On-prem Deployment

Minded On-prem Deployment

Minded supports on-prem deployment of the Operator, allowing AI Agents to run against your internal tools and APIs while ensuring that sensitive data such as PII never leaves your cloud.

Architecture

Minded is designed to democratize agent development while maintaining enterprise-grade security. You can keep sensitive data such as PII in your VPC, while Minded manages the orchestration and tooling.

The architecture is split into two planes:

  • Control Plane: the Minded platform where agents are built, orchestrated, and monitored.

  • Agentic Plane: where the agent’s compute and data live, ensuring tasks run securely next to your systems, and can be safely deployed on your cloud.

The following diagram describes the overall Minded architecture.

Minded On-prem Architecture Diagram

Control Plane

Overview

The control plane forms the backbone of the Minded Platform. It runs entirely in Minded’s VPC and includes the key services that power agent development and orchestration:

  • Minded Studio – a web application for building agents in both code and no-code.

  • Code (GitHub integration) – source repository where agent logic is versioned and managed.

  • Copilot – an AI assistant for agent creation and improvement.

  • Operator – a lightweight service that executes instructions using LLMs inside a browser that is triggered by the Agent Runner.

  • PII Masker – an inline service that redacts sensitive data before any payload leaves the VPC, as well as unmask the data when there is a business need such as responding to a customer request.

The control plane communicates with the Agentic Plane in a PII-redacted manner, ensuring that sensitive data never leaves the customer’s environment.

Deployment and Security

The control plane is operated by Minded in AWS, within Minded’s managed VPC. It orchestrates the Agentic Plane using least-privilege IAM roles and scoped API endpoints. No customer PII is transmitted or stored in the control plane.

Observability and Monitoring

Customers monitor and troubleshoot their agents through Minded Studio, which provides execution traces, logs, and performance analytics. Data exposed in Studio is always scrubbed of PII, with sensitive context available only inside the Agentic Plane.

Agentic Plane

Overview

The Agentic Plane runs in the customer’s VPC and contains both the compute and the data for agents. This ensures that sensitive operations, such as accessing internal systems or handling PII, remain under the customer’s control. The control plane orchestrates tasks but does not directly access data.

Components of the Agentic Plane

The Agentic Plane includes the following components:

  • Agent Runner – a containerized service responsible for executing agent logic and coordinating with the Agentic Plane.

  • Browser (Chromium) – a session-scoped Chromium instance for interacting with websites and applications.

  • AI Agent (ECS) – a containerized compute layer on Amazon ECS that connects to the LLM and the browser to complete tasks.

  • Storage (Amazon S3) – local bucket for logs, screenshots, and artifacts. Additionally Minded supports Postgres and Redis instances that store metadata, configuration, and state.

Deployment and Security

The Agentic Plane is deployed inside the customer’s VPC using Terraform bundles or CloudFormation templates. Resources run with least-privilege IAM roles, and no inbound traffic is enabled. Sensitive artifacts (logs, screenshots) remain in S3 within the customer’s environment.

All communication between the control plane and Agentic Plane is encrypted (TLS) and PII-masked. This ensures the control plane has the orchestration context it needs without accessing sensitive information.

Deployment

Minded’s on-premises deployment model is designed to be simple for your DevOps team while keeping security controls in your hands. To achieve this, resources are split into two categories:

Glacier Resources

Glacier resources are provisioned once and remain static. These include foundational infrastructure such as:

  • Amazon S3 buckets for storing logs, screenshots, and artifacts.

  • Amazon ECR repositories for hosting operator images.

  • VPC networking resources required for isolation and connectivity.

Glacier resources are created during the initial deployment and generally do not require further changes.

Dynamic Resources

Dynamic resources are permissions and roles that are granted to Minded in a least-privileged fashion. These enable Minded to safely manage, troubleshoot, and update the Operator inside your VPC without your DevOps team needing to intervene. Examples include:

  • IAM roles with scoped permissions for ECS task updates.

