The Itential Platform
The agentic operations platform for infrastructure teams.
Platform Overview
CAPABILITIES
DEVELOPER RESOURCES
Our Customers
See why top organizations choose Itential
Learn More
INDUSTRIES
CASE STUDIES
Customer Stories
Lumen’s Network Automation Journey: From Manual Workflows to AI-Assisted Autonomy
Customer Stories
How Southern California Edison Is Automating the Grid for an AI-Driven Future
Latest News
Itential unveils FlowAI, delivering agentic orchestration for infrastructure operations.
Learn More
Company
Partners
Featured Partner
KNOWLEDGE HUB
Explore all Resources
SEARCH BY TYPE
FEATURED RESOURCES
Analyst Reports
451 Research: Autonomous, Governed AI for Enterprise Infrastructure Operations
Blogs
Why Agent Sprawl Is the Next Script Sprawl
Podcasts
Operator to Agent Manager: Network Engineering’s Future | Ship AI
Itential logo
Cloud Deployment Architecture

Itential Cloud (SaaS) Deployment & Security Posture

Read the Docs Explore Architecture
Architecture

Itential Cloud (SaaS) Deployment Architecture

Itential Cloud is a fully managed SaaS deployment of the Itential Platform, connected to your on-premises environment through a customer-controlled Site-to-Site IPSec VPN tunnel. This model keeps your network, devices, and IT systems inside your perimeter while Itential operates the platform, the database, and the cloud console. The three components below show how the connection is established and how traffic flows between Itential Cloud and the systems you manage.

Customer Gateway Deployment

Customer deploys a Gateway device to initiate an IPSEC VPN tunnel to the Itential VPN Gateway to connect to the Itential Cloud.

Customer-Provided VPN Gateway

This Customer VPN GW will be provided and deployed by the customer and must be compatible with Itential IPSEC capabilities.

Icon showing a plug and socket, symbolizing connectivity.
Routed IP Connectivity

This solution provides an IPSEC VPN tunnel connection between Cloud-IAP and On-Prem Customer Gateway, and that tunnel is used for routed IP connectivity to the IAG and IT Systems at the customer’s premises.

Itential Cloud (SaaS) Architecture
Shared Security

How Itential Cloud Keeps Your Environment Secure

Itential Cloud security is built across three layers – what Itential operates, how we connect, and what you control – so every part of the deployment has clear ownership and clear protection.

Security Within Itential Cloud (SaaS)

  • SOC2 Type 2 Compliant (SOC2 Report can be made available on request).
  • Onboarded administrator users for each Itential Cloud Customer will have access to Cloud Console where they can View and Manage Itential Platform Instances that belong specifically to their organization only.
  • Each Itential Cloud Customer will have a distinct associated database which can only be accessed through Itential Platform based on their defined and assigned role within Itential Cloud Console.
  • Customer Data is secure and encrypted both in transit and at rest.
  • All sensitive data pertaining to platform configuration (application, adapter properties) can be encrypted during setup.
  • Embedded RBAC within Itential Cloud Console enables Customer Admin to determine who would have access to any/all Customer Itential Platform Instances (Development / Staging / Production).
  • Embedded RBAC within Itential Platform enables Customer Admin to determine what activities users can perform within the automation platform based on their Roles.

Secure Connectivity Between Itential Cloud & Customer’s On-Prem Environment

  • Site-to-Site IPSec VPN Tunnel between Itential Cloud and the Customers Gateway is established to provide secure connectivity for communication to all customer end systems.
  • Itential Cloud and Itential Platform uses SSL / TLS 1.2.

Control & Security Options for Customers

  • Customers have Administrative privileges to add and remove users from Itential Cloud Console.
  • Customers have Administrative privileges within Itential Cloud Console to limit / grant access to platform Instances to relevant Customer personnel.
  • Customers have the ability to control IPSec Connectivity into Customer’s Environment.
  • Customers have the ability to control IP routing through their Customer VPN GW to limit/grant access to Itential Cloud for communication with any Customer managed end systems.
  • Customers have ability to define security permissions within Itential Gateway to determine how gateway will communicate with Network Devices.
  • Customers may use firewalls or alternative methods to limit or block Itential Gateway from communicating with customer systems.
Security Standards

Itential Cloud (SaaS) Security Standards & Posture

Alignment with Compliance Frameworks

SOC2 Type 2

Vulnerability Management Policy
  • Daily Code Repository and Software image scans to assess vulnerability.
  • Vulnerability scans performed each major/minor Code Release on a Monthly Basis that Includes APIs, Dynamic Pages, and Core Functionality.
  • Itential uses criteria including standard scoring, trending vulnerabilities, reachability, availability of exploits, and other factors as inputs to its remediation process.
Risk Assessment Program
  • Analyzed Annually.
  • Considers Critical Systems.
  • Factors Include: Risk, Threat, Likelihood, Consequence.
Incident Management Plan

Includes Process for:

  • Prevention
  • Detection/Analysis
  • Containment
  • Eradication
  • Recovery
  • Notification to Impacted Parties
  • Incident Documentation and Post-Mortem
  • Annual Testing & Remediation
Platform Authentication & Authorization
  • Integration with SAML Based Identity Broker
  • Support for OpenId and Local User/Password
  • Role Based Access Control (RBAC). Group Based Access Control (GBAC)
  • Roles include Product Developed and Custom Roles
  • Users & Groups managed in external AAA, with IAP roles mapped to AAA Groups
Platform Auditing

Audit Trail – Transactional Audits per Session Request

  • Each transaction is identified with an audit ID
  • Spawned child transactions are captured as part of the stack
  • Stored in MongoDB audit_trail collection, and tracks user activity

Automation Job

  • Each task contains metrics
  • Incoming/outgoing payload
  • Execution path
  • Stored in MongoDB jobs and tasks collections
Deployment

Itential Cloud (SaaS): Example Deployment

Continue Learning

Explore Our Compliance, Cybersecurity, & Operational Practices

Talk to an Itential expert.
Still have questions? Schedule some time with our team to get them answered.
Meet With Us
Explore Itential documentation.
Dive into the full product documentation – deployment guides, integration references, API specs, and operational best practices.
Read the Docs
Learn more about our security practices.
Explore how Itential meets your compliance and privacy standard needs.
Trust Center