On-Premise Setup
Run deployments on your own infrastructure with LaserData control plane orchestration
On-premise deployments let you run Apache Iggy on your own servers while the LaserData control plane handles monitoring, configuration management, and task orchestration.
On-premise deployments are provisioned by the LaserData team. Contact us to get started — we'll walk you through requirements, set up the deployment, and provide everything you need to install Warden on your nodes.
How It Works
On-premise uses the same control plane as Managed and BYOC deployments. The difference is that infrastructure runs on your servers — physical hardware, private cloud, or any VMs you control.
Once the LaserData team provisions your deployment, each node runs a Warden agent alongside the Iggy server. Warden handles all communication with the control plane.
Architecture
All communication is pull-based — Warden connects outbound to the LaserData control plane. Your infrastructure needs no inbound firewall rules.
┌─────────────────────────────┐ ┌────────────────────────────────┐
│ Customer Infrastructure │ │ LaserData Cloud │
│ (On-Premise) │ │ │
│ │ OUTBOUND │ │
│ ┌───────────────────────┐ │ ONLY │ ┌──────────────────────────┐ │
│ │ Node 1 │ │ ──────────── │ │ Control Plane │ │
│ │ ┌─────┐ ┌────────┐ │ │ │ │ │ │
│ │ │Iggy │ │ Warden │──│──│──── PULL ───>│ │ Configs, tasks, │ │
│ │ └─────┘ └────────┘ │ │ │ │ certificates │ │
│ └───────────────────────┘ │ │ │ │ │
│ │ │ │ │ │
│ ┌───────────────────────┐ │ │ │ │ │
│ │ Node 2 │ │ │ │ │ │
│ │ ┌─────┐ ┌────────┐ │ │ │ │ │ │
│ │ │Iggy │ │ Warden │──│──│──── PUSH ───>│ │ Heartbeats, metrics, │ │
│ │ └─────┘ └────────┘ │ │ (outbound) │ │ logs │ │
│ └───────────────────────┘ │ │ │ │ │
│ │ │ │ │ │
│ ┌───────────────────────┐ │ │ └──────────────────────────┘ │
│ │ Node N │ │ │ │
│ │ ┌─────┐ ┌────────┐ │ │ │ │
│ │ │Iggy │ │ Warden │──│──│──────────────│ │
│ │ └─────┘ └────────┘ │ │ │ │
│ └───────────────────────┘ │ │ │
│ │ │ │
│ (no inbound connections) │ │ │
└─────────────────────────────┘ └────────────────────────────────┘| Direction | What Flows | Protocol |
|---|---|---|
| Node → Control Plane | Heartbeats, metrics, task results | Outbound HTTPS |
| Node ← Control Plane | Config, tasks, certificates (pulled by Warden) | Outbound HTTPS |
| Control Plane → Node | Nothing — no inbound connections | N/A |
Iggy continues running even if the control plane is unreachable — tasks queue up and execute when connectivity is restored.
Setup Flow
1. Contact LaserData
Reach out to the LaserData team to request an on-premise deployment. We'll need:
- Your environment details (tenant, division, environment)
- Cluster type — Standalone (single node) or Replica (multi-node)
- Node details — hostnames, public/private IPs, and ports for each node
- Whether you need at-rest encryption and deletion protection
2. Deployment Provisioning
The LaserData team creates your deployment, registers your nodes, generates TLS certificates, and prepares authentication credentials for each Warden agent. You'll receive:
- A Warden install script or manual installation instructions
- Per-node secrets (API key and authentication token) for each Warden agent
- TLS certificates signed by the deployment's CA
3. Install Warden
On each node, install the Warden agent with the credentials provided by LaserData:
Install script:
curl -fsSL https://artifacts.laserdata.com/scripts/install.sh | sudo bash -s -- \
--api <CONTROL_PLANE_URL> \
--secret <NODE_SECRET>The script installs dependencies, downloads and verifies binaries, configures services, and starts Warden.
Manual setup:
- Install system dependencies
- Create directory structure
- Download and verify binaries from the LaserData CDN
- Configure Warden with the node secret and control plane URL
- Start the Warden service — Warden manages the Iggy lifecycle from here
4. Verify
Once Warden is running, it registers with the control plane and begins pulling configuration. You can verify the deployment status in the Console — nodes should appear as healthy within a few minutes.
Ongoing Operations
Once deployed, all operational changes flow through the pull-based task system:
| Operation | How It Works |
|---|---|
| Configuration changes | Update via Console or API — Warden pulls and applies automatically |
| Upgrades | Trigger via Console or API — Warden downloads, verifies, and swaps binaries atomically |
| Certificate rotation | Automatic — Warden pulls new certificates before expiry |
| Monitoring | Warden pushes heartbeats, metrics, and logs to the control plane |
Failed upgrades automatically roll back to the previous version.
Adding or Removing Nodes
To add or remove nodes from an existing on-premise deployment, contact the LaserData team. We'll update the deployment configuration, generate credentials for new nodes, and provide updated TLS certificates. Up to 100 nodes per deployment.
System Requirements
- OS: Ubuntu 22.04 or later
- Network: Outbound HTTPS (port 443) to the LaserData control plane
- Permissions: Root or sudo access for initial setup