ARCA.VISION
// FEATURE · THE NEXUS INGEST · ENTERPRISE FLEET TIER

One hub for the
whole fleet.

Arca Sentry stands alone on every GPU host. When you operate many hosts, Arca Nexus is the optional enterprise hub that rolls every Sentry's verdicts into one place inside your perimeter, on your terms, with no third party in the loop.

01 →Fleet topology02 →Under the hood03 →Air-gap04 →Dashboard05 →At a glance
SECTION 01FLEET · SECURED STREAM

One Nexus per perimeter. Many Sentries per Nexus.

Each Sentry forwards its ledger entries to Nexus over a secured stream. Nexus stores them durably, de-duplicates re-deliveries automatically, and surfaces the fleet on a dashboard local to the server.

A small forwarder daemon on each host does the talking, with stricter privileges than the Sentry itself. The bookmark only advances on a confirmed write, so dropped connections don't drop data and reconnects don't double-count.

$# arca nexus · enterprise fleet hub · contact engineering
LIVE// NEXUS FLEET · 12 SENTRIES · SECURED STREAMidentity verified · per entry
Arca Nexus fleet topologyA central Arca Nexus hub surrounded by a ring of Arca Sentry nodes. Each Sentry runs on a GPU host and forwards ledger entries inward to the hub. The hub verifies host identity for every entry, stores entries durably, and de-duplicates re-deliveries automatically. The fleet view stays local to the Nexus server.node-01node-02node-03node-04node-05node-06node-07node-08node-09node-10node-11node-12NEXUS
// INGEST TAIL · last 6
node-07+143 lines 12ms
node-03+ 91 lines 9ms
node-11+207 lines 14ms
node-02+ 64 lines 7ms
node-09+118 lines 11ms
node-05+ 82 lines 8ms
DELIVERYnever lost
RETRIESde-duped
// SECTION 02 · UNDER THE HOOD

Four guarantees that make
fleet rollup trustworthy.

Not a SaaS pipeline. Not a third-party aggregator. A hub you run inside your perimeter, with identity and durability you can audit.

PROOF 01

Secured, mutually authenticated stream

Sentries forward ledger entries to Nexus over a secured stream that authenticates both sides. Nexus refuses anything it can't verify. A small forwarder daemon on each host does the talking; it runs with stricter privileges than the Sentry itself, so a host-side compromise doesn't move the trust boundary.

PROOF 02

Identity verified per entry

Every entry declares which host it came from. Nexus checks that claim against the host's own credentials on every entry it stores, so spoofing fails even if a Sentry host is compromised.

PROOF 03

Durable and de-duplicated

Entries land durably the first time. If a connection drops and a Sentry re-sends, Nexus deduplicates for you with no double-counting and no gaps. Bookmarks advance only after a confirmed write.

PROOF 04

Sovereign by design

License verification is offline against a signature baked into the binary. No callbacks to anywhere. The fleet dashboard stays local to the Nexus server by default. The hub needs nothing from the outside world.

SECTION 03SOVEREIGN · NO EGRESS

Sovereign by default.

No calls to anywhere. License verification runs offline against a signature baked into the binary. The fleet dashboard stays local to the Nexus server by default. The hub needs nothing from the outside world.

License renewals are picked up automatically when you drop a new license file in place, still offline, still no callbacks.

SOVEREIGN// AIR-GAP DEPLOY · INSIDE YOUR PERIMETERnothing leaves
Arca Nexus air-gap deploymentThe Arca Nexus hub and a row of Arca Sentry hosts sit inside a dashed customer perimeter labeled "no egress." Outbound packets attempting to reach the public internet are stopped at the perimeter wall with a red flash and dissolve. License verification runs offline, the dashboard is local to the Nexus server, and the hub makes no outbound calls after install.CUSTOMER PERIMETER · NO EGRESSARCA NEXUS · THE HUBlocal · sovereign · sealedARCA SENTRY · one per GPU hostoutside worldNO OUTBOUND
→ verified · the hub makes no outbound calls after install · sovereign by design
SECTION 04FLEET · LOCAL-ONLY

The fleet, on one pane.

Health, nodes, zombie alerts, exfil incidents, and VRAM reclamation in dollars, rolled across every Sentry your Nexus operates. Refreshes on its own.

Lightweight by design: no SPA framework, no outbound assets. Point your incident tooling at the same data if you prefer your own pane.

// SECTION 05 · AT A GLANCE

Hardened deployment. Stricter privileges than the Sentry itself.

Nexus runs under its own identity with stricter privileges than the host-side Sentry, so an issue on a Sentry host cannot move the trust boundary. Hub data and host data live in separate places, never overlapping.

Deeper technical detail lives in our deployment docs.

// AT A GLANCE
Role
Enterprise fleet hub · optional
Topology
One Nexus per perimeter · many Sentries per Nexus
From Sentry
Secured, mutually authenticated stream
Identity
Host identity verified per entry
Durability
Durable storage · re-deliveries de-duplicated
License
Verified offline · no callbacks
Dashboard
Local to the Nexus server by default
Deploy
Inside your perimeter · air-gap supported
Privileges
Stricter than the Sentry itself · hardened
// DEPLOY NEXUS

Put the fleet under
one hub.

Air-gap deployment, license issuance, and white-glove integration. Nexus and Sentry are signed and shipped by our engineering team, with nothing to self-serve.

↗ REQUEST NEXUS DEPLOYMENTREAD THE NEXUS PRODUCT PAGE →