Executive Briefing — Confidential

Own Your Infrastructure.
Secure Every Layer.

A unified platform for bare-metal infrastructure, application deployment, and zero-trust remote access — built for financial institutions that demand complete control.

⚙

Tachyon

The Challenge

Banks Are Running on Fragmented Stacks

Today's financial infrastructure requires juggling separate worlds with separate teams, separate tools, and separate risk profiles.

⚠

Infrastructure Blind Spots

Hypervisors, storage arrays, and networking managed through outdated UIs (Horizon) or raw CLI. No single pane of glass. No real-time visibility.

⚠

Application Deployment Chaos

Deploying apps means Kubernetes YAML, Helm charts, manual CI/CD pipelines. Developers spend weeks on infrastructure instead of features.

⚠

Access Security Gaps

SSH keys scattered across servers. No session recording. No centralized audit trail. Compliance audits become nightmares.

The result? Higher costs, slower delivery, and compliance risk.

The Solution

Three Layers. One Unified Stack.

🛡 NEXGATE Zero-Trust Access

8 protocols • MFA/SSO • Session recording • SIEM • Audit compliance

☁ ZENITH Platform Layer (PaaS)

git push deploy • Managed databases • S3 storage • Auth/IAM • API gateway • Monitoring

          ⚙
          TACHYON
          Infrastructure Layer (IaaS)
        
Hypervisors • ZFS SAN/NAS • iSCSI • NFS • S3 • Networking • Identity • Audit

BARE METAL / OPENSTACK / HETZNER

Physical servers • Storage arrays • Network switches

"Tachyon manages your iron. Zenith runs your apps. NexGate secures every connection. Together, they replace AWS + Fly.io + CyberArk — on hardware you own."

Infrastructure Layer

Tachyon — Full Infrastructure Visibility

A modern, real-time operator dashboard for OpenStack. Everything your infra team needs in one screen.

▶ Live Demo — demo-tachyon.freezenith.com

💻

Compute

KVM/QEMU hypervisors, VMs, live migration, instance flavors. Real-time CPU/RAM metrics.

🗃

Storage

ZFS pools, iSCSI SAN, NFS NAS, MinIO S3, Cinder volumes. All from one dashboard.

🌐

Network

Virtual networks, routers, floating IPs, security groups, VLANs. Full topology view.

🔒

Identity & Audit

Projects, users, roles, quotas. Full audit log of every infrastructure operation.

384

Total vCPUs

across 4 hypervisors

107

TB SAN Storage

ZFS RAIDZ2 protected

15

VM Instances

across 5 projects

16

OpenStack Services

all monitored

Storage Architecture

ZFS — Bank-Grade Data Integrity

The safest filesystem ever built. 20+ years in production at Oracle, FreeBSD, and enterprise data centers worldwide.

✓

Copy-on-Write

Never overwrites data. Power loss = zero corruption.

✓

SHA-256 Checksums

Every block verified. Silent bit rot detected and auto-repaired.

✓

RAIDZ2 Redundancy

Survives 2 simultaneous disk failures. Self-healing.

✓

Instant Snapshots

Zero-cost snapshots. Roll back databases in seconds.

✓

~30 min/month Maintenance

Automated scrubs + SMART monitoring. Nearly self-managing.

STORAGE TOPOLOGY

Pool	Capacity	Type
tank	100 TB	HDD • Bulk
fast	10 TB	NVMe • High-IOPS

iSCSI Targets8 active

NFS Shares4 exports (~8 TB)

S3 Buckets (MinIO)6 buckets

COST ESTIMATE

Enterprise build (110 TB): $12K — $20K
Scalable to 1 PB+ with JBOD expansion
3-5x cheaper than cloud storage at scale

Platform Layer

Zenith — Deploy in Seconds, Not Weeks

A Kubernetes-native PaaS that hides all complexity. Developers see simple UIs. Operators see full control. Nobody writes YAML.

▶ Cloud Platform — demo-cloud.freezenith.com ▶ Mission Control — demo-ms.freezenith.com

🚀

One-Command Deploy

git push → build → deploy. GitHub integration, Dockerfile support, automatic SSL.

🗂

Managed Databases

PostgreSQL, Redis, MongoDB. One-click provisioning with automated backups and failover.

🔒

Built-in Auth (OIDC)

Per-tenant auth realms. SAML 2.0, OAuth2, OIDC. Integrates with NexGate for zero-trust.

📈

Full Observability

Grafana + Prometheus + Loki. Metrics, logs, and alerts for every app and service out of the box.

🌐

API Gateway (Kong)

Rate limiting, JWT validation, CORS, routing. Enterprise-grade ingress with Kong K8s operator.

⚖

Multi-Tenancy

Namespace isolation (shared) or dedicated clusters (pro). Resource quotas and network policies.

Provider-agnostic: runs on Hetzner Cloud, your own Tachyon infrastructure, or any bare-metal provider.

Security Layer

NexGate — Zero-Trust Remote Access

Enterprise secure gateway with native protocol engine. 8 protocols through one portal. Every session recorded, audited, compliant.

8

Protocols

RDP VNC SSH Telnet
PostgreSQL MySQL MSSQL K8s

12

Security Plugins

with 10 lifecycle hooks

763K+

Lines of Code

Go + React + SQL

99.97%

Uptime

production SLA

▶ Native Protocol Engine

All protocols processed natively in Go. No external dependencies. Low latency. High throughput.

