Metoro has made visibility into our Kubernetes environment effortless with on-demand event analysis and AI-driven root-cause investigations. Nothing is hidden anymore.
On-prem·Air-gapped deploymentKubernetes observability,
Kubernetes observability,
inside your data center.Kubernetes observability,inside your data center.
Deploy Metoro on-prem, air-gapped or connected, on your own hardware.
One-minute install
Install
Live in 60 seconds
- Single Helm command
- Zero code changes
- 7 signals out of the box across every node, pod and container
Trusted by hundreds of the best at
Porter
Remy Security
Porter
Remy Security
DocioHealth
Porter
The problem
Some workloads can't live in anyone else's cloud.
For defense, financial, and healthcare teams, every byte of telemetry has to stay inside the building.
And even BYOC isn't allowed everywhere: air-gapped clusters can't pull from a control plane in someone else's account, and remote-managed services fail the simplest sovereignty review.
What you need is a self-hosted observability platform that ships in a box, runs in your data center, and never has to phone home.
Sovereignty
classified, regulated, or sovereign workloads where no telemetry can ever reach a vendor cloud
Air-gap
production networks with no internet access - outbound or inbound - and no path to a SaaS endpoint
Compliance
regulated environments with auditors who demand the entire stack stays inside the boundary
The solution
Metoro On-Premises - your hardware, your boundary.
Metoro On-Premises is the same product as Metoro Cloud, packaged for self-hosted runtime. Helm charts, signed container images, and offline installers - everything you need to run on your own Kubernetes cluster.
Run it fully air-gapped or connected. You decide when to update, who has access, and what gets integrated.
Your platform team owns the deployment. Your security team owns the boundary. Your auditors get a stack they can sign off on.
Pre-installation checklist0 packetsleave your network
Air-gapped by design
All ingest, storage, query, and AI features run with zero internet dependency. Updates ship as signed offline packages.
100%customer-operated
You control the lifecycle
You pin versions, schedule upgrades around your change-freeze windows, and integrate with your LDAP, SAML, and SIEM.
Capabilities
A modern observability stack, behind your firewall.
The same telemetry pipeline, AI features, and dashboards as Metoro Cloud - installed once, owned forever, never reaching out.
Fully air-gapped
No internet required - at install, at runtime, or at upgrade. Updates ship as signed packages over your approved-transfer channel.
Your hardware, your runtime
Runs on any conformant Kubernetes. Bare-metal, OpenShift, Rancher, Tanzu - wherever your platform team has standardized.
Customer-operated lifecycle
You own version pinning, change-freeze windows, and rollbacks. We provide signed manifests, regression-tested release notes, and a 24×7 escalation channel.
No outbound dependency
No call-home, no telemetry to vendors, no reliance on third-party APIs at runtime. Local AI models can run on your own GPUs.
Inherits your controls
Running inside your boundary means Metoro inherits your existing compliance posture - tenant-isolated by design, with full audit logs of every admin action.
Bring your own identity
SAML 2.0, OIDC, LDAP - connect to whatever IdP you already run. SCIM provisioning, RBAC with custom roles, SIEM integration via syslog or webhook.
Deployment modes
Three ways to run it. You pick the boundary.
The same product, the same UI, the same AI features - installed at the level of isolation your security review requires.
Tier 1 · Highest isolation
Fully air-gapped
Zero connectivity. Updates ship as signed offline bundles transferred over your approved channel.
- No internet access required
- Offline-installer + offline-updater images
- Local mirror for AI / LLM models
- Signed release bundles, in-cluster verification
Tier 2 · Default deployment
Connected mode
Outbound-only egress to a single Metoro endpoint for updates and remote-assist. No inbound exposure.
- Outbound-only connection over a single port
- Pull-based config and signed updates
- Optional remote support, customer-approved
- Telemetry stays inside your network
Tier 3 · Hybrid
Hybrid deployment
Sensitive clusters stay on-prem; non-sensitive ones can ship to Metoro Cloud - same UI, same query layer.
- Mix on-prem and SaaS clusters
- Single pane of glass across both
- Per-cluster data routing rules
- Migrate workloads gradually as policy allows
Security
Designed for the strictest security review.
The same controls your platform team would put in place themselves - inherited from your environment, enforced by the architecture, audited by your existing tooling.
Your perimeter, your audit
Telemetry never crosses your firewall. The whole stack is covered by your existing audit, retention, and DLP controls - no third-party data processor.
- Zero data egress, no telemetry to vendors
- Existing SIEM and audit pipelines apply
- No sub-processors to disclose
- Air-gap capable, with offline update flow
Encryption with your keys
All telemetry at rest is encrypted with keys you own, stored in your KMS or HSM. Metoro never holds long-lived credentials inside your network.
- TLS 1.3 in transit, AES-256 at rest
- Customer-managed keys via KMS / HSM
- Per-tenant storage isolation
- Secrets in your existing vault (HashiCorp Vault, K8s secrets, KMS)
Identity and access
Bring your existing IdP and IAM. Metoro never has runtime access to your cluster - break-glass requires your team to issue credentials.
