Skip to content
Aether Platform

Tenant Architecture

The Aether Platform’s tenant isolation model is designed to maximize both security and resource efficiency. Each customer tenant is assigned three independent Namespaces on Kubernetes.

3 Tenant Namespaces

1. CloudIDE Hosting Namespace

This area hosts the workspaces (IDEs) used directly by developers.

  • Role: Hosting VS Code and Jupyter environments for human interaction.
  • Isolation: Pods are further isolated per user within this namespace.

2. AI Namespace

This area is dedicated to background processes for AI Agents and MCP Servers.

  • Role: Hosting runtimes for autonomous agents (like Devin/Cursor) and MCP Servers for database connectivity.
  • Feature: Agents running here have independent lifecycles from the IDE and can execute tasks asynchronously.

3. Network Connectivity Namespace

The network gateway area that controls external connectivity and internal traffic.

  • Role: Hosts NCS (Network Connectivity Service) edge components to establish secure, VPN-less communication.
  • Integration: When an MCP Server in the AI Namespace accesses an on-premise DB, it effectively routes through this namespace.

Shared LLM Hosting

Conversely, the inference infrastructure for LLMs is provided as a Shared Namespace across the entire platform, rather than being allocated per tenant.

  • Reason: To maximize GPU resource efficiency (H100/A100) and eliminate cold start times.
  • Security: Requests from tenants are rigorously isolated and authenticated via the LLM Proxy, ensuring no data leakage between tenants.