A comprehensive guide to deploying video management systems in air gapped environments with zero internet connectivity. Learn the architecture, requirements, and best practices for secure VMS deployment in defense, government, and critical infrastructure settings.
An air gapped deployment refers to a computing environment that is physically isolated from any external network, including the internet. There are no ethernet cables, wireless connections, or any other data pathways connecting the internal network to the outside world. In the context of video surveillance, this means the entire VMS stack, from camera ingestion to storage to user interface, must operate completely independently without ever reaching out to external servers for licensing validation, software updates, AI model downloads, or telemetry.
Air gapping represents the highest level of network security available. It eliminates entire categories of cyber threats including remote exploitation, data exfiltration, and command and control attacks. For organizations handling classified information or operating critical infrastructure, air gapping is not optional but a mandatory compliance requirement. Any VMS platform that depends on cloud connectivity for core functionality, such as license verification, analytics processing, or user authentication, is fundamentally incompatible with air gapped environments.
Defense and military installations represent the most obvious use case for air gapped video surveillance. Military bases, weapons storage facilities, and classified research centers operate under strict regulations that prohibit any internet connected systems within their security perimeter. Government agencies handling sensitive data, including intelligence agencies, diplomatic facilities, and secure government buildings, similarly require complete network isolation for their surveillance infrastructure.
Critical infrastructure operators increasingly mandate air gapped security systems as well. Nuclear power plants, water treatment facilities, electrical grid control centers, and transportation hubs all face regulatory requirements to isolate operational technology networks from the internet. Financial institutions operating secure data centers, pharmaceutical companies protecting proprietary manufacturing processes, and healthcare facilities storing sensitive patient data also benefit from air gapped surveillance deployments that ensure video footage can never be accessed remotely.
An air gapped VMS architecture must be entirely self contained. The system needs to include all software components within the deployment package: the streaming engine, video recording and storage subsystem, AI inference models, the user interface, the database, and any authentication or access control systems. There can be no external dependencies for runtime operations. This means NTP time synchronization must come from a local GPS clock or internal time server, certificate authorities must be locally hosted, and all AI models must be pre loaded rather than downloaded on demand.
Storage architecture in air gapped environments requires careful planning because cloud storage and off site backup are not available options. Organizations typically implement redundant local storage with RAID configurations, local backup servers within the air gapped network, and defined procedures for physical media based archival. The VMS must support configurable retention policies to manage storage automatically and provide clear capacity monitoring since there is no option to burst to cloud storage when local capacity runs low.
Visylix was architecturally designed for air gapped deployment from the beginning. The entire platform is delivered as a Docker image that contains every component needed for full operation: the C++20 streaming engine, PostgreSQL 16 database, Redis 7.4 cache, all 12 AI inference models, the Radha AI Copilot with its purpose built language model and proprietary on premise AI runtime, and the Next.js 15 web interface. There is zero cloud dependency at any layer of the stack. No license server phone home, no telemetry, no external API calls.
Deployment in an air gapped environment follows a straightforward process. The Docker image is transferred to the isolated network via approved physical media such as a security reviewed USB drive or a write once optical disc. The system administrator loads the image and starts the containers using Docker Compose. Visylix auto discovers cameras on the local network using ONVIF, connects via RTSP, and begins streaming and recording. The entire process from image load to first live view typically takes under 30 minutes with no internet connection required at any point.
The biggest operational challenge in air gapped environments is software maintenance. Traditional VMS platforms that rely on automatic updates over the internet cannot deliver patches, security fixes, or new features to isolated systems. Visylix addresses this with a versioned update package system designed specifically for air gapped operations. Each update is a complete Docker image that can be downloaded to an internet connected system, security scanned and verified, transferred to physical media, and applied to the air gapped system during a planned maintenance window.
AI model updates follow the same physical media transfer process. When new or improved models become available, they are packaged as part of the Docker image update. The self learning capability of Visylix AI models is particularly valuable in air gapped environments because the models continuously improve based on local data without needing any external connectivity. Over time, the AI becomes increasingly accurate for the specific environment it operates in, reducing false positives and improving detection quality entirely through on premise learning.