iTechSmart Citadel
Sovereign Digital Infrastructure for a Post-Cloud Era
Citadel is a security-hardened, AI-native platform for running critical digital infrastructure — fully integrated, cryptographically resilient, and designed for environments where control, compliance, and observability are non-negotiable.
Deployment Options
Ideal for startups, managed services, SaaS vendors, and remote teams that need global reach and DevOps flexibility. Deploy Citadel on any cloud (AWS, Azure, GCP, or private cloud) with full Helm and GitOps support.
Purpose-built for governments, defense, critical infrastructure, and air-gapped operations. The 4U hardware comes hardened, encrypted, and fully pre-configured to run without external dependencies.
Integrated Platform Features
Built on an immutable, declarative OS layer (Fedora CoreOS or NixOS) for secure, tamper-resistant base images. Containers run on Docker, Podman, or Kubernetes.
S3-compatible encrypted object storage with MinIO. Vault manages secrets, credentials, and encryption keys, enabling transparent encryption and secret injection.
Decentralized, E2EE real-time communication via Matrix Synapse, plus a hardened Postfix, Dovecot, and Rspamd mail server stack.
Integrates OpenQuantumSafe for post-quantum secure authentication and supports passwordless login with WebAuthn (FIDO2). Features ORY Hydra for OAuth2/OIDC.
Advanced routing with FRRouting (BGP, OSPF), encrypted tunnels via WireGuard, and a zero-trust service mesh with Calico or Istio.
A complete observability stack with Prometheus, Grafana, and Loki for metrics, dashboards, and log aggregation.
Utilizes a Weaviate vector database and local vLLM inference for semantic search, anomaly detection, and contextual log analysis.
Combines Wazuh for HIDS, Suricata for NIDS, Arkime for packet capture, OSQuery for forensics, and TheHive for incident response.
All provisioning and configuration handled via Ansible and Terraform, with GitOps deployments through FluxCD or ArgoCD and security scanning.
A custom-built console (React + Go) integrating all components with role-based access, real-time alerts, and interactive dashboards.
Kong manages all internal microservice communication, handling load balancing, authentication, rate limiting, and secure routing.
Cloud vs On-Prem Edition Comparison
| Feature | Cloud Edition | 4U On-Prem Appliance |
|---|---|---|
| Immutable OS (NixOS / CoreOS) | ||
| Kubernetes + Helm / Docker Compose | ||
| Post-Quantum Crypto + FIDO2 | ||
| WebAuthn + OAuth2 Login (ORY Hydra) | ||
| Matrix Messaging + Email Stack | ||
| Encrypted Storage (MinIO + Vault) | ||
| AI Log Analysis (Weaviate + vLLM) | ((optional inference)) | |
| SIEM & Threat Detection (Wazuh, Suricata, Arkime) | ||
| Packet Capture & Forensics | ||
| Prometheus + Grafana + Loki | ||
| Apache Superset | ||
| API Gateway (Kong) | ||
| Secrets Management (Vault) | ((HSM / TPM supported)) | |
| Service Mesh (Calico / Istio) | ||
| WireGuard + FRRouting SD-WAN | ||
| Management Console (React + Go) | ||
| Role-Based Access + Audit Logging | ||
| Automated Updates / GitOps | ||
| HSM / TPM Support | (Optional) | |
| Local LLM Inference | (Optional) | |
| Air-Gapped Operation | ||
| Offline Authentication / AuthN Server | ||
| Compliance: NIST, FIPS, ISO | (Partial) |
Why Choose Citadel?
Built from the best open technologies — tightly integrated and security-hardened
Post-quantum cryptography and hardware-backed identity
Zero-trust by default with end-to-end network segmentation
AI-native — not just logs, but insights
Sovereign — run in your own cloud or on your own hardware
Open, auditable, and modular — no vendor lock-in
Early Access Program (Q4 2025)
Sign up to be part of the Citadel Early Access program. Deploy Citadel Cloud in minutes, pre-order the 4U appliance, and join our private community for implementation support, detailed docs, and priority engineering assistance.
Stay in Control. Stay Secure. Stay Sovereign.
iTechSmart Citadel – Secure Infrastructure for an Uncertain Future.