How much can I save by moving from AWS/GCP/Azure to bare metal Kubernetes?

Typical clients save 60-80% on infrastructure spend. A client paying $15,000/month on EKS often pays $3,000-6,000/month on equivalent bare metal Kubernetes infrastructure.

What is air-gapped Kubernetes?

An air-gapped Kubernetes cluster is completely isolated from the internet with zero external attack surface. Required for defence, government, and highly regulated environments.

How long does a cloud repatriation to bare metal Kubernetes take?

A single-cluster deployment typically takes 2-6 weeks. A full application stack migration typically runs 6-16 weeks depending on complexity.

Do you offer fixed-price Kubernetes projects?

Yes. Every project is broken into clear stages with predefined fixed prices. You only pay when each stage is delivered to your satisfaction.

Bare Metal Kubernetes | Air-Gapped Private AI & LLMOps | Cut Cloud Costs 60-80%

Data Sovereignty

AWS Sydney isn't actually in Australia. Legally.

A data centre with an Australian postcode operated by a US company is subject to US jurisdiction. Under the US CLOUD Act, American authorities can compel AWS, Azure, and Google Cloud to produce your data — stored anywhere in the world — without Australian court oversight.

True sovereignty requires Australian ownership of the infrastructure layer, not just Australian geography. NEXTDC is Australian-owned. AWS is not.

Read the full analysis →

The CLOUD Act

US law enforcement can compel US companies to produce data stored on any server, anywhere — including AWS Sydney, Azure East Australia, and GCP Sydney.

The Privacy Act Gap

Australia's Privacy Act governs Australian organisations. It cannot override a US court order served on a US company. These are parallel frameworks with no override mechanism.

The Sugau Difference

Your hardware. Your colocation facility. Australian jurisdiction end to end. No foreign parent company. No CLOUD Act exposure. Auditors get definitive answers, not shared-responsibility disclaimers.

Our Approach

We Build It. We Teach It. You Own It.

Every consultant you've hired before hoarded knowledge to keep you dependent. We do the opposite. Every engagement ends with your team fully capable of running what we built — independently, without us.

01

We design it with you

Architecture decisions made transparently. You understand the reasoning before we write a single line of code.

02

We build alongside your team

Implementation happens with your engineers in the room. They learn by building with us, not watching from the side.

03

We transfer every piece of knowledge

Structured training, full runbooks, complete documentation. All automation code is yours — delivered on completion.

04

You run it. We're available when needed.

Optional fixed-rate retainer for the next-level problems. No lock-in. You can walk away fully self-sufficient.

No Dependency. By Design.

If your team can't run it after handover, we haven't finished the job.

Most consultants create dependency deliberately. We treat it as a failure condition. The result: clients who trust us enough to expand the engagement — not clients who feel trapped.

✓ All IaC code delivered to you — Ansible, Helm, everything
✓ Full runbooks for every operational procedure
✓ Staff training included in every engagement as standard
✓ Documentation written for your team, not our archive
✓ Optional ongoing retainer — not a requirement
✓ You can replace us. That's the point.

The Business Case

Why Move Off Cloud?

The cloud made sense when you were scaling fast and didn't know your workload. Now you do — and you're paying 3–5x what the same infrastructure costs on bare metal.

💰

Massive Cost Savings

Eliminate cloud markup and unpredictable scaling costs. Typical clients save 60–80% on infrastructure spend. 37signals saved $10M over five years repatriating from AWS.

🔒

Enhanced Security

Air-gapped bare metal clusters with zero external attack surface. Your data never leaves your infrastructure. Meets GDPR, HIPAA, DORA, and defence compliance requirements public cloud cannot guarantee.

⚡

Zero Compromise Performance

No noisy neighbours. No hypervisor tax. Dedicated resources and full NVMe Gen5 I/O. Your applications get the hardware they paid for — consistently, every time.

🛡️

Enterprise Redundancy

ZFS filesystem snapshots every 5 minutes with remote replication. Full cluster recovery from catastrophic failures in minutes, not hours. Automated DR tested regularly.

