Waypoint 01 · Approach

The Boundary.

N · 00°00' Heading 180°
10 waypoints
~18 min · written

An operating perimeter, drawn once. Held everywhere. The thing most of our peers treat as a checklist — and the thing we treat as half the offering.

CMMC + HIPAA — aligned perimeter Operational Systems orchestration · state store Identity & Access identity provider · policy-based access Hosted VDI vdi blade · dc/01 Private AI gpu · nvidia Compliance Enclave ssp · poa&m Financial Systems qb · stripe · bill SentinelEdge Operations Layer N · 000° E · 090° S · 180° W · 270°
Descend → 09 more waypoints Bearing 180° · Anchor
02. N · 12°30'
The Thesis

Half of what we deliver is the perimeter itself.

Most regulated mid-market companies didn't choose the architecture they ended up with. They accumulated it. One SaaS at a time, one BAA at a time, one "we'll figure out the audit story later" at a time. By the time a CFO asks an honest question — who actually holds our data right now? — the answer is a slide with twelve logos on it and a half-shrug.

That sprawl is the problem. Not the tools. Not the AI. The perimeter. Every additional vendor is another hole in the wall that a regulator has to be told about, another subprocessor on a BAA register, another login your IT lead has to rotate, another seam where evidence can fall through the floor.

We don't sell intelligence first. We sell the wall around the intelligence. The perimeter is drawn once, by us, on infrastructure we operate. Everything inside it — your operational systems, your identity, your hosted desktops, the AI — inherits the wall. That's the offering.

Before · the sprawl
EHR SaaS Billing Payroll CRM Workflow Storage AI API Auth SaaS RPA tool Vector DB Backup co. + 6 more
After · one boundary
SentinelEdge
One perimeter · One SSP · One operator
03. N · 30°00'
Defined — five layers

"One boundary" means five things at once.

A perimeter isn't a single line on a network diagram. It's five overlapping layers — and we hold every one of them under the same roof.

i.Physical
Physical perimeter
A datacenter cage that an auditor can walk. Power, cooling, building controls, badge-controlled doors, video — all owned. Not a colo subtenant arrangement that has to be re-explained to an auditor every visit.
Established at
  • Dallas · DC/01 anchor
  • New Jersey · DC/02 (build-out)
  • SOC2-aligned facility ops
ii.Network
Network isolation
Each client gets their own VLAN. East-west traffic between clients is impossible by design, not by policy. The "shared platform" boundary problem doesn't exist when there is no shared platform.
Enforced via
  • Per-client VLAN
  • Edge firewall + IPS
  • Egress allow-listing
iii.Identity
Identity perimeter
Every human touching the boundary authenticates through one identity provider, with policy-based access tied to device posture and geography. The "who" of every action is provable from a single source of truth.
Built on
  • Enterprise identity provider
  • Policy-based access controls
  • Role-based scoping
iv.Application
Application perimeter
Workspaces live on hosted desktops we operate. Source systems sit in our network, addressable only from inside the boundary. There is no public surface to defend, because the working surface is already inside.
Operated as
  • VDI Blade · hosted desktops
  • Internal-only app endpoints
  • Workflow orchestration on our state store
v.Data · AI
Data & AI perimeter
The AI never leaves. Inference runs on our GPU footprint, on our network, behind the same identity wall as everything else. Your protected data is never a payload to somebody else's training pipeline.
Inferred on
  • NVIDIA GPU footprint
  • Private model endpoints
  • RAG over your corpus only
04. NE · 45°00'
Inside the perimeter

Six systems. One wall.

Scroll. The diagram on the left highlights each system as you reach it on the right.

Operational Systems orchestration · state store Identity & Access identity provider · access policies Hosted VDI vdi blade Private AI nvidia gpu Compliance Enclave ssp · poa&m Financial Systems qb · stripe · bill SentinelEdge Operations Layer
Node 01N · 000°

Operational Systems.

The workflows that actually move money. Patient intake, claim follow-up, punch-edit and payroll audit, vendor onboarding — the kind of work that used to live in a shared spreadsheet and a memorized process inside one person's head.

We model the workflow as data, not as a tool. Our orchestration engine holds the flow, our state store holds the truth. Both run on our boundary, addressable only from inside.

Stack workflow orchestration · transactional state store · scheduled jobs · CFO-grade evals on every automated decision
Node 02NE · 060°

Identity & Access.

One identity provider for every human and every system on the boundary. Policy-based access enforces device posture, geography, and risk score before a session is granted. The auditor's "who, what, when" question has a single answer.

