Deployment Tiers#
What changes between tiers:
Identity scope — direct SSO → per-tier role mapping.
Operations model — self-service per workspace → fleet-managed by a dedicated platform team.
Audit centralization — per-workspace → centralized OCSF / SIEM.
Cost telemetry and budget controls — per-workspace meter → centralized FinOps integration with budget gates.
The pattern is the same across all five tiers; the difference is operational scale.
Table 8: Deployment Tiers
Tier |
Target Use |
Typical Shape |
Notes |
|---|---|---|---|
CPU VM |
Starter POC, low-intensity coding, documentation workflows |
Managed Linux VM |
Good first step for proving access, identity, connectors and audit |
GPU VM or workstation |
Agentic coding, test loops, local tools, moderate inference |
Managed Linux VM or workstation with GPU |
Good for teams standardizing agent workflows |
Deskside accelerated workstation |
Power users, researchers, local inference, sensitive context |
DGX Spark, DGX Station, RTX PRO workstation |
Fits long-running agent loops and local model options |
Team shared system |
Multiple users, larger models, shared datasets, heavier test workloads |
Shared DGX/HGX or GPU server |
Requires stronger scheduling, tenancy and data controls |
Platform fleet |
Broad enterprise rollout |
Managed fleet with package channels, policy distribution, telemetry, SIEM |
Requires signed releases, rollback, support ownership and incident process |
Device sanitization between users. GPUs and other stateful devices (VRAM, caches, scratch storage, NVMe local SSD) must be wiped between users — per-workspace reprovisioning is the basic mechanism.