ESS PRO · Platform

No internet. No dependency.
No compromise.

AMVLET's air-gapped deployment delivers complete sovereign communications inside your classified perimeter — no external services, no internet dependency, no attack surface beyond your own infrastructure.

Talk to our team → View ESS PRO →
Zero external dependencies End-to-end encrypted Single & multi-site DDIL-ready
0
External dependencies — the complete platform runs inside your perimeter with no calls to external servers, APIs, or services
100%
Infrastructure control — your homeserver, your encryption keys, your data. No third party can access, scan, or intercept communications
4
Deployment modes — single-site, multi-site air-gapped federation, tactical DDIL operations, and cross-domain gateway integration
DDIL
Ready — Degraded, Disconnected, Intermittent, and Low-bandwidth environments all supported, including satellite and mesh topologies
Live system view

Inside the perimeter.

Every message, call, and file transfer stays within your air-gapped network. The system event log shows internal-only activity — zero external connections, end-to-end encrypted throughout.

AMVLET · Air-Gapped Deployment — site-alpha.classified
Isolated
⬤ SITE ALPHA — Classified internal network · No external routing
Security posture
Time Event Type Status
14:22:07 secure-ops-ch-7 · message Message INTERNAL
14:21:55 site-b.alpha · federation sync Federation INTERNAL
14:21:43 voice-room-ops-4 · call started Voice ENCRYPTED
14:21:31 annex-d-brief.pdf · file share File ENCRYPTED
14:21:18 site-c.classified · room join Federation INTERNAL
14:20:55 command-ch-1 · message Message INTERNAL
14:20:42 8 users connected · homeserver System ONLINE
14:20:30 site-b.alpha · daily state sync Federation INTERNAL
Security posture
Internet
✗ BLOCKED
External requests (72h)
0
Encryption
✓ X.509 E2EE
Uptime
99.99%
Sites federated
3
Active users
847
Core capabilities

Built for where connectivity ends.

Air-gapped environments demand more than standard security software. AMVLET is engineered from the ground up to operate inside your perimeter — indefinitely.

Zero Dependencies

The entire AMVLET platform — homeserver, identity service, media store, push gateway, and administrative tooling — runs inside your air-gapped perimeter. No internet connectivity is required at any stage of operation, including setup, messaging, file transfer, voice calls, or security updates.

LTS Stability

Air-gapped environments cannot adopt rapid release cycles. AMVLET ESS PRO includes Long Term Support versions with extended security maintenance windows, SLA-backed performance guarantees, and security patches delivered as offline bundles — cryptographically signed and verifiable before installation. No upgrade pressure, no end-of-life risk.

DDIL-Ready

Degraded, Disconnected, Intermittent, and Low-bandwidth environments are first-class deployment targets. AMVLET is optimised for satellite and mesh network topologies, tactical mobile deployments, and field operations where bandwidth is scarce or connectivity is intermittent. When links restore, state synchronises automatically.

How it works

Five pillars of air-gapped sovereignty.

AMVLET's air-gapped architecture is not a stripped-down version of the cloud product. It is the full platform, re-engineered to operate in environments where internet access is prohibited by design.

1

Offline bundle deployment

The entire AMVLET stack is packaged into a secure, self-contained bundle for air-gapped installation. All container images, dependencies, and configuration assets are included. Bundles are cryptographically signed by AMVLET and verified before installation — ensuring the integrity of every component deployed inside your perimeter. Security updates follow the same process: a signed offline patch bundle, delivered through your existing secure transfer channel.

2

Multi-site air-gapped federation

Air-gapped does not mean isolated from your own organisation. AMVLET supports Matrix federation between multiple air-gapped sites — headquarters to field base, classified node to command centre — without routing traffic through any external network. Users on Site A and Site B communicate in shared rooms, with state replicated directly between your internal homeservers. Each site retains full operational capability if the inter-site link is lost.

3

DDIL operation and resilience

Most communications platforms degrade or fail under poor connectivity. AMVLET is designed for the opposite: low-bandwidth efficiency, aggressive compression, local caching, and graceful degradation ensure the platform remains usable when links are poor. In full disconnection, the local homeserver continues to operate independently — messages, calls, and files within the local network remain fully functional. When connectivity returns, state synchronises automatically without operator intervention.

4

Cross-domain gateway integration

When an air-gapped deployment requires controlled connectivity to a lower-classification environment, AMVLET integrates with Cross Domain Gateway hardware. A complete protocol break ensures the two networks never share a network path — content is inspected, sanitised, and re-delivered by the gateway. The air-gapped homeserver is never in direct federation with the low-side network. Learn more about Cross Domain Solutions →

5

Hardware-based E2EE via X.509

AMVLET's air-gapped deployment supports hardware-embedded encryption using X.509 certificates, binding encryption keys to physical devices rather than software credentials. This eliminates the risk of key export or credential theft — even if a device is compromised, the private key cannot leave the hardware. Combined with Matrix's native end-to-end encryption, communications remain confidential from sender to recipient, with no intermediate decryption at the server level.

Why classified environments choose air-gapped

Why the most capable organisations
choose disconnection

An air gap is not a last resort — it is a deliberate architectural choice. When the stakes are high enough, connection itself becomes the vulnerability. The question is not whether to disconnect; it is how to communicate effectively once you do.

