Enterprise Platform: Deployment Models

On-Prem, Private Cloud & Air-Gapped Deployment

Deploy VarSeq and VSWarehouse on your terms. On-premises, bring-your-own-cloud, air-gapped, or hybrid—your data never leaves your control.

You Own Your Data
Zero Cloud Dependency

Three Deployment Models, One Platform

Golden Helix is built from the ground up to run on any operating system, behind firewalls, and without internet access. Choose the model that fits your institution's security posture.

On-Premises

Full control within your institutional data center. All analysis software, annotation databases, and licensing run on your hardware. Outbound connections can be routed through authenticated proxy servers.

Windows, macOS & Linux
Auto-updating annotations
Proxy-routed connections

Bring Your Own Cloud

Deploy on AWS or Azure within your own account. Maintain complete data sovereignty while benefiting from elastic scalability. Zero to Cloud guided deployment for labs of any technical background.

AWS & Azure supported
Guided setup process
Browser-based access

Air-Gapped (Offline)

Maximum security with no physical link to the internet. All software, annotations, and licensing operate within an isolated network. Updates transferred manually via physical media on a periodic basis.

Zero internet connectivity
Immune to ransomware
Monthly update cadence

Progressive Security Isolation

Three tiers of deployment security, each offering greater isolation. Choose the level that matches your institution's risk profile and regulatory requirements.

3
Security isolation levels
1

Run Local, Pull on Demand

All analysis runs on-premises. Outbound internet access enables automatic annotation downloads from the nearest Golden Helix server and license validation. All connections can route through authenticated proxy servers.

2

Mirror Resources Behind Firewall

For environments where workstations must not have outbound access. Annotation and license servers are mirrored within your firewall. Only mirror servers reach external endpoints for periodic updates.

3

Air-Gapped (Fully Offline)

No physical link between the secure environment and the internet. A network technician performs manual data transfers across the boundary on a periodic basis to keep annotation databases and licenses current.

Deployed Components

VarSeqDesktop app on workstations or server with remote access
VSWarehouseCentralized server for data warehousing and report archiving
VSPipelineAutomation engine for batch processing on Linux servers
SentieonAlignment and variant calling on local Linux servers
Resource ServersAnnotation and automation servers mirrored behind your firewall
Multi-Platform
Self-Contained

Every Component, On Your Infrastructure

The entire Golden Helix clinical suite—from secondary analysis through reporting and warehousing—is designed to operate within your secured environment. No cloud vendor dependency. No data leaving your network.

  • Alignment, variant calling, and CNV detection run entirely on local Linux servers
  • Annotation databases stored locally with monthly curated updates
  • Licensing based on training and support, not cloud resource tracking
  • Patient data never traverses the public internet in any deployment tier

Discuss Your Deployment Architecture

Our team will help design the deployment model that fits your institutional requirements.

Request Evaluation

Why Data Sovereignty Matters

Genomic data is irreversible. Unlike a compromised credit card, exposed genetic information cannot be reissued. Your deployment architecture is the first and most important line of defense.

Jurisdictional Control

Many countries restrict cross-border health data transfer. On-premises deployment keeps all patient data within your physical boundaries—no external cloud vendors involved.

“Multi-tenant SaaS platforms mean sharing security liability with your provider. Self-managed deployment puts your security team in full control of the perimeter.”
Platform
Security, Compliance & Data Sovereignty
ISO 13485, HIPAA Technical Safeguards, IVDR, and audit trail details

Built-In Compliance

HIPAA Technical Safeguards

LDAP/AD access controls, user-attributed audit trails, and transmission security via on-premises deployment.

GDPR Data Residency

On-premises deployment ensures EU patient data never crosses jurisdictional boundaries or leaves institutional control.

ISO 13485 Certified QMS

Quality management system governing design, development, and delivery of software as a medical device.

Full Audit Trails

Every user action in VarSeq and VSWarehouse is logged and attributed to authenticated individuals, enabling laboratories to meet CAP and CLIA documentation and traceability requirements.

Enterprise Authentication & Access Control

Single Sign-On

Integrate with Active Directory, SAML, or LDAP. User credentials managed at the institutional level with password complexity, rotation, and reuse rules following your existing standards.

On-Premises Credentials

Role-Based Access

Customizable permissions for granular control over data and functionality. Isolated workspaces provide logical data separation for multi-group or multi-site deployments.

Workspace Isolation

User Attribution

Every interpretation, classification, and signed-out report is associated with the authenticated user’s identity. Complete audit trail for regulatory compliance and quality assurance.

CAP/CLIA Ready

Deployment Insights & Webcasts

Technical guides on infrastructure architecture, cloud vs. on-premises trade-offs, and secure deployment strategies for clinical genomics.

On-Demand Webcasts

View All Webcasts

Ready to Deploy on Your Terms?

Join leading institutions worldwide that trust Golden Helix for secure, sovereign genomic analysis infrastructure.

Data Sovereignty
Air-Gapped Capable
ISO 13485 Certified QMS