On-Premises Deployment¶
Excalibur can be deployed on-premises, but typically requires limited internet connectivity for certain functions.
Standard On-Premises Deployment¶
By default, an on-premises deployment requires access to specific external services:
| URL/Endpoint | Purpose | Optional? |
|---|---|---|
ca.xclbr.com |
License registration, deployment certificate issuance, user certificate management, and license tracking | No |
www.googleapis.com:443 |
Device integrity verification | Yes (can be disabled in security policies) |
playintegrity.googleapis.com:443 |
Device integrity verification | Yes (can be disabled in security policies) |
Connectivity Options¶
- HTTP Proxy Support — all external service connections can be configured to use an HTTP proxy within your infrastructure, allowing for controlled internet access.
- Device Integrity Checks:
- These can be disabled through security policies for environments with restricted internet access.
- For iOS devices, Excalibur can perform device checks offline without accessing third-party services.
Fully Offline Deployment Options¶
For organizations requiring complete air-gapped environments:
-
On-Premises CA Mirror — for larger deployments, a mirror of the cloud Certificate Authority (CA) can be set up within your infrastructure. This option:
- Eliminates the need for external connectivity
- Requires additional implementation effort
- Results in reduced license usage visibility for the Excalibur team
- Requires a specialized contract with an alternative licensing model
-
Custom Licensing Arrangements — for fully offline deployments, contact the sales team at sales@xclbr.com to discuss specific requirements and custom licensing options.
Info
The cloud CA connection is essential for the standard licensing model. It enables user certificate issuance when users register and certificate revocation when users are removed from the system.