- SAML 2.0, OIDC, and LDAP supported
- SCIM provisioning and deprovisioning
- RBAC with custom roles, scoped to tenants
- Optional FIPS 140-2 validated crypto
Offline updatessigned bundles
Support model
Like having an in-house observability team.
You operate the cluster, but the platform expertise comes with it. Metoro engineers are a Slack message or a phone call away - every hour of every day, like a colleague down the hall.
24×7 pager rotation
A real Metoro engineer on the other end - not a tier-1 ticket queue. Wake us up when production is on fire, including holidays.
- Severity-1 acknowledged in 15 minutes
- Direct phone bridge to on-call engineer
- Escalation to engineering leadership built in
- Runs over your secure-comms channel where required
Shared Slack Connect channel
A dedicated channel with the engineers who built the product. Most questions are answered in minutes, not days.
- Founders and lead engineers in the channel
- Architecture, sizing, and tuning conversations
- Pre-upgrade reviews of release notes
- Microsoft Teams and Mattermost supported on enterprise
Named technical lead
A single point of contact who knows your architecture, your change-management process, and your auditors - assigned for the lifetime of the contract.
- Quarterly architecture and capacity reviews
- Roadmap visibility and feature prioritization
- Single owner for SLA and renewal conversations
- Optional dedicated success engineer
15 min · Sev-1 ackaround the clock
99.5% · CSATrolling 12 months
Cleared · Engineers availableclassified environments
White-glove · Onboardingon-site or secure-remote
Customer feedback
What teams are saying.
Metoro absolutely slaps, so good ❤️
Detection, investigation, and the fix PR - all before I finished reading the page. It's the first AI SRE that's actually earned its name.
Metoro has been a huge boon to our observability ecosystem; saving us time and effort getting the information we care about most out of our clusters. The only thing cooler than the tool has been the people behind it.
It found exactly what I was looking for in the logs. Amazing.
We used to spend an hour digging through dashboards when something broke. Now Metoro figures it out in minutes - our on-call engineers love it.
AI root cause analysis is just amazing. Helps us save a ton of time.
We installed Metoro, and it just worked.
I'm literally able to look up at a Slack notification from Metoro whilst having noodles, tap the link, access the Metoro dashboard, see what customers on Porter Cloud are doing and take a call in real-time. For me, that's the best thing ever.
In the last week, we've detected and blocked 10 malicious agents running on our infrastructure. Without Metoro, they would still likely be running.
Metoro made it incredibly simple for us to not just observe and trace logs, but also to dive into AI-driven investigations effortlessly - turning complex Kubernetes monitoring into a smooth, intuitive experience.
Anyone running user agents on their infrastructure needs a solution like Metoro. It's just a case of when, not if a malicious agent will be running.
FAQ
Frequently Asked Questions
Everything about Metoro On-Premises.
What are the infrastructure requirements for Metoro On-Premises?
A Kubernetes cluster (1.27+, OpenShift, or Rancher) with at least 3 worker nodes - 5+ for HA production. Object storage (MinIO, Ceph, NetApp, or Pure), a managed or self-hosted PostgreSQL 14+, and your existing IdP. Typical starting footprint is 20 vCPU and 80 GB RAM; we provide a sizing worksheet during onboarding.
Can Metoro On-Premises run fully air-gapped?
Yes. The entire data plane - ingest, storage, query, dashboards, and AI features - operates with zero internet dependency. Updates ship as signed offline bundles you transfer through whatever channel your policy approves. Local AI / LLM models run on your own GPUs.
How does Metoro On-Premises differ from BYOC?
BYOC runs on your AWS, GCP, or Azure account and is fully managed remotely by Metoro through a pull-only control plane. On-Premises runs on your own hardware (typically a private data center) and is operated by your team - we provide signed releases, sizing guidance, and 24×7 escalation, but you own the lifecycle. Choose On-Premises when even outbound connectivity to a vendor is a non-starter.
How do updates and patches work?
Each release ships as a signed bundle (container images + Helm charts + release notes + SBOMs). The in-cluster operator verifies signatures against a key you have already trusted. You pin versions, stage in non-production first, and promote on your own change-management schedule. Rollbacks are one Helm release away.
What identity providers and access controls are supported?
SAML 2.0, OIDC, and LDAP are first-class - Okta, Microsoft Entra, Google, Ping, and Active Directory all work out of the box. SCIM provisioning and deprovisioning is supported. RBAC is per-tenant with custom roles, and audit events can stream to your SIEM via syslog or webhook.
What support is available for On-Premises customers?
Enterprise support includes a named technical lead, 24×7 escalation through your preferred secure channel, on-site or secure-remote deployment assistance, and a training program for your platform team. For classified environments we can deploy with cleared engineers under your own contract vehicle.
How is Metoro On-Premises licensed?
Annual subscription priced per node, with optional support tiers and professional services. Site licenses are available for large multi-cluster estates. Compute and storage run on your own hardware - there is no ingest-GB tax and no egress fees, ever.