Platform — Anchras

Infrastructure

Compute, storage, and networking — dedicated to you

The foundation of your private cloud. Bare-metal performance, sovereign storage tiers, and fully isolated networking — provisioned in minutes, managed around the clock.

Compute

Enterprise-grade virtual machines on Proxmox VE clusters with Intel Xeon and AMD EPYC processors. Provision from 2 to 64+ vCPUs per instance, with GPU passthrough available for ML and rendering workloads.

Dedicated resources — no noisy neighbours, no CPU steal

High-availability with automatic failover across nodes

Ubuntu, Debian, AlmaLinux, CentOS, and Windows Server templates

NVIDIA GPU passthrough (A100, A30, T4) for accelerated workloads

TechnologyProxmox VE + Ceph RBD

ProvisioningTerraform + Ansible

HAAutomatic failover

ComplianceGDPR, ISO 27001, SOC 2

Storage

Three storage tiers for every workload — high-performance block storage for databases, S3-compatible object storage for unstructured data, and shared file storage for collaborative workloads. All encrypted, all replicated, all yours.

Block (Ceph RBD), Object (MinIO S3), and File (CephFS/NFS)

Automatic data tiering — hot SSD to cold archive

11 nines durability (99.999999999%) with triple replication

AES-256 encryption at rest, LUKS2 for block devices

BlockCeph RBD (SSD-backed)

ObjectMinIO (S3-compatible)

FileCephFS / NFS

EncryptionAES-256, LUKS2, SSE-S3

Networking

Fully isolated virtual networks with VLAN segmentation, stateful firewalls, WireGuard VPN, and Traefik load balancing. Automatic TLS via Let's Encrypt and DDoS mitigation via CrowdSec — all within your sovereign perimeter.

Per-customer VLAN isolation with VXLAN overlay support

WireGuard VPN — site-to-site and remote client access

Traefik reverse proxy with automatic TLS certificates

CrowdSec behavioral DDoS protection and threat intelligence

IsolationVLAN + VXLAN

Load BalancingTraefik

VPNWireGuard

DNSInternal (Pi-hole) + Public

Security & Identity

Defense in depth. Compliance by design.

Security isn't an add-on — it's the baseline. Every Anchras deployment includes intrusion detection, encrypted storage, centralized identity management, and audit logging out of the box.

Security

A comprehensive security stack that covers infrastructure hardening, container image scanning, secrets management, and compliance reporting. Built for organizations targeting SOC 2, ISO 27001, GDPR, NEN 7510, and PCI DSS.

CrowdSec intrusion detection with behavioral threat analysis

Trivy container scanning and Grype dependency analysis

Vaultwarden secrets management with automatic rotation

VM hardening — SELinux, SSH keys only, automatic patching

IDSCrowdSec

ScanningTrivy + Grype

SecretsVaultwarden

ComplianceSOC 2, ISO 27001, GDPR, NEN 7510

Identity & Access

Centralized identity with Authelia SSO, supporting OAuth2, OIDC, and SAML. Integrate with your existing IdP (Okta, Azure AD, Ping) or use Anchras-hosted LDAP. Fine-grained RBAC, MFA enforcement, and complete audit trails for every access event.

Authelia SSO with OAuth2, OIDC, and SAML 2.0

RBAC with five default roles and custom role creation

Multi-factor authentication — TOTP and WebAuthn

Full audit logging of identity events — login, MFA, permissions

SSOAuthelia

DirectoryLDAP (AD-compatible)

MFATOTP + WebAuthn

FederationOkta, Azure AD, Ping

Operations

Containers, observability, and resilience — managed

Run production workloads with managed Kubernetes, full-stack monitoring, and automated backups with tested disaster recovery. We handle the ops so you can focus on building.

Container Orchestration

Managed K3s Kubernetes clusters with Harbor private registry, Gitea Actions CI/CD, and persistent storage backed by Ceph. From single-node development environments to highly available production clusters with auto-scaling.

Managed K3s with HA control plane and worker auto-scaling

Harbor private registry with built-in vulnerability scanning

Gitea Actions CI/CD — GitHub Actions-compatible syntax

Optional Istio service mesh for advanced traffic management

OrchestrationK3s (managed)

RegistryHarbor

CI/CDGitea Actions

StorageCeph RBD + NFS PVs

Monitoring & Observability

Full visibility into your infrastructure with Prometheus metrics, Grafana dashboards, Loki log aggregation, and Uptime Kuma synthetic monitoring. Alerting routes to email, Slack, PagerDuty, or webhooks — with optional distributed tracing via Jaeger.

Prometheus metrics with 90-day retention and PromQL

Grafana dashboards — pre-built for infrastructure, containers, and storage

Loki centralized logging with structured labels and search

Uptime Kuma — synthetic monitoring, status pages, SSL expiry alerts

MetricsPrometheus

DashboardsGrafana

LogsLoki

UptimeUptime Kuma

Backup & Disaster Recovery

Automated, encrypted, tested backups with Restic — from 15-minute incremental snapshots to long-term Glacier archival. Cross-region replication, self-service restores, and weekly automated recovery testing so you know it works before you need it.

Restic incremental backups with AES-256 encryption

RPO as low as 5 minutes, RTO as low as 15 minutes

Cross-region replication with automatic and manual failover

Weekly automated recovery testing — verified, not assumed

EngineRestic (encrypted)

Frequency15 min to weekly

ArchiveMinIO S3 + Glacier

SLA99.95% backup availability

Compliance

Built for regulated industries

Every layer of the Anchras platform is designed with compliance in mind. Not as a checklist — as architecture.

GDPR EU data residency, DPA, right to erasure

SOC 2 Type II controls, audit logging, access reviews

ISO 27001 Information security management readiness

NEN 7510 Dutch healthcare information security

PCI DSS Payment card data security standards

HIPAA Healthcare data protection requirements

Everything you need to run a sovereign cloud