For defense-contractor engagements, this is the difference between "we have policies" and "we have proof."

Stack enterprise identity provider · policy-based access · role-based scoping · auditable session logs
Node 03E · 120°

Hosted VDI.

Your staff sign in to a desktop that lives inside the boundary. The PHI, the CUI, the spreadsheet with the deal model — none of it ever materializes on a laptop a USB drive can reach. The workspace is the perimeter.

For staff, the experience is a familiar Windows desktop. For an auditor, it's a documented control.

Stack vdi blade · per-client VLAN · session recording on sensitive roles · 24/7 ops
Node 04S · 180°

Private AI.

Inference runs on GPU we own, on a network we control. Your protected data is the prompt, not the training set. We don't fine-tune models on it. We don't ship it to a third-party endpoint just because it's the convenient API.

This is the layer most "AI consultancies" can't actually offer — because they don't host anything.

Stack nvidia gpu footprint · private endpoints · RAG over your corpus · zero data egress
Node 05SW · 240°

Compliance Enclave.

The unglamorous engine. Your security plan and the running list of open items stay current as the system operates — not as a PDF that got dusty after the last audit. Evidence accumulates day by day, not in a panic the week before the walk-through.

This is the part of the offering most clients don't know they're buying until their first audit comes around. Then it's the only part they want to talk about.

Stack ssp · poa&m · continuous monitoring · evidence pipeline · audit-ready exports
Node 06NW · 300°

Financial Systems.

The systems that run a modern operations team — general ledger, payments, AP automation, spend management, CRM — were never designed to talk to each other. We sit in the middle of them, inside the boundary, and produce the unified ledger the finance team actually wants.

Close, reconciliation, investor reporting — operated by us, not handed off as a "tool" your team has to keep alive.

Stack general ledger · payments · AP automation · spend management · CRM · unified
05. E · 090°00'
Sprawl vs. one boundary

What an auditor sees when they walk in.

A typical regulated mid-market stack vs. a SentinelEdge-hosted one. The technology isn't the variable. The perimeter is.

Dimension
Without us · sprawl
With us · one boundary
Distinct vendors in scope
10 – 14typical regulated stack
OneSentinelEdge
Infrastructure-layer BAAs
6+cloud, model APIs, observability, backups
Onecovers the infrastructure layer · your app-vendor BAAs (EHR, RCM, payroll, scheduling) stay as they are
SSP boundary diagram
~12 boxesmost pointing to public-cloud regions
One enclavephysical address · one operator
Identity providers
3 – 5one per SaaS tenant family
OneEnterprise IdP, policy-based access across all
Where AI inference happens
OpenAI · Anthropic · model APIsegress through public internet
Our GPU footprintnever leaves the perimeter
Who you call at 2am
11 support portalsseverity-2 SLAs and a chatbot
One numberrings to the operator
Audit walk-through
Weekscross-referencing twelve vendor SOC2s
One daywalk into Dallas. Get evidence on the way out.
06. SE · 135°00'
Admission & refusal

What gets in. What doesn't.

A boundary is only as useful as what it refuses. Half of running one is saying no — to integrations, to data flows, to convenient shortcuts that auditors quietly hate.

Admitted

Comes in.

  • A · 01

    Authenticated humans, scoped

    Through one identity provider with policy-based access. Device posture verified. Geography matters. Role-bound from the first click.

  • A · 02

    Source-system reads

    Read-only, allow-listed, observable. We integrate with your EHR, ERP, CRM — we don't replace them, and we don't punch egress holes on the way in.

  • A · 03

    Inference prompts

    Your data goes to our private model endpoints inside the boundary. The model never trains on it. The data never leaves.

  • A · 04

    Auditor evidence requests

    SSP, POA&M, control evidence, session logs. We produce on request because we produce on schedule.

Refused

Stays out.

  • R · 01

    Third-party model endpoints

    If a workflow can only be done by shipping protected data to a public model API, we redesign the workflow. We don't drill a hole in the boundary.

  • R · 02

    Personal devices

    The boundary doesn't end at "we trust our staff." A personal laptop is an unmanaged endpoint. It connects through VDI or it doesn't connect.

  • R · 03

    Convenience integrations

    The Zap, the RPA bot, the browser extension that wants to "automate one little thing." Each one is a hole. We say no, and then we build the thing inside the boundary.

  • R · 04

    Day-one autonomous action

    The autonomy ladder is non-negotiable. We start at observation, climb only as evals hold, even when the client asks us to skip ahead.

