solidSF · design-partner programs
solidSF
Data flow & deployment reference · design-partner programs

Where your data lives,
in every deployment model.

solidSF runs the same browser-native CAD/CAE/CAM product across six deployment models. They differ in one thing that matters to a program office: which network holds your model data, and who terminates the transport. This page is the reference for all six — commercial and CMMC-ready, in cloud, on-prem, and direct-TLS topologies.

solidSF-controlled infrastructure Customer-controlled network GovCloud / CMMC assessment boundary Transport / TLS termination
Two constants across every model

The split that makes this work: control plane vs. data plane

Every solidSF deployment separates the control plane (the app shell, sign-in, org & team membership, entitlements) from the data plane (the geometry kernel, model files, drawings, Vault blobs, autosave). Moving the data plane is what changes a deployment model — the product experience, updates, and team management stay identical.

Control plane

Authentication, organization & team membership, license/entitlement checks, and the static frontend. Always the same experience; where it is hosted shifts between commercial cloud and GovCloud.

Data plane

The Rust geometry kernel, workspace state, drawings, and Vault storage. Its location is the whole game: solidSF cloud, your own network, or an isolated single-tenant instance.

Transport

How the browser reaches each plane: shared CDN edge, or a direct TLS/mTLS channel terminated by solidSF origin with no third-party edge in the trust path.

Family A

Commercial   Standard design-partner programs

For commercial hardware teams. Fastest onboarding, full product surface, and a residency choice that scales from shared cloud to your own network.

Commercial Cloud

A1
Shared multi-tenant SaaS
Browser engineer solidSF cloud Frontend Auth / org Kernel + Vault data
All planes in solidSF cloud. Model data is stored in solidSF-managed object storage and Postgres. Reached through the shared CDN edge.
Data at rest: solidSF cloud

Commercial On-Prem

A2
Customer-resident data plane
Browser engineer solidSF cloud Frontend+Auth Customer network Gateway: kernel + Vault data (on-prem)
Frontend + auth from cloud; data plane on your network. The browser loads the UI from solidSF and streams all geometry to a gateway inside your perimeter. Model bytes never transit solidSF.
Data at rest: customer network

Commercial Direct TLS

A3
Dedicated single-tenant, direct to origin
Browser engineer solidSF — dedicated tenant Frontend Auth / org Kernel + Vault data mTLS
Isolated solidSF instance, no shared edge. The browser opens a direct mutual-TLS channel to solidSF origin — no third-party CDN terminates traffic. Data is in solidSF, but on single-tenant infra reached end-to-end.
Data at rest: solidSF (single-tenant)
Family B

CMMC-ready   Controlled-information programs (CUI / IL2)

Same three topologies, hardened for controlled unclassified information. The control plane runs in GovCloud (IL2, CMMC-ready) with US-persons operation and full audit logging; the data plane sits inside the assessed compliance boundary. This is the family for defense and Navy Nuclear work.

CMMC-ready Cloud

B1
GovCloud, isolated tenant
Browser CAC/SSO GovCloud · CMMC boundary Frontend Auth / org Kernel + CUI data TLS
Everything inside GovCloud. Isolated IL2 tenant, US-persons ops, audit logging, CUI handling controls. CAC/SSO at the door.
Data at rest: GovCloud (IL2)

CMMC-ready On-Prem

B2
Data plane inside your enclave · Cogitic model
Browser CAC/SSO GovCloud control Frontend+Auth Customer CMMC enclave Gateway: kernel + CUI data · signed identity
CUI never leaves your assessed boundary. Frontend + auth from GovCloud; the kernel, Vault, and every model byte run on a gateway inside your enclave. Per-user signed session tokens — no shared identity. Air-gap-capable.
Data at rest: customer enclave

CMMC-ready Direct TLS

B3
Dedicated GovCloud, direct mTLS
Browser CAC/SSO GovCloud · single-tenant Frontend Auth / org Kernel + CUI data mTLS
Single-tenant GovCloud, direct to origin. No shared edge in the CUI path; the browser reaches an isolated IL2 instance over direct mTLS. For programs that want SSF-hosted compliance without a shared boundary.
Data at rest: GovCloud (single-tenant)
Reference

Where every artifact lives, by model

The one table a security or program office needs. Rows are the things that carry or govern data; columns are the six models.

Artifact A1 · Comm Cloud A2 · Comm On-Prem A3 · Comm Direct TLS B1 · CMMC Cloud B2 · CMMC On-Prem B3 · CMMC Direct TLS
Frontend (app shell) solidSF cloud solidSF cloud SSF single-tenant GovCloud GovCloud GovCloud single-tenant
Auth & org / team solidSF cloud solidSF cloud SSF single-tenant GovCloud GovCloud GovCloud single-tenant
Geometry kernel compute solidSF cloud customer network SSF single-tenant GovCloud customer enclave GovCloud single-tenant
Model files / Vault / CUI solidSF cloud customer network SSF single-tenant GovCloud customer enclave GovCloud single-tenant
TLS termination shared CDN edge shared edge (UI) + customer origin (data) SSF origin (mTLS) GovCloud edge GovCloud edge (UI) + enclave (data) GovCloud origin (mTLS)
Compliance boundary commercial commercial + customer commercial, isolated CMMC / IL2 CMMC / IL2 + customer CMMC / IL2, isolated
Air-gap capable no partial no no yes no
Onboarding speed minutes days days days weeks days
Constant across all six

What never changes