an audited control.

Reference architecture: federal, provincial, municipal

Canadian Protected B Deployment Topology — Ewii Real-geography Lambert Conformal Conic projection of Canada showing Ewii Protected B-aligned deployment nodes at Ottawa (HUB), Toronto, Montréal, Vancouver, and Calgary. PROTECTED B ALIGNED HUB 01 — FEDERAL ANCHOR 45°25′N · 75°41′W · Ottawa, ON Federal procurement deployment CLIENT 02 — PROVINCIAL EDGE 43°39′N · 79°23′W · Toronto, ON Ontario ministry deployment CLIENT 03 — PROVINCIAL EDGE 45°30′N · 73°34′W · Montréal, QC Québec ministry deployment CLIENT 04 — WESTERN EDGE 49°16′N · 123°07′W · Vancouver, BC BC ministry deployment CLIENT 05 — MUNICIPAL EDGE 51°03′N · 114°05′W · Calgary, AB Municipal managed-provider N 0 250 KM 500 KM FIG. 1 — CANADIAN PROTECTED B DEPLOYMENT TOPOLOGY Source: Natural Earth 1:50m boundaries · Lambert Conformal Conic projection (lat_0 60°N, lon_0 95°W)
FIG. 1 Canadian Protected B reference deployment topology

The reference deployment for a federal department: Hub in a Canadian Protected B cloud zone (or on-prem); Client containers signed with a department-specific Cosign key; SPIFFE trust bundle issued by the department’s identity authority. Provincial deployments differ only in identity authority. Municipal deployments typically run the Hub in a managed Canadian provider and the Client on the municipality’s on-prem services.

Talk to an architect

We don’t ship pricing-on-the-page for Government deployments. Every engagement is custom — the architecture depends on classification, jurisdiction, and the operator’s existing posture. The Architecture Review is the first conversation. It’s 60 minutes, it’s free, and we walk out of it with a draft architecture diagram you can show your security team.

Talk to an architect about your sector.

Schedule an Architecture Review