Deployment
Guidance for deploying Edison Watch in enterprise environments.
Edison Watch deployments vary by environment (on-premise, VPC, or air‑gapped). This guide focuses on the deployment decisions you need to make. Exact hostnames, ports, and firewall rules are configured as part of your rollout.
What you deploy
- Edison Watch service: The control plane that enforces policy and serves the admin dashboard.
- Client connectivity: Your AI clients (Cursor, Claude Code, etc.) connect to Edison Watch over your standard HTTPS entrypoint.
Deployment checklist
- TLS termination: Terminate TLS at your reverse proxy / ingress.
- Authentication: Configure your organization’s auth (SSO) and admin access.
- Persistence: Ensure Edison Watch state (configuration + audit data) is stored on durable storage.
- Outbound egress: Allow outbound access only to:
- Approved MCP servers (internal or external), and
- Your SIEM endpoint if SIEM streaming is enabled (e.g., Splunk HEC).
- Logging: Forward Edison Watch logs to your standard log pipeline.
Need enterprise deployment assistance? Contact our team.