3

supported cloud providers

2

operational models (managed / self-managed)

<10ms

Credential Gateway latency

100%

API parity with hosted platform [VERIFY: API parity for VPC]
WHY MULTI-TENANT ISN'T ALWAYS ENOUGH
Financial services firms require compute touching proprietary code to run inside infrastructure they control. Healthcare companies processing HIPAA-regulated data need to dictate where compute occurs and who manages encryption keys. Defense contractors operate under frameworks that prohibit sensitive workloads on third-party infrastructure. These are not edge cases -- they represent the default posture for a significant share of the enterprise market. If your AI agent infrastructure cannot meet these requirements, it is excluded from evaluation regardless of product quality.
Learn how Runloop solves this
-- Engineering Lead, Series B AI Startup
EXECUTION INFRASTRUCTURE FOR TRAINING LOOPS

The full Runloop platform, inside your cloud account

Deploy to VPC gives you the complete platform -- devboxes, blueprints, snapshots, benchmarking, Credential Gateway, MCP Hub, and all orchestration services -- running as a single-tenant deployment inside your own cloud account. Your data never traverses networks you do not control. Every resource is provisioned declaratively using Pulumi IaC, and delivery is managed through ArgoCD with cryptographically signed artifacts.

```python
import runloop

# Same SDK, same API -- whether hosted or deployed to your VPC
devbox = runloop.devboxes.create(
    blueprint_id="secure-agent-env",
    metadata={"deployment": "customer-vpc"}
)

# Your infrastructure, Runloop's platform
job = runloop.benchmark_jobs.create(
    name="internal-eval-q1",
    scenarios=proprietary_scenarios,
    config={"concurrency": 100}
)
```
npm install @runloop/api-client
```typescript
import Runloop from 'runloop';

// Same SDK, same API -- whether hosted or deployed to your VPC
const devbox = await runloop.devboxes.create({
  blueprintId: 'secure-agent-env',
  metadata: { deployment: 'customer-vpc' }
});

// Your infrastructure, Runloop's platform
const job = await runloop.benchmarkJobs.create({
  name: 'internal-eval-q1',
  scenarios: proprietaryScenarios,
  config: { concurrency: 100 }
});
```
npm install @runloop/api-client
```bash
# Same CLI, same commands -- whether hosted or deployed to your VPC
runloop devbox create --blueprint secure-agent-env \
  --metadata '{"deployment": "customer-vpc"}'

# Run evaluations inside your boundary
runloop benchmark run \
  --name "internal-eval-q1" \
  --scenarios ./proprietary-scenarios.yaml \
  --concurrency 100
```
npm install @runloop/api-client
badge

Everything in the hosted platform, inside your boundary

Four infrastructure guarantees from the [Runloop Platform](/product) for enterprise compliance.

Full Platform

Devbox lifecycle, Credential Gateway, MCP Hub, and benchmark orchestration with comparative analysis. The deployment model changes; the platform does not

Declarative Infr

Pulumi IaC for all cloud resources. ArgoCD for continuous delivery with Cosign/Sigstore signed artifacts. Full state file available for customer review.

Your Security Boundar

Customer-managed encryption keys via KMS. Network egress rules under your control. Audit logs to your SIEM. IAM following your organizational standards.

Integrated Evaluation

BenchmarkJobDef templates for repeatable evaluation inside your VPC. Credential Gateway and MCP Hub operate within your network. No other BYOC includes evaluation.

From account provisioning to steady-state operations

Four phases from initial setup to production deployment.

Process card icon.
Radar.
01
Account and Role Provisioning

Provision a dedicated cloud account. Create a scoped IAM role (runloop-setup) with CloudFormation, Terraform, or ARM template. Purpose-built for provisioning, designed to be disabled after use.

Green light and grid of the progress.
chat bubble icon
Radar.
02
Infrastructure via Pulumi IaC

Execute Pulumi to provision managed Kubernetes, PostgreSQL, object storage, private registry, VPC with private subnets, IAM with workload identity, KMS, and audit logging. Full state file for review.

White light and grid of the progress.
chat bubble icon
Radar.
02
Application Delivery via ArgoCD

ArgoCD deploys from signed Helm charts in your private registry. Artifacts built in Runloop CI, signed with Cosign/Sigstore, pushed to your registry. Continuous reconciliation of desired vs. actual state

White light and grid of the progress.
chat bubble icon
Radar.
02
Customer Audit and Role Disable

Review all provisioned resources. Verify IAM, network boundaries, and API action trail. Disable the provisioning role. Steady-state access: K8s RBAC + workload identity only. No standing admin access.

White light and grid of the progress.

Runloop is the only BYOC platform that includes integrated evaluation infrastructure -- Credential Gateway, MCP Hub, and benchmark orchestration -- inside your VPC deployment.

What separates Runloop's BYOC from alternatives

Four capabilities no competing BYOC deployment provides.

Evaluation in Boundary

Benchmark orchestration, BenchmarkJobDef templates, and comparative analysis -- all within the customer's compliance boundary. No other BYOC ships evaluation.

Credential Gateway

Runs entirely within the customer's VPC. Real credentials never leave the network boundary. No competing BYOC provides an equivalent credential isolation mechanism.

Full Platform

Many BYOC offerings provide sandboxed environments without integrated capabilities. Runloop deploys the complete stack: devboxes, blueprints, snapshots, orchestration, and security.

F.A.Q

VPC deployment questions

Common questions about deploying Runloop inside your cloud boundary.

What is the difference between Managed and Self-Managed VPC deployment?
Does a VPC deployment have the same features as the hosted platform?
Which cloud providers does Runloop support for VPC deployment?
How are platform upgrades handled in a VPC deployment
Can I run an air-gapped deployment with no outbound network access?
More questions? Visit our docs or send us a message