Deployment Models
Platform Scale
Platform Capacity
- Virtual Machines — Up to 50,000 VMs per deployment
- Container Pods — Up to 200,000 pods per deployment
- Availability Zones — Multi-AZ with Kubernetes control plane per AZ
- High Availability — Active-Passive dual cluster per region with automated GSLB failover
- Scalability — Worker nodes added on demand; no downtime for capacity expansion
- Multi-Region — Platform supports multi-region deployment with centralized governance
Deployment Architecture
CCP is deployed on Kubernetes — one control plane per availability zone. The platform follows an active-passive HA model at the region level:
- Cluster 1 (Primary): Active control plane in AZ1, serving all production traffic
- Cluster 2 (Standby): Passive cluster in AZ2, continuously synchronized, ready for failover
- GSLB Failover: Automated Global Server Load Balancing detects primary failure and routes traffic to standby with 2N+1 quorum detection
This architecture delivers zero-downtime maintenance, AZ-level fault tolerance, and recovery time objectives that meet the requirements of sovereign and enterprise cloud deployments.
Deployment Phases — Phased Service Delivery
CCP delivers its full service catalogue across three phased milestones (MVP), allowing progressive capability expansion:
MVP1 — Core Cloud Platform (Initial Deployment)
The first milestone delivers the complete foundation: compute, storage, networking, security, monitoring, IAM, and databases sufficient to support production sovereign cloud operations.
| Category | Services |
|---|---|
| Compute | Virtual Machine, Container as a Service (CaaS), Bare Metal as a Service (BMaaS) |
| Storage | Block Storage, Object Storage, File Storage |
| Network | Application LB, Network LB, VPN S2S/P2S, Firewall, Public IP, NAT Gateway, VPC |
| Security | SIEM, Log Monitoring, CSPM (Cloud Workload Protection), WAF |
| Database | Oracle DBaaS, MongoDB DBaaS |
| Monitoring | Log Analyzer, Operational Metrics, Alarm Service, Notification Service |
| Foundation | IAM, MFA, DNS, NTP, SMTP, Privileged Access Management, IP Address Management, Active Directory Services |
| Support | Basic Support, Enterprise Support, Managed Services, Backup as a Service |
MVP2 — Extended Services
The second milestone adds advanced database options, extended networking, enhanced security services, and queue infrastructure:
| Category | Services |
|---|---|
| Storage | Archival Storage |
| Database | MS SQL-as-a-Service (Standard / Enterprise / Web editions), Managed Database, DB Licenses |
| Network | Content Delivery Network (CDN), MPLS Connectivity (Partner and Dedicated Interconnect) |
| Security | Cloud HSM, DDoS Protection, TLS/SSL Certificate Management, Encryption as a Service, Digital Forensics |
| Additional | Kafka as a Service (Queue Services) |
MVP3 — Advanced and DR Capabilities
The third milestone delivers bandwidth services, additional managed databases, and disaster recovery:
| Category | Services |
|---|---|
| Network | Bandwidth as a Service / QoS (BWaaS) |
| Database | Managed DB MariaDB, Managed DB NoSQL |
| DR / Messaging | Disaster Recovery as a Service (DRaaS), Message Broker Services |
Tenant Onboarding Flow
- BSS Portal / Admin Creates Tenant — Platform admin or BSS system creates tenant with name, subscription, and initial quota allocation
- Keycloak Realm Provisioned — A dedicated IAM realm is auto-created for the tenant with default roles, clients, and authentication flows
- First Admin User Created — Tenant admin user is provisioned with full tenant-level permissions
- Quota Configured — Compute, storage, network, and service quotas set at tenant level; can be subdivided per cell
- Organization and Cell Setup — Tenant admin creates organizations and cells (projects), sets per-cell quotas, and configures access policies
- Users Invited — Team members created or invited with appropriate RBAC roles and cell assignments via OpenFGA
- Ready — Tenant is fully operational. Users can provision VMs, containers, storage, networking, and databases through the Self-Service Console
Support Tiers
| Tier | Response Model | Features |
|---|---|---|
| Basic Support | Business-hours ticket-based | Next-business-day response, knowledge base access, standard SLA |
| Enterprise Support | Priority response for critical issues | Dedicated engineer, faster critical SLA, proactive health checks |
| Managed Services | Full managed operations | Coredge team manages Day 2 operations on behalf of the customer |
Infrastructure Pre-Requisites
The following infrastructure must be provisioned before CCP deployment:
- Wildcard SSL Certificates — For CCP hosting domain and all subdomains
- Load Balancer with VIPs — Virtual IPs per endpoint for portal, API gateway, and services
- DNS Server — With dynamic domain support for service discovery
- High IOPS Storage — Kubernetes-compliant storage for control plane etcd and persistent volumes
- SMTP Server — For notification service (email delivery)
- NTP Server — For time synchronization across all nodes
- Container Registry — For platform image storage and deployment (can be air-gapped registry)
Data Protection
- Incremental Backup: Every 30 minutes via Veritas NetBackup v10.11.2
- Full Backup: Every 24 hours
- Retention: 3-month geo-replicated retention in object storage
- Database Replication: PostgreSQL streaming replication; MongoDB active-active with change-stream
- Audit Logs: Continuous, long-term retention per compliance requirements