🤖

Fully Automated

Infrastructure as code for everything — Ansible playbooks and Helm charts reduce deployment time by 80%. Automated deployments, scaling, backups, and recovery.

📍

Your Choice of Location

Deploy in your own data centre or colocation facility. Full data sovereignty. Zero vendor lock-in — 100% open-source tooling with no dependency on any single cloud provider.

🧠

Private AI, Zero Data Leakage

Fine-tune open-source LLMs like Mistral on your own air-gapped infrastructure. Your proprietary data never touches a third-party API. Add intelligent capabilities — automated analysis, natural language interfaces, predictive features — while maintaining full security and compliance. The AI revolution, on your terms.

📉

Predictable, Fixed Billing

No more bill shock. Cloud invoices are unpredictable — egress fees, cross-AZ traffic, IOPS overages, and scaling surcharges compound silently. Bare metal gives you a flat, predictable monthly cost you can budget for with confidence. Your CFO will thank you.

🏛️

Full Regulatory Control

Own the entire audit trail. When regulators ask where your data lives, who accesses it, and how it's protected — you have definitive answers, not shared-responsibility disclaimers. Simplify compliance audits for GDPR, HIPAA, DORA, NIS2, and defence frameworks by controlling every layer of the stack.

Real Numbers

What Colocation Actually Costs

Most CTOs have never run an on-premise infrastructure analysis. Here's what the numbers look like for a representative mid-market workload — 10 servers worth of compute.

AWS Sydney — Monthly Cost

Compute — 10× m5.4xlarge on-demand$15,000–$20,000

Storage — EBS + S3$2,000–$5,000

Data egress fees$1,000–$3,000

Load balancers, NAT, misc$500–$2,000

Total monthly$18,500–$30,000

Bare Metal @ NEXTDC Sydney — Monthly Cost

2 full racks — NEXTDC S1/S2$4,000–$6,000

Hardware amortised over 3 years$5,000–$8,000

Network — flat rate, unmetered egress$500–$1,000

Management & monitoringIncluded

Total monthly$9,500–$15,000

40–60% saved every month

After year 3, hardware is fully amortised — savings accelerate further. Your CFO will ask why you didn't do this sooner.

Note: NEXTDC is Australian-owned. Your data at NEXTDC is outside US CLOUD Act jurisdiction. Your data at AWS Sydney is not.

Side-by-Side

How Does It Compare?

Every capability you rely on in managed Kubernetes — matched or exceeded — at a fraction of the ongoing cost.

“If you don’t like change, you’re going to like irrelevance even less.”

— General Eric Shinseki

We’re here for the ones who decided to move.

Feature	EKS / GKE	Sugau Bare Metal
Security & Compliance	✓	✓✓ Enhanced
High Availability	✓	✓ Multi-node control plane
Automated Backups	✓	✓ Every 5 min (ZFS)
Disaster Recovery	✓	✓ Fully automated
Monthly Cost (example)	$15,000	$3,000 – $6,000
Data Sovereignty	✗ Shared infrastructure	✓ 100% yours
Air-Gapped Option	✗ Not available	✓ Specialist capability
Vendor Lock-in	✗ High	✓ None — 100% open-source
Pricing Model	Variable / unpredictable	✓ Fixed & transparent
Network Throughput	Throttled / per-GB billing	✓ 25–100Gbps flat rate
Storage I/O	Provisioned IOPS tiers	✓ Raw NVMe Gen5 speed
Private AI / LLMOps	✗ Data leaves your control	✓ Air-gapped fine-tuning & serving
CLOUD Act Exposure	✗ Subject to US jurisdiction	✓ None — Australian infrastructure
Team Training Included	✗ Not offered	✓ Every engagement, as standard

Under the Hood

Technical Highlights

Everything you'd expect from a managed cloud — plus capabilities they can't offer at any price.

🗄️

Infrastructure

VM-based Kubernetes on bare metal. ZFS storage for instant snapshots. Multi-node control plane with automated failover. SR-IOV and DPDK for near-wire-speed networking.

💾

Backup & Recovery

ZFS snapshots every 5 minutes with configurable retention. Off-site replication to secondary location. Fully automated DR procedures tested and validated regularly.

