Air-Gap Deployment
Overview
Manifest Self-Hosted supports deployment in air-gapped environments with no direct internet connectivity from the Kubernetes cluster.
In an air-gap deployment:
- Installation dependencies (ECR images, S3 packages) are pre-bundled and transferred manually
- Vulnerability data sources (NVD, OSV, KEV, EPSS) require manual data imports
- SMTP and OIDC integrations are optional
Installation Process
1. Download Bundle
On an internet-connected machine, download the installation bundle and container images using the standard AWS CLI commands described in the Installation Guide.
2. Transfer Media
Transfer the bundle to the air-gapped environment via secure media:
- USB drive
- Secure file transfer
- Other approved media transfer methods per your organization's security policies
3. Configure Local Bundle
During wizard configuration, use the local_bundle_path option to specify the location of the pre-downloaded bundle.
4. Manual Vulnerability Data
Vulnerability data (NVD, OSV, KEV, EPSS) must be imported manually on a periodic basis. Contact Manifest Cyber support for guidance on:
- Data export procedures from internet-connected systems
- Import procedures for air-gapped environments
- Recommended update frequencies
Support
For assistance with air-gap deployments, contact Manifest Cyber at [email protected].
Related Documentation
- Installation Guide - Standard installation process
- Requirements - Server and client requirements
- Troubleshooting - Common issues and solutions
Updated about 2 months ago