Skip to content

Prerequisites

Licenses

  • HiddenLayer product license. The product license is obtained during the onboarding process.
  • A License ID is required to download the installer. The License ID is obtained during the onboarding process.
  • A registry username. The registry username is obtained during the onboarding process.

  • API client ID and client secret.

    • Can be created after the Platform Console is deployed.
    • Used with Model Scanner CLI and AIDR.

  • A hostname for the HiddenLayer AISec Platform.

    • Example: http://server1.test.hiddenlayer.com.

Compute

Airgap

  • Linux-based operating system
  • x86_64 (ARM64 is not supported)

  • The controllers and workers require the following minimum specifications:

    • Controller node:

      • CPU: 4 cores/threads
      • RAM: 16GB
      • Disk space: 75GB (10,000 IOPS speed)

    • Worker node:

      • CPU: 8 cores/threads
      • RAM: 32GB
      • Disk space: 75GB (10,000 IOPS speed)

  • The number of controllers and workers depends on your organization's high availability (HA) requirements.

  • The minimum for deployment is one controller node and one worker node.

    • Note: This is not high availability. HiddenLayer validated the deployment with one controller node and two worker nodes.

  • Using virtual machines is recommended, but using physical systems is an option.

Notes

  • Do not run Kubernetes on the Linux system where the Airgapped AISec Platform is installed.

    • Kubernetes is installed as part of the Airgapped AISec Platform installation.

  • The Airgapped AISec Platform is not supported as a container deployment.

    • Example: ECS

  • The minimum specifications listed are based off validation performed by HiddenLayer. Node sizing and hardware specifications are dependent on workload needs.

AIDR

  • Linux-based operating system
  • x86_64 (ARM64 is not supported)

  • AIDR requires the following minimum specifications:

    • CPU: 32 cores/threads (per K8s cluster)
    • RAM: 128GB (per K8s cluster)
    • Number of K8s clusters: 2

Notes

  • For the above resource example, a GPU is not required.
  • Using Azure AKS as an example, one K8s cluster should be the equivalent to an AKS Standard_D32_v3.

Scaling Recommendations

AIDR is horizontally scalable. The latency and throughput for each replica depends on many factors in the deployed environment, including underlying node type, network conditions, and resource contention.

To make the best use of your underlying hardware, we recommend the following:

  1. Replica count

    • Allocate 8 Kubernetes CPU units for each replica.
    • Allocate as many replicas as 8 CPU replicas can fit on to the node.

    For example, if the underlying node type is Azure's Standard_D32_v3, we recommend setting the following Kubernetes parameters:

    replicas:
  min: 4
  max: 4
resources:
  requests:
    cpu: 8
    memory: 4096Mi

  2. Thread count per replica

    • Set the environment variable OMP_NUM_THREADS: 8.

    Replica count

    This value will only improve performance if the guidance in the previous step (Replica Count) is applied.

Model Scanner

  • Linux-based operating system
  • x86_64 (ARM64 is not supported)

  • Model Scanner requires the following minimum specifications:

    • CPU: 8 cores/threads
    • RAM: 168GB

Notes

  • For the above resource example, a GPU is not required.
  • Performance will vary based on resources. Typically, the more resources the better the performance.

Tools

The following tools are required for the controller and worker nodes.

  • systemd
  • curl

The following is required for the Model Scanner CLI.

  • Docker or Docker Desktop

The following is required for AIDR.

  • Docker or Docker Desktop
  • A Kubernetes cluster
  • Helm

Services

The below services are required for the Platform to be deployed and to function as expected.

Service Service Type Requirements Notes
PostgreSQL Database
  • PostgreSQL version is 16.8 or higher
  • Requires user account with superuser access
  • Requires two PostgreSQL extensions
 Required for storing Model Scanner results permanently.
Apache Kafka Event Streaming
  • Kafka version is 3.6 or higher
  • Requires basic authentication credentials for user name and password
 Required for storing scanning results and communications to the Console.
S3-compatible blob storage service S3 compatible storage N/A Required for storing scanning results
  • HiddenLayer tested and validated with Minio
    • Minio version 2025-07-23T15-54-02Z or later would be required
  • Examples of S3-compatible storage services include
    • OpenShift Data Foundation
    • Cloudian
OpenSearch Data Search and Analytics
  • OpenSearch version is 2.6.0 or higher
  • Requires basic authentication credentials for user name and password
 Required for internal authentication purposes.

Network

For complete functionality, the following ports need to be open and allow ingress on the Linux systems where the Airgapped AISec Platform is installed.

  • 3000
  • 80
  • 443

Other Requirements

  • Ensure Network Time Protocol (NTP) is enabled and the system clock is synchronized.