Skip to content

Platform Overview

What is Durantic?

Durantic is a unified control plane for bare metal and cloud infrastructure. It provides zero-touch provisioning, enterprise networking, and remote management of machines across bare metal, AWS, GCP, Azure, edge, and private cloud environments through a single dashboard and autonomous agents.

With Durantic, you can provision machines on demand, configure them declaratively, connect them over encrypted mesh networks, and manage them from a single system of record — regardless of where they run. No manual installation media, no console access required.

Key Concepts

Provisioning

The process of installing an operating system onto a machine from scratch. Durantic implements zero-touch provisioning — taking a bare metal server or cloud VM from boot to production without manual intervention, console access, or installation media.

Key features:

  • OCI image streaming — The agent streams container images directly to disk with on-the-fly decompression. No temporary files, no image downloads to local storage.
  • Declarative configuration — Cloud-init configurations are generated from Jinja2 templates with deep merge, variable substitution, and encrypted secrets.
  • Agent self-injection — The installer agent copies itself into the production system during provisioning, so the machine remains managed after reboot.
  • Real-time progress — Watch installation progress live in the dashboard with detailed status updates and terminal access.

The entire process is orchestrated by the agent, with the control plane providing configuration and coordinating the installation flow.

Reprovisioning

The ability to reinstall a machine's operating system and reset its configuration. Reprovisioning uses the same zero-touch flow as initial provisioning — trigger it from the dashboard, and the agent handles the rest.

Use cases:

  • Change operating system — Switch from Ubuntu to Rocky Linux, or upgrade to a newer release
  • Reset configuration — Return a machine to a known-good state after failed experiments
  • Update base image — Roll out a new OCI image with updated packages or security patches

All machine metadata, role assignments, secrets, and mesh network membership are preserved during reprovisioning. The machine keeps its identity, certificate, and WireGuard keys.

Account

Your organization's workspace in Durantic. An account contains all of your machines, machine roles, secrets, mesh networks, and team members. Everything you manage in Durantic lives under your account.

Machine

A physical server managed by Durantic. Each machine has a hostname, one or more assigned roles, and an optional mesh network membership. Machines are registered with the control plane when the agent first connects, and they report hardware details, network state, and provisioning status in real time.

Agent

Lightweight software that runs on each machine. The agent communicates with the control plane over gRPC secured by mutual TLS (mTLS). It handles provisioning, configuration, mesh networking, and ongoing health reporting — all without requiring manual intervention on the machine itself.

Machine Role

A reusable configuration template written in Jinja2 that produces a cloud-init configuration. Roles let you define a machine's desired state — packages, users, network settings, scripts — and apply that definition consistently across any number of machines.

Mesh Network

A WireGuard-based encrypted overlay network that connects your machines. Mesh networks allow machines in different physical locations or networks to communicate securely as if they were on the same LAN, without exposing services to the public internet.

Cloud-Init

An industry standard tool for configuring Linux machines on first boot. Durantic generates cloud-init configurations from your machine roles and delivers them to each machine during provisioning. Cloud-init handles tasks like setting hostnames, creating users, installing packages, and running setup scripts.

How It Works

Durantic follows a straightforward six-step flow to take a machine from registration to fully operational:

  1. Bootstrap — Generate a bootstrap token in the dashboard and boot the agent on the target machine (via CLI, ISO, or PXE).

  2. Connect — The agent connects to the control plane using the bootstrap token and obtains a unique mTLS certificate for ongoing secure communication.

  3. Configure — Assign one or more machine roles and, optionally, a mesh network to the machine through the dashboard.

  4. Provision — Trigger provisioning. The agent streams the OCI image to disk and applies the cloud-init configuration generated from the assigned roles.

  5. Reboot — The machine reboots into the newly installed production operating system with all configuration applied.

  6. Operate — The agent reconnects to the control plane, the WireGuard mesh is established, and the machine is fully operational and managed.

Architecture at a Glance

Durantic consists of several core components:

  • Control Plane — The central management layer. Includes the web dashboard, REST API, and gRPC server. Handles machine registration, certificate issuance, provisioning orchestration, and mesh network coordination.

  • Agent — Runs on every managed machine. Communicates with the control plane over gRPC/mTLS. Executes provisioning, applies configuration, manages WireGuard tunnels, and reports machine status.

  • OCI Registry — Stores the operating system images used during provisioning. The agent pulls images directly from the registry and streams them to disk.

  • WireGuard Mesh — The data plane for machine-to-machine communication. Each machine in a mesh network gets a WireGuard interface configured automatically by the agent, forming an encrypted overlay network.

  • MCP Server — Provides an AI integration layer, enabling large language models and AI agents to interact with the Durantic platform programmatically.

Next Steps

Ready to start using Durantic? Continue to Account Setup to create your account and configure your first machine.