Architecture Overview

Control Zero Self-Managed deploys the complete AI governance stack within your network boundary. No outbound internet access required for core functionality.

High-Level Architecture

Components

Component	Port	Purpose
Frontend	3000	Dashboard, policy management, analytics
Backend	8080	API server, policy engine, audit logging
Gateway	8000	LLM API proxy, PII detection, tool interception
Transactional Database	5432	Configuration, policies, organizations
Caching Layer	6379	Caching, rate limiting, session storage
Analytical Store	8123	Audit logs, analytics, time-series data
Scout Agent	N/A	Endpoint AI discovery (optional)

Prerequisites

• Docker 24.0+ and Docker Compose 2.20+
• 4 GB RAM minimum (8 GB recommended)
• 2 CPU cores minimum (4 recommended)
• 10 GB disk space minimum (50 GB recommended for audit logs)
• License key (contact sales@controlzero.ai)
• No outbound internet required after initial image pull

Deployment Options

1. Docker Compose (recommended for evaluation and small deployments)
2. Kubernetes Helm chart (coming soon)

Air-gap tarball and hybrid deployment modes are planned for future releases.

What Gets Deployed

The self-managed package includes everything needed to run:

• AI app governance (gateway proxy, policy engine, SDK backend)
• Shadow AI discovery (Scout agent backend, fleet management)
• Dashboard (policy management, audit logs, analytics)
• All supporting data services (database, cache, log storage)

No data leaves your network. All processing happens locally.