Skip to content

Platform Overview

What is Durantic?

Durantic is a unified control plane for bare metal and cloud infrastructure. It provides zero-touch provisioning, enterprise networking, and remote management of machines across bare metal, AWS, GCP, Azure, edge, and private cloud environments through a single dashboard and autonomous agents.

With Durantic, you can provision machines on demand, configure them declaratively, connect them over encrypted mesh networks, and manage them from a single system of record — regardless of where they run. No manual installation media, no console access required.

Key Concepts

Account

Your organization's workspace in Durantic. An account contains all of your machines, machine roles, secrets, mesh networks, and team members. Everything you manage in Durantic lives under your account.

Machine

A physical server managed by Durantic. Each machine has a hostname, one or more assigned roles, and an optional mesh network membership. Machines are registered with the control plane when the agent first connects, and they report hardware details, network state, and provisioning status in real time.

Agent

Lightweight software that runs on each machine. The agent communicates with the control plane over gRPC secured by mutual TLS (mTLS). It handles provisioning, configuration, mesh networking, and ongoing health reporting — all without requiring manual intervention on the machine itself.

Machine Role

A reusable configuration template written in Jinja2 that produces a cloud-init configuration. Roles let you define a machine's desired state — packages, users, network settings, scripts — and apply that definition consistently across any number of machines.

Mesh Network

A WireGuard-based encrypted overlay network that connects your machines. Mesh networks allow machines in different physical locations or networks to communicate securely as if they were on the same LAN, without exposing services to the public internet.

Provisioning

The process of installing an operating system onto a machine. Durantic streams an OCI (container) image directly to the machine's disk and applies a cloud-init configuration generated from the machine's assigned roles. The entire process is automated and driven by the agent.

Cloud-Init

An industry standard tool for configuring Linux machines on first boot. Durantic generates cloud-init configurations from your machine roles and delivers them to each machine during provisioning. Cloud-init handles tasks like setting hostnames, creating users, installing packages, and running setup scripts.

How It Works

Durantic follows a straightforward six-step flow to take a machine from registration to fully operational:

  1. Bootstrap — Generate a bootstrap token in the dashboard and boot the agent on the target machine (via CLI, ISO, or PXE).

  2. Connect — The agent connects to the control plane using the bootstrap token and obtains a unique mTLS certificate for ongoing secure communication.

  3. Configure — Assign one or more machine roles and, optionally, a mesh network to the machine through the dashboard.

  4. Provision — Trigger provisioning. The agent streams the OCI image to disk and applies the cloud-init configuration generated from the assigned roles.

  5. Reboot — The machine reboots into the newly installed production operating system with all configuration applied.

  6. Operate — The agent reconnects to the control plane, the WireGuard mesh is established, and the machine is fully operational and managed.

Architecture at a Glance

Durantic consists of several core components:

  • Control Plane — The central management layer. Includes the web dashboard, REST API, and gRPC server. Handles machine registration, certificate issuance, provisioning orchestration, and mesh network coordination.

  • Agent — Runs on every managed machine. Communicates with the control plane over gRPC/mTLS. Executes provisioning, applies configuration, manages WireGuard tunnels, and reports machine status.

  • OCI Registry — Stores the operating system images used during provisioning. The agent pulls images directly from the registry and streams them to disk.

  • WireGuard Mesh — The data plane for machine-to-machine communication. Each machine in a mesh network gets a WireGuard interface configured automatically by the agent, forming an encrypted overlay network.

  • MCP Server — Provides an AI integration layer, enabling large language models and AI agents to interact with the Durantic platform programmatically.