Enterprise Ready

Vectrail 2.0: How It Works
& Deployment Guide

Vectrail is designed for mid-enterprise environments where data privacy is paramount. We ship a deployment story, not just software.

1. High-Level Architecture (Client View)

Edge Layer

Runs inside Customer Environment

  • vectrail-agent (Docker container)
  • Native connection to PSQL / MySQL / APIs
  • Deterministic metric computation
  • Insight compression & HMAC signing
  • Never transmits raw records or PII

Secure Cloud Layer

Vectrail Control Plane

  • HMAC signature validation
  • Multi-tenant isolation & encryption
  • 6-Stage AI Reasoning Engine
  • Executive Briefing generation
  • Optional: Partial or Full VPC deployment
Client DBVectrail AgentHMAC / TLSVectrail CloudAI Service

Visual breakdown of the secure data relay. Real data never crosses the boundary; only compressed, signed signals.

Data Boundary Guarantee

Security isn't a feature; it's our foundation. We provide ironclad guarantees for enterprise trust:

Zero Raw Exposure

Individual database records never leave your infrastructure. Only aggregated metrics and pattern summaries are sent to the cloud.

Cryptographic Integrity

All payloads are HMAC-SHA256 signed. The control plane rejects any packet not originated from your authenticated local agent.

Protection Levels

L1Basic Protection

  • • TypeScript compiled to production JS
  • • Source maps disabled (no source leak)
  • • Production-only dependency tree

L2Obfuscated Build (Enterprise)

Standard for all Docker-based deployments.

  • Advanced JS Obfuscation: Flattened control flow & variable renaming
  • Self-Defending Code: Antitamper logic embedded in binaries
  • Compact & Minified: Optimized for edge performance

2. Deployment Models

Standard Hybrid

Recommended

The fastest way to get started. Low maintenance, high security.

Best for: SaaS companies & Fast pilot deployments
Configuration
Agent (Internal) + Cloud Backend (Vectrail)

VPC Deployment

Custom

Ensures no data ever hits our public endpoints. Fully isolated.

Best for: High-security orgs & Banks
Configuration
Agent (Internal) + Backend (Client VPC) + AI (Private)

Full Private

Enterprise Tier

Air-gapped compatible path for specific use cases.

Best for: Government & Hardened Environments
Configuration
Entire stack hosted on-prem or private cloud

3. Installation Guide (Hybrid Mode)

1

Prerequisites

Docker v20+ Installed
Read access to source DB
Outbound HTTPS (port 443)
2 CPU / 4GB RAM Recommended
2

Pull Agent Image

# Pull the latest enterprise-stable agent
docker pull vectrail/agent:2.0.0
3

Create Configuration File

agent.config.json

{ "agent_id": "acme-prod-01", "license_key": "v-xxxx-xxxx-xxxx", "cloud_endpoint": "https://api.vectrail.ai", "data_sources": [ { "type": "postgres", "host": "db.internal", "port": 5432, "database": "production", "username": "vectrail_svc_user", "password": "REDACTED" } ], "sync_interval_minutes": 60 }
4

Run Agent

docker run -d \ --name vectrail-agent \ -v $(pwd)/agent.config.json:/app/config/agent.config.json \ vectrail/agent:2.0.0

Ongoing Operations

Health Monitoring

docker logs -f vectrail-agent

GET /health (Agent Port 8080)

Secret Rotation

Admin Dashboard → Security → Rotate Sync Secret. The agent auto-refreshes on the next heartbeat.

Troubleshooting

  • • Invalid HMAC: Check secret key
  • • Version Rejected: Upgrade agent
  • • Auth Error: Database firewall

Ready to pilot?

Start with the Standard Hybrid mode to get insights in minutes. You can upgrade to a full VPC deployment anytime.