Enterprise Architecture

Secure, Private, Compliance-Ready Data Processing in Your VPC

In-VPC Deployment Model

graph TD subgraph VPC [Customer GCP Project - VPC Boundary] direction TB subgraph GKE [GKE Cluster - Forge Enterprise] direction TB Anvil[Anvil UI - Internal LB] Hammer[Hammer Scheduler] Jobs[Forge Processor Jobs - K8s] end PubSub[Cloud Pub/Sub - Private] Storage[Cloud Storage - Buckets] BigQuery[BigQuery - Data Warehouse] end %% Internal Data Flow Hammer --> Jobs Jobs -- Read/Write --> BigQuery Jobs -- Archives --> Storage %% Event Bus Connections Anvil -- Trigger --> PubSub Hammer -- Schedule --> PubSub Jobs -- Status --> PubSub Anvil -. Control .-> Hammer

Figure 1: Data stays within your boundary. Code is brought to the data.

Unlike the SaaS model where data is processed in Foxtrot's infrastructure, Forge Enterprise deploys the entire control plane into your Google Cloud Project. This ensures zero data egress and absolute sovereignty over your datasets. Additionally, the architecture requires no inbound ports, further reducing the attack surface.

SOC 2 & HIPAA Ready

Designed for regulated industries. Since data never leaves your VPC, your existing compliance boundary remains intact.

Private Networking

No public endpoints required. Deploy behind your internal load balancers and access via VPN or Interconnect.

Data Sovereignty

Full control over retention, encryption keys (CMEK), and access logs. Audit trails stay in your Cloud Logging.

Marketplace Verified

Vetted by Google. Includes automatic vulnerability scanning, integrated billing, and simplified procurement.

SaaS vs. Enterprise

Feature	Forge SaaS (Team)	Forge Enterprise
Deployment	Hosted by Foxtrot Communications	Your GCP Project (GKE)
Data Egress	Control Plane Access (Data stays in BigQuery)	Zero Egress (In-situ)
Execution Engine	Cloud Run Jobs	Kubernetes Jobs (Long-running)
VPC Peering	N/A	Supported
Billing	GCP Marketplace (Usage-based)	GCP Marketplace (License Fee)

Ready to upgrade?

View on Google Cloud Marketplace