Wardengate runs on your infrastructure — from a single-node pilot to multi-region gateway fleets. Pick the topology that matches your latency, availability, and compliance requirements.
One control plane node and one gateway connector on a single VM or small Kubernetes cluster. Ideal for proof-of-concept, lab environments, and teams replacing a regional bastion. Helm or Docker Compose deploys in under an hour; first brokered session typically follows the same day.
Two control plane instances with shared PostgreSQL and object storage. The standby node takes over API and scheduler duties if the primary fails. Gateway connectors reconnect automatically. Fits regulated workloads that need RTO measured in minutes without full horizontal scale.
Multiple gateway connectors behind a load balancer, one authoritative control plane. Sessions stick to a connector for their duration; new sessions distribute across healthy nodes. Use when concurrent operator count or protocol throughput exceeds a single connector's capacity — common in large SRE and DBA teams.
Gateway connectors in each region or cloud account, centralized policy and audit. Operators connect to the nearest connector; recordings and metadata replicate to your compliance region. Avoids backhauling SSH and RDP through a single geography while keeping one identity model and one evidence store.
Control plane on-prem with cloud gateway connectors — or fully offline installs with periodic evidence export. Wardengate does not require outbound SaaS connectivity. Offline bundles and side-channel updates support estates that cannot phone home.
Related guides
Layered control plane: gateway connectors, policy engine, recording pipeline, and audit store.
Fifteen-minute path from install to a brokered, recorded, identity-bound session.
How users, targets, accounts, protocols, and time windows combine into enforceable grants.
Block, approve, or mask high-risk commands and connections before they execute.
Ready to evaluate?
Walk through gateway brokering, recording, and audit exports in a working session — or start with the interactive demo.