07. S · 165°00'
Evidence & audit

What an auditor walks out with.

The boundary is only the wall. The evidence is the receipt that the wall held. We produce both — continuously, not at audit time.

SSP · §AC-3
Artifact 01 · System Security Plan

Access Enforcement

CMMC 2.0 / NIST SP 800-171 r3
Control

The system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Implementation

Identity provider policy-based access enforces role-based authorization at session establishment. Workstation access scoped via Hosted VDI groups; source-system access scoped via allow-listed service principals. All sessions logged to the enclave audit trail.

Last reviewed

2026-04-18 · SE-OPS · principal sign-off

POA&M · open
Artifact 02 · Plan of Action & Milestones

Open items, in motion

Sample row · redacted
IDControlStatusTarget
P-026SI-4 monitoringIn progress2026-Q3
P-027IR-4 incident planClosed
P-028CM-7 least functionalityIn progress2026-Q3
P-029AU-6 audit reviewClosed
P-030SC-7 boundary defenseRe-validate2026-Q4
Audit log · 24h
Artifact 03 · Continuous audit trail

The last 24 hours of the boundary

Excerpt · timestamps in CDT · DC/01
02:14:08 [OK] Backup window completed · enclave · 14m23s · 4.2 TB
04:00:12 [OK] Access policy · policy refresh · 0 deltas
07:48:33 [WATCH] Unusual login geo · resolved within 90s · session re-auth required
09:02:11 [OK] Workflow run · billing-followup · 1,418 records · zero errors
11:30:45 [OK] Private AI inference · 8,204 prompts · 0 egress events
14:15:09 [OK] VDI session pool · 64 active · 0 quarantine flags
19:55:01 [OK] SSP evidence export · packet 2026-W17 · sealed
"We didn't have to assemble the audit. We had to explain what we already had."
— Compliance officer · defense contractor engagement · 2026
08. S · 175°00'
The 2am principle

When the boundary slips, the phone rings to us.

A perimeter is not a deliverable. It's a posture. Posture has to be held — every day, on every shift, including the ones nobody wants. We don't subcontract the operations layer to a managed services partner who couldn't speak to your CFO about what just happened. We hold it ourselves. Principal-led, on-call, on the same boundary every other client sits inside.

The log on the right is real shape, not a real client. It's what an incident looks like when you've drawn the boundary right and operated it long enough to know where the cracks form first.

Incident · INC-26-044 Dallas · DC/01
02:11:09DETECTUnusual egress attempt blocked at perimeter · subprocess on VDI-04
02:11:14AUTOSession quarantined. Step-up authentication challenge issued. 0 data lost.
02:12:02PAGEPrimary on-call paged · principal · acknowledged 22s
02:17:45TRIAGERoot cause: outdated browser extension on hosted profile · contained to VDI-04
02:31:11RESOLVEProfile rebuilt · extension allow-list updated · session restored
02:33:00NOTIFYClient CISO emailed with timeline · evidence packet attached
06:00:00AMAll systems nominal. Workday begins on schedule.

"Every other vendor I deal with has a portal. You picked up the phone." — Practice administrator · healthcare client · 2026

09. S · 180°00'
Two facilities · one boundary

One boundary. Drawn in two places.

An anchor in Dallas. A second site coming online in New Jersey. Same perimeter, doubled — for geographic redundancy, East Coast client proximity, and the regional separation some emerging frameworks now require.

Site 01 · Anchor Operational
Dallas, TX · DC/01

The anchor.

Where the boundary lives today. Owned cage, GPU footprint for both VDI and private inference, the first incident response shift every morning. The center of gravity of the business.

DAL · 32°47'N · 96°48'W BOUNDARY · HELD
GPU footprint
NVIDIA ×n
Network
VLAN per client
Uptime · 12mo
99.98%
Site 02 · East Coast Build-out
New Jersey · DC/02

The extension.

A second site to extend the same perimeter, East. Geographic redundancy for existing engagements, proximity for East Coast clients, and regional separation for compliance frameworks that are starting to ask for it.

EWR · 40°41'N · 74°10'W PERIMETER · PROVISIONING
Status
2026 Q4
Role
DR + East
Pairs with
DC/01 active-active
Anchor · S · 180°00' · waypoint 10

If the boundary is the answer to the question your auditor keeps asking

Discovery calls are direct with a principal, not a sales rep. Bring the audit finding that's keeping you up at night, the workflow that's eating your team alive, or just the half-finished question about what an AI-assisted operation could look like inside a perimeter you actually own. We'll be honest about whether we're the right shop.