Skip to main content
NeuralTrust ships as a single unified Helm chart — neuraltrust-platform — that runs on any Kubernetes cluster: AWS EKS, Google GKE, Azure AKS, Red Hat OpenShift, or vanilla Kubernetes (including on-prem and air-gapped). You make two decisions before installing:
  1. Where does it run? → pick your cloud / platform
  2. What runs in your cluster? → pick your deployment model
Everything else is covered by the chart’s defaults.

1. Pick your deployment model

ModelControl PlaneData PlaneBest for
Hybrid (chart default)NeuralTrust SaaSYour clusterMost customers — fastest to value, no UI to operate
Self-hostedYour clusterYour clusterAir-gapped, sovereignty mandates, full operational control
Both modes use the same chart and the same data-plane images. You can switch later without losing data. The complete decision matrix and topology diagrams live in Deployment models.

2. Pick your environment

Each guide covers cluster prerequisites, then walks through both deployment models with cloud-specific examples (storage class, ingress controller, IAM/identity, DNS, certificates, GPU pools).

GCP (GKE)

Google Kubernetes Engine — GCE Ingress, Managed Certificates, Workload Identity, GPU node pools (nvidia-l4 / nvidia-t4).

AWS (EKS)

Amazon EKS — AWS Load Balancer Controller, ACM, EBS / EFS, IRSA, GPU node groups (g5 / g6).

Azure (AKS)

Azure Kubernetes Service — AGIC or NGINX ingress, Key Vault certs, Azure Disk, GPU node pools (Standard_NC*).

OpenShift

OpenShift 4.10+ — Routes (default) or Ingress, SCC handling, oc workflow, ROSA / ARO / on-prem.

Vanilla Kubernetes

Any Kubernetes 1.24+ — on-prem, bare metal, air-gapped, k3s, OKE, and other distributions.

High-level architecture

NeuralTrust architecture diagram The platform has two halves:
  • Control Plane — UI, policy editor, scheduler, RBAC. Runs on NeuralTrust SaaS (hybrid) or in your cluster (self-hosted).
  • Data Plane — telemetry ingestion, eval execution, ClickHouse writes. Always runs in your cluster.
TrustGate (the AI gateway), the Firewall (prompt/response safety classifiers), and the infrastructure stores (ClickHouse, Kafka, PostgreSQL) all sit on the data-plane side and run in your cluster in both deployment models. Your prompt and response data never leaves your environment.

What gets deployed

ComponentPurposeIn hybrid?In self-hosted?
Data Plane API + workerTelemetry ingestion, eval scheduling
Kafka ConnectStreams events into ClickHouse
Control Plane API + UI + SchedulerDashboards, RBAC, policy distribution(SaaS)
TrustGate (admin + gateway + actions)AI gateway(typical)
Firewall (gateway + 5 workers)In-cluster prompt/response safety — CPU or GPU workers
ClickHouseAnalytics database(or external)(or external)
KafkaEvent streaming(or external)(or external)
PostgreSQLRelational store (TrustGate + CP metadata)(or external)(or external)
RedisTrustGate cache (bundled with TrustGate subchart)(or external)(or external)
For the complete image list per model, including tags, replicas, and resource footprints, see Image catalog.

Configurable infrastructure

ClickHouse, Kafka, and PostgreSQL can each be:
  • In-cluster (default) — the chart deploys and manages StatefulSets, PVCs, and credentials.
  • External — you point the chart at managed services (RDS, Cloud SQL, MSK, Confluent Cloud, ClickHouse Cloud, etc.).
This applies in both deployment models. See Configuration scenarios › External infrastructure.

LLM endpoints

Some NeuralTrust components require access to an LLM endpoint to perform their operations (LLM-as-a-Judge evaluators, topic summarizer, etc.).
The cluster where you deploy the Data Plane must have network reachability to the LLM endpoint.
Configure providers from the NeuralTrust dashboard. Supported out of the box:
ProviderNotes
OpenAIDirect REST integration
OpenAI-compatible APIsAny provider implementing the OpenAI API shape
Google GeminiDirect REST integration
OllamaSelf-hosted models served from your infrastructure
AnthropicClaude models across regions
Azure OpenAIAzure-hosted OpenAI endpoints
In hybrid mode you can use NeuralTrust’s managed LLM endpoint.

LLM targets / upstreams

TrustGate and TrustTest both need network reach to the LLM you’re protecting or testing.
The cluster where you deploy the Data Plane and TrustGate must have network reachability to the LLM target.

Detailed component reference

Each component below is documented for its responsibilities and security posture. For how to deploy them, follow the per-cloud guide above.

