Air-Gapped Deployment
Deploy and operate Knowledge Tree in air-gapped, offline, and high-security environments with no external network dependencies.
Overview
Knowledge Tree supports deployment in air-gapped and offline environments where internet access is restricted or unavailable. The platform is fully self-contained -- all components, including the database, graph engine, and AI enrichment service, can run without external network dependencies.
Defense and regulated industries
Air-gapped deployment is designed for defense, intelligence, financial services, and other regulated industries that require isolated network environments.
Deployment options
| Component | Air-gapped option |
|---|---|
| Application | Pre-built Docker images shipped via private registry or USB |
| Database | Bundled PostgreSQL + Apache AGE + pgvector in deployment |
| LLM enrichment | Local models via Ollama, llama.cpp, or vLLM (no API calls) |
| Plugin marketplace | Private marketplace or side-loaded plugins via tarball |
| License validation | Offline license files with hardware-bound activation |
| Updates | Versioned release bundles for manual installation |
Offline operation
Knowledge Tree operates fully offline with no external network calls:
- No phone home -- no telemetry, usage reporting, or license checks require internet
- Local LLM -- AI enrichment runs on local models (Ollama, vLLM, or llama.cpp)
- Embedded database -- no external SaaS dependencies for database or storage
- Offline documentation -- all documentation is bundled with the deployment
- No external API calls -- cloud provider APIs are accessed from within the network
License management
Enterprise licenses for air-gapped deployments use offline activation:
- Hardware fingerprint -- the deployment generates a unique hardware identifier
- License request -- the fingerprint is sent to the licensing authority (via secure transfer, email, or postal mail)
- License file -- a signed license file is generated and returned
- Installation -- the license file is placed in the Knowledge Tree configuration directory
- Validation -- Knowledge Tree validates the license signature on every startup
# Generate hardware fingerprint for offline license
kt-server license fingerprint
{
"fingerprint": "KT-ABC123-DEF456-GHI789",
"machine_id": "M-2024-001",
"generated_at": "2025-06-01T00:00:00Z"
}
# Install license file
kt-server license install /path/to/license.ktlicense
# Output: License valid. Expires: 2026-06-01. Tier: Enterprise.Disconnected environments
Knowledge Tree supports several disconnected deployment patterns:
- Fully air-gapped -- no network connectivity at all. All components local.
- One-way data diode -- data can flow into the environment but not out. Discovery data is imported via secured transfer.
- Periodic sync -- the environment is periodically connected for updates, then disconnected for operation.
- Multi-level security -- multiple isolated instances at different classification levels with manual data transfer between them.
LLM requirements
For AI enrichment in air-gapped environments, you must provision a local LLM server (Ollama, vLLM, or llama.cpp). The model must be loaded onto the local network. Knowledge Tree supports any OpenAI-compatible API endpoint running locally.