Classified and sensitive environments have always faced the same tension: the need for secure, rapid communication on one hand, and the obligation to protect information from external exposure on the other. For decades, the default answer was isolation — if nothing connects out, nothing leaks out. But isolation at the infrastructure level does not solve the human problem.

The shadow IT problem

When the official communications platform is difficult to use, slow, or simply unavailable, people find alternatives. Consumer messaging applications — designed for convenience, not security — end up carrying operational information because they work. This is shadow IT: not a technology failure, but a usability gap that security policy cannot close on its own. The answer is not to ban consumer apps. It is to provide something better.

AMVLET's air-gapped deployment is built on the Matrix open standard, the same protocol behind the consumer-grade SCOVR application. Users get a familiar, consumer-quality interface — GridView room navigation, push notifications through your local gateway, voice and video calling — running entirely within your classified perimeter. When the official tool is as easy to use as the forbidden one, shadow IT loses its appeal.

No external surface
With zero external connectivity, there is no network path for an external attacker to exploit. The attack surface ends at your perimeter.
Shadow IT eliminated
A consumer-grade interface running inside the perimeter removes the usability gap that drives people to unsecured alternatives.
LTS guarantee
Long Term Support versions with extended security windows mean your deployment stays current without disruptive upgrade cycles.

LTS versus end-of-life legacy systems

Air-gapped environments cannot update software on the cadence of a cloud platform. Accreditation cycles are long; change control is rigorous; the cost of re-accrediting a new version can exceed the cost of operating an old one. This is why so many classified environments end up running software that is years out of date — and years past the point where the vendor provides security patches.

AMVLET's Long Term Support programme addresses this directly. LTS releases receive security maintenance for extended periods, with security patches delivered as signed offline bundles that can be staged, tested, and deployed through your existing change control process. The platform stays secure without forcing the pace of your accreditation cycle. Organisations that have spent years maintaining ageing legacy systems because no credible alternative existed now have one — a modern, open-standard platform with the support model that classified environments actually require.

Common questions

Questions before deployment.

What security teams, information assurance officers, and architects ask when evaluating an air-gapped communications platform.

What does "air-gapped" mean in the context of AMVLET?
An air-gapped deployment means the entire AMVLET platform — every service, every dependency, every component — runs inside your classified network perimeter with no internet connectivity required at any point. There are no calls to external APIs, no cloud services, no telemetry, no licence servers, and no remote update mechanisms. The system is fully self-contained. Security updates, when required, are delivered as signed offline bundles through your existing secure transfer process and applied entirely within the perimeter.
Can AMVLET truly operate with zero internet connectivity?
Yes. AMVLET's air-gapped bundle includes every component required for operation: the Synapse homeserver, identity service, media repository, administrative console, and client applications. None of these components make outbound connections during normal operation. Voice and video calls route through your internal TURN server (included in the bundle). Push notifications are delivered through your internal push gateway. User registration, authentication, and key management all operate within the perimeter. The only external connection that can optionally be added is a controlled link to a lower-classification network via Cross Domain Gateway hardware — and that connection is always optional and separately accredited.
How are security updates delivered without internet access?
Security patches are packaged as signed offline update bundles. Each bundle is cryptographically signed by AMVLET using a key that your information assurance team can verify independently before installation. The bundle is transferred to your air-gapped environment through whatever secure transfer mechanism your organisation uses — physical media, a one-way data diode, or a Cross Domain Gateway. Once inside the perimeter, the bundle is verified, staged in a test environment if required by your change control process, and then deployed. Every step of this process is designed to fit within existing classified change management procedures rather than require new ones.
What is DDIL and how does AMVLET handle it?
DDIL stands for Degraded, Disconnected, Intermittent, and Low-bandwidth — conditions common in tactical field operations, remote deployments, and environments relying on satellite or mesh network connectivity. AMVLET handles each condition differently: in low-bandwidth environments, the platform applies aggressive compression and prioritisation to keep messaging functional on very constrained links. In intermittent connectivity scenarios, the local homeserver continues operating normally — messages and calls within the local site remain fully available. When connectivity to a remote site or command node restores, state synchronises automatically. In full disconnection, the local site operates as an independent island until the link returns. No operator intervention is required for resynchronisation.
Can multiple air-gapped sites communicate with each other?
Yes. AMVLET supports Matrix federation between multiple air-gapped sites across your internal classified network — without routing traffic through the public internet. Users on different sites participate in shared rooms, and state is replicated directly between the internal homeservers over your private inter-site links. Each site retains full operational capability if the inter-site link is lost: users continue communicating locally, and state resynchronises automatically when the link restores. For communication with lower-classification environments, integration with Cross Domain Gateway hardware provides a controlled, protocol-break connection that keeps the two networks structurally separated.
How does AMVLET support accreditation and compliance reviews?
AMVLET is built on the open Matrix standard, which means the protocol, the homeserver implementation, and the cryptographic primitives are all publicly documented and independently auditable. There are no proprietary black-box components that an information assurance team must take on trust. Every component can be reviewed against its published specification. AMVLET provides full deployment documentation, architecture diagrams, and security configuration guides formatted for information assurance review. LTS versions come with extended support commitments that align with typical accreditation cycles — you can specify a version, have it accredited, and continue operating on that version with security maintenance for a defined period without being forced onto a new release before you are ready.

Communicate within.
Completely contained.

AMVLET's air-gapped deployment gives classified and sensitive environments a complete, modern communications platform — with zero external dependencies and the support model that sovereign operations require.

Talk to our team → View ESS PRO