  • Limited access policies for pulling container images from ECR.

  • Runtime orchestration permissions for launching new tasks.

Terraform Plan

Minded provides a Terraform Plan to automate setup, with minimal effort from DevOps teams and virtually no required maintenance from your side . The plan performs two steps:

  1. Provision glacier resources – S3, ECR, and networking resources required for the operator.

  2. Delegate minimal access – IAM roles and policies that allow Minded to deploy updates securely.

Ongoing On-Prem Operator Updates

Operator updates are fully managed by Minded with no involvement required from your DevOps or security team. Updates follow this process:

  1. Minded uploads a new operator image to Amazon ECR.

  2. Using the pre-granted IAM role, Minded creates a new Amazon ECS Task inside your VPC.

  3. The ECS task replaces the running operator, ensuring you are always up to date with the latest version.

Ongoing Agent Updates

Agents themselves can be updated in two ways:

  • Code updates – by pushing directly to the GitHub repository that stores agent logic.

  • No-code updates – via the Minded Studio platform.

After changes are applied, agents are explicitly deployed to production from the platform. A new version of the Agent Runner is rolled out in the Agentic Plane, which then communicates with your Operator at runtime.

Security

Minded’s architecture is built around strict security controls, with clear separation of responsibilities between infrastructure that Minded manages and resources that remain fully within your VPC.

Separation of Duties

  • Glacier infrastructure (for example, S3 buckets and ECR repositories) is provisioned once and managed by your DevOps team.

  • Dynamic deployment access is delegated to Minded through scoped IAM roles, allowing us to update the operator without requiring ongoing involvement from your team.

Least Privilege Enforcement

  • Scoped IAM policies limit Minded’s access to only the resources needed for deployment and updates.

  • Explicit role ARNs define trust boundaries for cross-account operations.

  • IP restrictions on S3 buckets ensure that only traffic from your environment is accepted.

Auditability

  • All cross-account actions performed by Minded are logged in AWS CloudTrail under the assumed role.

  • Customers can review and audit these logs at any time.

No Public Exposure

  • No resources in the Agentic Plane are publicly accessible.

  • Access is tied to your private networking controls such as VPNs or specific AWS principals.

How Minded Keeps Operator PII Secure

Minded ensures that sensitive information, such as PII, never leaves your environment:

  • Logs and Screenshots – All operator logs and browser screenshots are stored in your Amazon S3 bucket, within your VPC boundary.

  • LLM Calls – Decisions and browser actions are governed by an LLM, but all calls are routed to your selected LLM deployment (for example, Amazon Bedrock, Azure OpenAI, or Anthropic in VPC). This ensures that model inference runs entirely in your environment, not in Minded’s.

  • Redaction – The PII Masker enforces data minimization before any metadata leaves your VPC, ensuring observability without exposure.

High Availability and Disaster Recovery

Minded’s architecture is designed for resilience across both the control plane and the Agentic Plane.

High Availability

  • The control plane runs in Minded’s managed VPC with multi-zone deployments across AWS regions. Services such as Postgres, Redis, and Agent Worker are deployed with failover to ensure continuity.

  • The Agentic Plane runs inside your VPC using Amazon ECS for compute and Amazon S3 for storage. ECS tasks are distributed across availability zones to reduce the risk of single-zone outages.

Disaster Recovery

  • State Restoration – Agent run state, metadata, and orchestration traces are stored in Postgres and S3, enabling Minded to restore the state of ongoing or historical agent runs.

  • Step-Level Troubleshooting – Execution traces are logged to S3 in your VPC, allowing you to replay or inspect each step of an agent run without exposing PII.

  • Minimal Recovery Time – New ECS tasks can be provisioned quickly from ECR images, ensuring rapid recovery in the event of a failure.

Together, these mechanisms ensure that agent execution can continue with minimal disruption, while preserving full observability and auditability of every step.

PreviousSSO (Single Sign-On)NextSecurity Architecture

Last updated