Cloud Orchestrator is not a fixed product โ it is an extensible platform. Five capability pillars. Every layer above your infrastructure.
Pillar 1
Tenants โ whether enterprise customers, internal teams, or government agencies โ get a self-service portal under your brand. They provision resources, manage their environment, and view consumption without raising a single ticket.
The portal is yours to configure. You control what services are available, what sizes can be ordered, and what quotas apply. Tenants operate within those rules โ instantly, at any scale.
Your brand, your domain, your colours. Cloud Orchestrator runs invisibly underneath. What tenants see is your cloud product โ not ours.
Define every service you offer: VM sizes, Kubernetes clusters, databases, GPU pools, developer environments. Each with tiers, quotas, and policies attached.
Tenants order from the catalog and resources are provisioned in minutes โ automatically, consistently, with policies enforced from the first second.
Pillar 2
Every tenant runs in a fully isolated environment โ dedicated compute, isolated network, separate storage. Hard boundaries enforced by policy, not convention. No shared blast radius.
Security policies are applied automatically to every workload at provisioning time. There is no step where a team member applies them manually โ and therefore no step where they are missed.
Compute, network, and storage separation enforced at every layer. A misconfiguration in one tenant's environment cannot affect another.
Container scanning, approved registries, egress controls, and classification tagging applied to every workload automatically โ no manual steps, no drift.
Three-tier role model: hyperscaler admin, tenant admin, developer. Integrates with Active Directory and LDAP. Team membership drives access โ new members onboarded in minutes.
Pillar 3
Every resource consumed by every tenant is tracked automatically โ vCPU-hours, memory, storage, GPU-hours, egress. The data is always current. No end-of-month reconciliation. No spreadsheets.
Use it for internal chargeback to cost centres, showback to business units, or direct billing to external customers. The billing API pushes consumption data to whatever financial system you use.
vCPU-hours, RAM, storage, GPU-hours, and managed resources tracked per tenant, per service, per time period. Granular data, always up to date.
Internal teams get showback data per cost centre. Finance gets chargeback reports per business unit. No manual attribution โ the data is generated automatically.
Push consumption data to any financial or billing system โ SAP, Oracle, Zuora, or custom. Invoice external customers based on real usage with no manual steps.
Pillar 4
Every provisioning action is logged โ who requested it, when, approved by whom, what was created. The audit trail integrates with your SIEM. Change records are raised in ServiceNow automatically.
For regulated environments โ financial services, government, defence โ this is not optional. Cloud Orchestrator treats audit and governance as a first-class capability, not a bolt-on.
Every action logged with actor, timestamp, resource, and outcome. Immutable. Exportable to your SIEM. Covers provisioning, configuration changes, access events, and deletions.
Provisioning events automatically raise change records in ServiceNow or equivalent. CAB-required changes route through your existing approval workflow โ nothing bypasses your governance process.
Define which catalog actions require approval before provisioning. Set approvers by tenant, by service tier, or by resource size. Approvals tracked and audited end to end.
Pillar 5
Cloud Orchestrator is not a fixed catalog of services. It is an SDK for building any managed service on Kubernetes. If it runs on Kubernetes, you can wrap it in a self-service, metered, governed catalog item.
Every action available in the portal is also available via API. Automate provisioning from CI/CD pipelines, integrate with external systems, or build your own portal on top of the Cloud Orchestrator API.
Define any managed service as a catalog item โ VMaaS, GPUaaS, DBaaS, StorageaaS, InferenceaaS. You write the service definition; Cloud Orchestrator handles provisioning, isolation, metering, and billing.
Every portal action โ tenant creation, catalog ordering, quota management, consumption export โ is available via REST API. Integrate with any external system or automate from your GitOps pipeline.
HashiCorp Vault (per-tenant namespaces), Active Directory / LDAP, ServiceNow, Prometheus / monitoring, and container registry policies. Connected on day one.
Kubernetes-native
Cloud Orchestrator is built on Kubernetes โ not on top of it as a wrapper, but as a set of Kubernetes Operators and CRDs. Every tool your platform team already uses works with it natively. No new workflows. No new toolchain to learn.
Every Cloud Orchestrator resource is a Kubernetes custom resource. kubectl get tenants, kubectl describe catalog โ it all works. Platform engineers interact with it exactly as they do with any other Kubernetes resource.
Declare your tenants, service catalog, and policies in Git. ArgoCD or Flux reconciles them continuously. The entire hyperscaler configuration is version-controlled, reviewable, and auditable through a pull request.
Provision and manage Cloud Orchestrator resources through Terraform. Infrastructure teams that already use Terraform for cluster management can extend the same workflow to manage the commercial layer above it.
Cloud Orchestrator ships as Helm charts. Installation, upgrades, and configuration follow the same pattern your team uses for every other application on the cluster. No custom installers.
Built as Kubernetes Operators โ controllers that watch CRDs and reconcile desired state continuously. Tenant creation, catalog changes, and policy updates are all driven by the operator pattern.
Provision environments, onboard tenants, or update catalog items directly from your CI/CD pipeline via the REST API or kubectl. Platform as Code โ provisioning driven by your existing delivery workflow.
At a Glance
Start with a complimentary 2-hour design workshop. We design your service catalog, tenant model, and 90-day pilot scope โ with your team, on your infrastructure.