🔐

Security

Air-gapped architecture with zero internet exposure. Network segmentation. Encryption at rest and in transit. CIS hardening — GDPR, HIPAA, and DORA ready.

📊

Monitoring

Complete observability: Prometheus, Grafana, and ELK. Custom alerts for your SLOs. Performance metrics, capacity planning, and anomaly detection.

✅

CI/CD Platform

Kubernetes-native CI/CD: GitLab CI, Jenkins, internal Git repos, and private container registries. Your entire dev platform on-premises — air-gapped if required.

🦾

LLMOps & GPU Infrastructure

End-to-end private AI pipeline: fine-tune open-source LLMs with Kubeflow, serve models at scale with vLLM on dedicated GPUs, and orchestrate the full lifecycle — training, evaluation, deployment, and automated retraining — entirely on-premises. Your data, your models, your competitive advantage. No tokens sent to external APIs. At a fraction of cloud GPU pricing.

Why Bare Metal Out-Performs Cloud Compute

Networking

Predictable Network Throughput

On bare metal you manage the physical NICs directly (25–100Gbps). Flat-rate capacity based on hardware limits — not billed per-GB or throttled by a cloud provider's virtual network stack.

Storage

Uncapped Storage I/O

Unlike cloud where IOPS are throttled or tied to expensive tiers, bare metal lets you saturate the full bus speed of NVMe Gen5 — without the noisy-neighbour effect of shared cloud storage.

Latency

Locality & Deterministic Latency

Eliminating the hypervisor gives applications direct CPU and memory access. Pod Affinity enables zero-hop PCIe-speed internal communication — eliminating jitter critical for databases and real-time APIs.

Hardware

Hardware-Specific Tuning

Leverage SR-IOV and DPDK for near-wire-speed networking. Hardware features that cloud virtual instances simply cannot expose or match at any price tier.

The Innovation

Enterprise-Grade Without the Complexity

Most bare metal setups need a team of specialists and months of work. Ours deploys from proven templates in weeks — fully automated, fully tested.

How it works
One lightweight virtualisation layer instead of a bloated OpenStack. VMs deploy from battle-tested templates in minutes, not hours — with performance you can measure and guarantees you can trust.

⚡ VMs in Minutes

Fully automated provisioning from templates. No manual setup, no waiting — production-ready VMs deployed in minutes.

📈 <10% Overhead

Near-native performance guaranteed. Less than 10% virtualisation overhead — your workloads run at bare-metal speed.

🔄 One Template, Unlimited VMs

Build once, deploy many. A single golden template scales to as many VMs as you need with zero drift.

🔒 Encrypted at Rest

All sensitive data encrypted on disk by default. Compliance-ready without compromise.

📸 Smart Snapshots & Offsite Sync

Incremental snapshots replicated offsite — only deltas are transferred. Fast, efficient, and storage-aware.

🛡️ Rapid Recovery

Full disaster recovery in minutes, not hours. This is not aspirational — it is what we guarantee.

How We Work Together

Zero Risk at Every Step

You never pay for something unproven. Every stage is built, tested, and validated on a parallel environment before touching your production systems.

01

We Analyse, You Decide

Up to 8 hours of free analysis. You receive a detailed cost comparison and migration roadmap. No commitment — if the numbers don't make sense, walk away with the report.

02

Fixed Price, No Surprises

Every stage has a predefined fixed price agreed before work begins. No hourly billing, no scope creep, no invoices you didn't expect.

03

Built & Tested in Parallel

Your new infrastructure is built alongside your existing systems. Nothing cuts over until it's fully validated. You only pay when each stage is delivered to your satisfaction.

04

Your Team Owns It

Full training, runbooks, and documentation. All automation code is delivered to you. Optional ongoing support at a fixed monthly rate — no lock-in.

Fixed-Price Model

You Know the Cost Before We Start

No hourly rates. No retainers. No variable billing. Every stage has a fixed price — you only pay when it's delivered to your satisfaction.

ENGAGEMENT MODEL

How Our Pricing Works

No hourly rates. No open-ended retainers. No surprise invoices. Clear, fixed costs for each defined stage.