▶ Session Recording + OCR

Every session recorded with zstd compression. Full-text search via OCR. Watermarked playback.

▶ SSO + MFA + JIT Access

SAML 2.0, OAuth2, OIDC, LDAP. TOTP MFA. Just-In-Time access with manager approval. Break Glass for emergencies.

NexGate Security

Banking-Grade Security Features

🔒

Multi-Layer Authentication

MFA/TOTP + Certificate Pinning (OWASP) + Geo-Blocking + Rate Limiting + ACL

👁

Browser Isolation (RBI)

Isolated containers with ClamAV antivirus, CDR file sanitization, and Squid web filtering

📝

SSH Gateway with Command Filter

Interactive TUI menu, command allow/deny lists, session recording, DB access tunneling

📦

Secure File Transfer

Malware scanning, file policy enforcement, extension/size limits, CDR sanitization, encryption

⏱

JIT Access + Break Glass

Just-In-Time access with manager approval workflow. Emergency Break Glass with full audit trail

👥

Live Session Monitoring

Real-time session sharing, live monitoring for supervisors, security watermarks, webcam streaming

📊

SIEM & Compliance

Full audit logs, SIEM integration, compliance reports, Excel/PDF export, Prometheus metrics

🛠

Container-Hardened

Read-only FS, Seccomp profiles, capability drop, resource limits, 4 isolated Docker networks

SAML 2.0 OAuth2 OIDC LDAP Keycloak SIEM Prometheus ClamAV

Integration

Zenith + NexGate: Secure by Design

NexGate integrates natively with Zenith's auth layer, creating a zero-trust access fabric across the entire platform.

ZERO-TRUST FLOW

1. User opens browser → NexGate portal

2. Authenticates via SSO/MFA (SAML/OIDC)

3. Zenith Auth validates token & tenant

4. NexGate checks ACL + Geo + Device policy

5. Encrypted session to target resource

6. Full session recorded + audited

✓ No VPN Required

All access through the browser. No client software to install, no VPN tunnels to maintain. Reduces attack surface dramatically.

✓ Least-Privilege Enforcement

Users see only their authorized resources. JIT access for sensitive systems. Every action logged with user identity.

✓ Regulatory Compliance

Complete audit trail from infrastructure operation to application deployment to remote session. Ready for PCI-DSS, SOC 2, and GDPR audits.

For Financial Institutions

Why This Stack Is Built for Banks

🏠

Data Sovereignty

• All data stays on your hardware
• No third-party cloud dependency
• EU/local data residency guaranteed
• GDPR-compliant by architecture

💰

Cost Transparency

• Tachyon: cost per hypervisor & VM
• Zenith: cost per app & tenant
• No per-request cloud billing
• 3-5x cheaper than AWS/Azure

🛡

Compliance Ready

• Full audit trail across all layers
• Session recording with OCR search
• PCI-DSS, SOC 2, GDPR ready
• SIEM integration out of the box

WITHOUT THIS STACK

• AWS/Azure bills: $50K+/month
• 3 separate teams for infra, apps, security
• Months to deploy new services
• Compliance gaps in access audit
• Vendor lock-in risk

WITH TACHYON + ZENITH + NEXGATE

• Hardware CapEx: $20K-$50K one-time
• One integrated platform for everything
• Deploy new services in minutes
• Every access recorded and auditable
• Zero vendor lock-in — 100% open source

Live Showroom

Experience It Live

Click any card below to explore our interactive demos with real data and working features.

⚙

Tachyon

Infrastructure Operator

Compute Storage Network ZFS SAN

Hypervisors, VMs, ZFS pools, iSCSI, NFS, networks, security groups, identity management

              ▶ Open Demo
            

☁

Zenith Cloud

Platform — Developer View

Apps Databases Storage Auth

Deploy apps, managed databases, S3 buckets, API gateway, auth realms, IAM, registry, billing

              ▶ Open Demo
            

⚖

Mission Control

Platform — Operator View

Clusters Tenants Modules Updates

Manage Kubernetes clusters, tenants, platform modules, upgrades, infrastructure overview

              ▶ Open Demo
            

All demos are interactive — create resources, manage infrastructure, and explore every feature with mock data.

Summary

From Bare Metal
to `git push`
— Fully Secured.

⚙

Tachyon

Manages your
infrastructure

+

☁

Zenith

Runs your
applications

+

🛡

NexGate

Secures every
connection

"Replace AWS + Fly.io + CyberArk —
on hardware you own, at prices you control, with security you can audit."

Open Source Self-Hosted API-First Zero-Trust Bank-Grade 100% Control

Own Your Infrastructure. Secure Every Layer.

Banks Are Running on Fragmented Stacks

Three Layers. One Unified Stack.

Tachyon — Full Infrastructure Visibility

ZFS — Bank-Grade Data Integrity

Zenith — Deploy in Seconds, Not Weeks

NexGate — Zero-Trust Remote Access

Banking-Grade Security Features

Zenith + NexGate: Secure by Design

Why This Stack Is Built for Banks

Experience It Live

From Bare Metal to git push — Fully Secured.

Own Your Infrastructure.
Secure Every Layer.

From Bare Metal
to `git push`
— Fully Secured.