Building inside the client VPC: why deployment topology is a strategic decision
Where institutional intelligence runs is a first-order question, not a deployment detail. The choice between a hosted SaaS and a client-VPC build determines what is possible after the system ships.
When an institution evaluates external technology, the second or third question on the table is almost always deployment topology. Hosted, dedicated tenant, or client-VPC. The conversation is usually framed as a security question. It is in fact a strategic question that determines what is possible after the system ships.
The default at Nebula
The firm's default is a build inside the client's VPC. The data plane runs on the client's infrastructure, in the client's accounts, under the client's IAM. The control plane runs on Nebula's, but communicates only over signed, audited channels. This is structurally more work than a hosted SaaS. It is justified by what the topology unlocks downstream.
What the topology unlocks
- Compliance posture. The institution's data never leaves its environment. The audit boundary remains where the institution's auditor expects it.
- Performance. Decision surfaces co-locate with the data they query. Latency becomes a question of intra-VPC routing rather than wide-area network round-trips.
- Composition. The client's existing systems become first-class inputs without an integration translation layer.
- Optionality. When the engagement ends, the institution owns the running system. The firm's role is engineering, not gatekeeping.
The reference stack
The reference stack is intentionally boring. Postgres for canonical state. Kafka for streaming. Object storage for bulk data. A vector index where retrieval matters. TypeScript on the client edge, Rust on the data plane. The stack is the same across engagements. What changes is the schema, the topology of the deployment, and the specific decision surfaces shipped on top.
When hosted is right
Hosted is the right choice when the client's data does not exist yet, when the engagement is short and exploratory, or when the client explicitly prefers it. The firm builds on either topology. The point of the default is to make the harder choice the obvious one when nothing in the engagement disqualifies it.
Underpinning literature
The views expressed in this post are those of the author and do not constitute investment, legal, tax, or accounting advice. Nebula Capital is a technology services provider. The firm is NOT a registered investment adviser, broker-dealer, or lender.