Free Initial Assessment (up to 8 hours)We analyse your infrastructure, workloads, and cloud costs at zero cost to you.
Stage-Based Fixed PricingThe project is broken into clear stages, each with a predefined fixed price — agreed before we start.
Payment on DeliveryYou only pay when each stage is completed and delivered to your satisfaction.
Full TransparencyYou know exactly what you're getting and what it costs before we start each stage.

WHAT'S INCLUDED

Every Engagement Covers

Whether a single-cluster foundation or a full cloud migration, every project includes these as standard.

✓ Requirements analysis and custom architecture design
✓ Hardware procurement advisory for your workloads
✓ Full IaC implementation — Ansible playbooks & Helm charts
✓ Security hardening: SSH lockdown, network segmentation, encryption
✓ Backup and disaster recovery configuration and testing
✓ Monitoring stack: Prometheus, Grafana, ELK
✓ Staff training and full runbook documentation
✓ All automation code and config delivered to you
✓ Private AI/LLMOps pipeline setup — Kubeflow, vLLM, model fine-tuning & serving

Get Your Free Cost Analysis

Client Results

Trusted by Leading Organisations

Real projects. Real outcomes. From classified defence environments to full cloud repatriations.

“

It was a complex system in a completely offline environment with a very bespoke hardware configuration. He was brought on for his Kubernetes skillset which we needed to be added to the team. He took on the task with great enthusiasm, which required a lot of listening and understanding to the system requirements. We relied heavily on his ingenuity and innovation to develop a Kubernetes solution from the ground up.

✔ Fully air-gapped Kubernetes cluster — designed and deployed for classified defence operations after Thales France and Thales UK failed to deliver

Thales Group

Defence & Aerospace — Air-Gapped Kubernetes Deployment

“

Played a key role in establishing the foundational infrastructure for running Kubernetes on bare metal servers, replacing AWS EC2, EBS and VPC. His work included deploying the virtualisation layer and configuring the filesystem for data redundancy, encryption and compression. He implemented netboot from scratch and created a customised golden image for Linux VMs using Ansible, including SSH hardening and security configurations.

✔ Full AWS to on-site bare metal Kubernetes migration in 6 months — 70% AWS bill reduction

Phoenix Games

Gaming — Full AWS → Bare Metal Kubernetes Migration

Catalin Lichi — Bare Metal Kubernetes and DevOps Engineer, Sugau Pty Ltd

The Engineer Behind the Architecture

Why I Can Deliver What Others Can't

I am not just a Kubernetes administrator with CKA CKS CKAD — I am a seasoned infrastructure engineer. My foundation is built on over 15 years as a Linux Engineer and more than a decade as a specialist SUN Solaris Engineer, holding 6 professional Solaris certifications.

Since 2018, I have designed and delivered bare metal Kubernetes clusters for defence contractors, gaming companies, and enterprises with the strictest security requirements. Air-gapped environments, GPU-accelerated AI workloads, and full cloud repatriations — I've built them from the ground up and handed them over production-ready.

My unique strength is combining deep Kubernetes expertise with decades of foundational knowledge in networking, high-performance storage, robust security, and database architecture. The result: a truly custom-made, enterprise-grade solution tailored exactly to your needs — not a copy-paste cluster.

CKA — Kubernetes Administrator CKS — Security Specialist CKAD — App Developer 6× SUN Solaris Certified

15+

Yrs Linux

10+

Yrs Solaris

7+

Yrs K8s

Air‑Gap

Specialist

My LinkedIn Page Work Together

Free Assessment

Find Out What Your Cloud Is Really Costing You

Get a free 8-hour deep-dive into your infrastructure and cloud spend. You'll receive a detailed written report showing exactly what bare metal Kubernetes would cost — and what you'd save — before committing to anything.

Most clients discover they're overpaying by 60–80%. Are you?

✉clichi@sugau.com

🔗linkedin.com/company/sugau-pty-ltd

📍Sydney, Australia — serving clients globally

Typical Payback Period

4–8 Weeks

For a client spending $300K/month on AWS, a $100K fixed-price migration pays for itself in 4–6 weeks of cloud savings — and keeps saving every month thereafter.