Key takeaways
- Offline describes connectivity; it does not automatically provide security or maintainability.
- Model and software licences must permit the intended local or edge use.
- Identity, logs, backup, updates and incident handling are required in every mode.
- Customer ownership of deliverables is separate from third-party model ownership.
Start with the data-flow diagram
Before choosing hardware or a model, draw the sources, processing steps, storage, users, outputs and external connections. Mark which information may leave the plant, region or company account. Include support access, telemetry, backups and updates; these paths are often missed when a system is described as private.
Four deployment patterns
Fully offline or air-gapped
Model, application and data run inside an isolated environment. This can fit restricted sites and sensitive engineering knowledge. The design still needs a controlled process for software packages, model updates, vulnerability fixes, knowledge refresh, logs and recovery.
On-premises private network
The system runs in customer-controlled plant or data-centre infrastructure. It can integrate with internal identity and systems while restricting external access. Capacity planning, segmentation, observability and support responsibilities must be explicit.
Private cloud or VPC
The system runs inside accounts, regions, networks and storage controlled by the customer. This can help distributed teams and managed operations. Review every managed service, model endpoint, egress path, region and contractual data term.
Edge and hybrid
Inference runs near the equipment while governed events, summaries or approved data synchronize elsewhere. Edge suits vision and low-latency workflows, but introduces device fleet, buffering, rollout, monitoring and physical-security responsibilities.
Privacy is more than model location
A private architecture should answer who can use the system, which documents each role may retrieve, where prompts and outputs are logged, how data is deleted, who can diagnose incidents and how a compromised component is isolated. Operational technology has availability and safety constraints that differ from ordinary office IT.
Ownership and licence rights
Contracts can transfer customer-specific code, configuration, prompts, retrieval setup and evaluation assets. That does not transfer ownership of a third-party foundation model, connector, library or cloud service. Record each dependency, licence, version, update route and replacement option so the customer has an executable exit path.
Design the update path before go-live
An offline system that cannot receive tested security fixes or approved knowledge updates becomes fragile. Define package signing, scanning, staging, rollback and evidence retention. Also define what happens when the approved model reaches end of support or a licence changes.
The practical selection rule
Select the least complex architecture that meets data, safety, latency, resilience and support requirements. A hybrid design is often more honest than forcing every component into one label.




