The Control Plane for BYOC

Run customer deployments like they're your own.

Get a Demo Get Started

Day 2 Operations

Manage customer deployments at scale

Monitor health, detect drift, run maintenance scripts, and respond to incidents from your vendor control plane.

Install Management

Create, update, and manage customer deployments across any cloud with full lifecycle control.

Drift Detection

Automatic detection of infrastructure changes with scheduled scans, visual diffs, and remediation.

Actions & Scripts

Run health checks, database migrations, and maintenance scripts on demand or via cron.

Monitoring & Logs

Real-time visibility into deploy logs, sandbox runs, and component builds across all installs.

Security & Compliance

Kyverno policies, permission boundaries, and least-privilege IAM roles for every install.

Break Glass Access

Secure emergency access to customer environments with customer-controlled grants and full audit trails.

The Nuon Runner

BYOC without cross-account access.

The Runner lives in your customer's account, talks outbound only, and they control the permissions. No VPN tunnels. No cross-account access.

No Ingress Required

Works in any customer environment. No inbound firewall rules needed.

Customer Managed Permissions

Scoped permissions for provision, setup, teardown, and maintenance.

Full Audit Trail

Every action logged. Customers see exactly what's happening.

Release Windows

Customers can remove the runner anytime or only allow maintenance during specific windows.

BYOC, the Secure Way

Customer-managed permissions with full audit trail

Your customers control the permissions. They can add, remove, or modify access at any time and use break glass when needed. Built for SOC 2, HIPAA, and enterprise security requirements.

Break Glass Access

Customer-approved emergency access with automatic expiration

Customer Managed Permissions

Customers add or remove permissions anytime. Full control stays with them.

Full Audit Trail

Every deployment, action, and access request logged

Audit Logs

8 events

Immutable audit trail for SOC 2, HIPAA, and enterprise compliance

Security Docs

Vendor Control Plane

Monitor every customer deployment in a single place

Real-time health, metrics, and logs across all customer clouds. Filter by status, cloud provider, or region.

globex-staging: Drift Detected

terraform-vpc: 2 resources changed outside of Nuon

umbrella-prod: Permission Boundary Violation

Blocked by customer permission boundary: instance type m5.4xlarge exceeds allowed limits

Installs

3111

InstallStatusVersionComponentsActivity

+2 more installs

Real-time status from 6 installs

Open Dashboard

Prefer headless?

CLI

Drive every action from CI or your terminal. Same control as the UI, scriptable end-to-end.

$ nuon installs create \
    -a my-app \
    -n my-install \
    -r us-west-2

View CLI docs

API

Wire customer deploys into your existing tooling, billing, and webhooks. Every UI action is an API call.

POST /v1/installs
Authorization: Bearer $NUON_API_TOKEN

{
  "app_id": "app_...",
  "name": "my-install",
  "aws_account": { "region": "us-west-2" }
}

View API docs

Install Configuration

Each customer brings their own infrastructure

Cloud

Network· Deploy to a new isolated VPC or integrate with customer's existing network

Deploy to a new isolated VPC or integrate with customer's existing network

Kubernetes· Provision a managed EKS/AKS/GKE cluster or use customer's existing K8s

Provision a managed EKS/AKS/GKE cluster or use customer's existing K8s

Secrets· Use AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault

Use AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault

Nuon adapts to:Nuon VPCNew ClusterCloud Native

BYO Network Docs

Customer Configuration

Support any customer setup

Each customer has different requirements. Nuon lets them use existing VPCs, connect to their Kubernetes clusters, and integrate with their secrets management. All configured in a simple TOML file.

Deploy into existing VPCs or provision new infrastructure

Integrate with AWS Secrets Manager, HashiCorp Vault, or direct input

Accept customer-specific inputs like database URLs and API keys

Sensitive values stay in the customer's environment and are never stored in Nuon

Build vs Buy

Building it yourself costs 10x more than Nuon

Teams waste 6-12 months building BYOC infrastructure. Then spend years maintaining it. Here's the real cost breakdown:

Read the full TCO & ROI analysis

What it takes

Build it yourself

With Nuon

Initial build

6-12 months

1-2 weeks

Engineering headcount

2-4 dedicated engineers

0 dedicated engineers

Ongoing maintenance

1-2 FTE forever

Handled by Nuon

Total 3-year cost

$1.5M+

Get a demo

Start Shipping to Customer Clouds

Offer BYOC for any deployment architecture

Start your Nuon trial and try our example apps in minutes. No credit card required.

Start Trial Read Docs

Join our Slack community