ForgeCloudForgeCloud is the infrastructure layer for the Forge suite. Multi-tenant isolation. E2E encryption at rest and in transit. SOC 2 Type II target. Air-gapped deployment for ITAR and CMMC 2.0 environments. SSO via SAML 2.0 and OIDC. Point-in-time restore with RPO under 60 seconds.
Why ForgeCloud is the infrastructure layer
"Air-gapped deployment is a first-class option — not an afterthought for defense customers."
ForgeCloud can run entirely on-premises with no external network dependency. All product updates are delivered via signed offline packages. Data never leaves the facility. Designed for ITAR-controlled programs and CMMC 2.0 Level 2 environments where data residency is a compliance requirement, not a preference.
"Multi-tenant isolation means one customer's data cannot be accessed by another — at the infrastructure level, not just the application level."
Each tenant runs in a dedicated namespace with separate encryption keys, separate database credentials, and separate network policies. A bug in one tenant's application code cannot expose another tenant's data. SOC 2 Type II audit covers the isolation architecture, not just the application.
"Point-in-time restore means you can recover any Forge product's data to any second in the last 30 days — not just the last nightly backup."
ForgeCloud runs continuous WAL archiving for all Forge data stores. Recovery point objective is under 60 seconds. Recovery time objective is under 4 hours for full restore. You pick a timestamp and ForgeCloud reconstructs the exact state — machine configs, CAD models, schematics, PM records, compliance documents.
ForgeCloud handles the infrastructure so Forge products can focus on manufacturing intelligence.
A new Forge tenant is provisioned in under 10 minutes. Dedicated namespace, encryption keys generated, SSO configured. All Forge products are available immediately.
Configure SSO via SAML 2.0 or OIDC against your identity provider. Set regional data residency — US, EU, or APAC. Configure IP allowlist if required.
ForgeCloud manages infrastructure: automatic backups, certificate rotation, security patching, and capacity scaling. Audit logs are written continuously and are exportable on demand.
SOC 2 Type II report available to customers under NDA. SAML audit log, data access log, and admin action log are retained for 12 months and exportable for external auditors.
Point-in-time restore available for all Forge data. Pick a timestamp — ForgeCloud reconstructs the exact state. RTO under 4 hours. ForgeRecovery manages air-gapped backup targets separately.
AES-256-GCM at rest with per-tenant keys. TLS 1.3 in transit with HSTS. Backup packages signed with Ed25519. Audit log entries chained with SHA-256.
Connect your Okta, Azure AD, or any compliant IdP. Role mapping from group membership. MFA enforcement per tenant. FIDO2/WebAuthn supported.
Full on-premises deployment with no external network dependency. Signed offline update packages. Supports ITAR-controlled programs and CMMC 2.0 Level 2.
SAML audit, data access log, admin action log, backup log — all retained 12+ months, exportable as signed JSON or CSV. External SIEM integration available.
SOC 2
Type II target
Audit covers isolation architecture
< 60 sec
Recovery point objective
Continuous WAL archiving
Air-gapped
ITAR / CMMC deployment
No external network dependency
US · EU · APAC
Regional data residency
Customer-selectable at provisioning
ForgeCloud handles multi-tenant isolation, encryption, SSO, backups, and audit logs so that ForgeOps, ForgeMachine, ForgeCAD, and the rest of the suite can focus on manufacturing intelligence. For ITAR and CMMC 2.0 environments, air-gapped deployment keeps data entirely on your premises.