Data Plane

The Data Plane manages your private data and endpoints — user conversations, traces, metrics, and evals. API
  • High-throughput ingestion (millions of events/sec at the upper end).
  • Real-time validation and enrichment of incoming streams.
  • Robust API key management and JWT-based authentication.
  • Horizontal autoscaling against incoming volume.
Worker
  • Real-time analysis for immediate insights and anomaly detection.
  • Privacy-preserving analytics while keeping raw data in your environment.
  • Alert generation for critical AI security and performance events.
Message Queue (Kafka)
  • Event sourcing — complete audit trails of all AI monitoring events.
  • Guaranteed delivery with configurable durability.
  • Stream processing for real-time workflows.
  • Backpressure management during traffic spikes.
Kafka is the only supported Data Plane message queue today. Deploy in-cluster or point at an external instance (MSK, Confluent Cloud, Event Hubs).
Database (ClickHouse)
  • Complete data sovereignty — all raw AI monitoring data stays in your VPC.
  • High-performance analytics, optimized for real-time and complex queries.
  • Encryption at rest with your managed keys.
  • Compliant for GDPR, HIPAA, SOX, and other regulatory frameworks.
ClickHouse is the only supported Data Plane analytics DB today. Deploy in-cluster or external (ClickHouse Cloud).

Control Plane

The Control Plane provides centralized management and advanced AI security capabilities. API
  • Backbone for all Control Plane operations and customer interactions.
  • Powers the NeuralTrust dashboard and customer interfaces.
  • Multi-tenant architecture with strict environment isolation.
  • Global orchestration across multiple customer Data Plane deployments.
Application (UI)
  • Real-time dashboards for AI security and performance insights.
  • Cross-environment analytics without compromising individual data privacy.
  • Centralized alert configuration and notification management.
Scheduler
  • Schedules and orchestrates TrustTest execution jobs across customer environments.
  • Coordinates TrustScan security analysis jobs and vulnerability assessments.
  • Coordinates periodic metrics checks for alert generation.
  • Manages the timing and execution of AI testing and scanning workflows.
Database (PostgreSQL)
  • Stores only basic operational data for CRUD operations.
  • Never stores customer’s sensitive AI monitoring data.
  • Configuration management for system configurations and user preferences.
  • User management for accounts, permissions, and authentication.
PostgreSQL is the only supported Control Plane database today. Deploy in-cluster or external (RDS, Cloud SQL, Azure Database for PostgreSQL).

Data flow & privacy

NeuralTrust’s architecture ensures complete data sovereignty while enabling comprehensive AI security through privacy-preserving data flows. AI application data flow (your environment):
  1. AI applications route through TrustGate for real-time validation against configured security policies.
  2. TrustGate writes validated, protected interaction data directly to the Data Plane Kafka for processing.
  3. Data Plane workers process and analyze the data while keeping everything in your VPC.
  4. Workers write raw and derived data to the Data Plane ClickHouse in your controlled environment.
Policy management flow:
  • The TrustGate admin service exposes security policies, routing rules, rate limits, and access controls that govern gateway behavior.
Cross-VPC security operations (privacy-safe only):
  • TrustTest runs on the NeuralTrust Control Plane for comprehensive red-teaming, against your data-plane endpoints.
  • TrustScan performs analysis within your Data Plane using your complete data.
  • Only aggregated, anonymized security insights cross the VPC boundary.
  • Customer prompts, responses, and user data never leave your environment for vulnerability scanning.
Why TrustTest runs in the Control Plane TrustTest operates exclusively in NeuralTrust’s Control Plane infrastructure to maintain a centralized, continuously updated jailbreak database. New jailbreak techniques emerge daily; maintaining an up-to-date threat intelligence database requires continuous research and monitoring. By running TrustTest centrally, all customers immediately benefit from the latest red-teaming capabilities without independently cataloging new attack methods.

Cloud-specific guides

GuideWhen to use
GCP (GKE)Google Cloud Platform — default chart target
AWS (EKS)Amazon Web Services
Azure (AKS)Microsoft Azure
OpenShiftRed Hat OpenShift 4.10+ on any cloud or on-prem
Vanilla KubernetesAny conformant Kubernetes — on-prem, bare metal, air-gapped, k3s, RKE2, OKE, etc.
Each guide has hybrid and self-hosted walkthroughs with full YAML examples.

Cross-cutting reference

TopicWhen you need it
Deployment modelsPicking between hybrid and self-hosted
Feature flags referencePostgreSQL / Redis / Kafka / ClickHouse local vs external, image registry, storage class, secret modes
Image catalogImage registry, tags, replicas, sizing
Configuration scenariosSide-by-side values files for common topologies
Secrets managementAuto-generation, pre-generated, External Secrets Operator
Firewall deploymentCPU vs GPU workers, TrustGate integration

Source code


Data sovereignty first. NeuralTrust’s architecture ensures your sensitive AI data never leaves your environment while providing enterprise-grade AI security monitoring and insights.