OriginChain docs
06 · deploy

Deploy - what the managed configuration gives you.

OriginChain is a managed SaaS - you do not run the engine, we do. This page walks through what the managed configuration provisions on your behalf, how to pick a region/configuration, which add-ons unlock what, and what the wider topology looks like once it's live.

Note for operators
Most customers can skip ahead to provisioning. The architecture and topology sections below are mainly informational - useful background on how your dedicated instance is laid out.

Tenant architecture

One managed instance per tenant - primary plus an optional sync replica in the same region - fronted by a per-tenant managed wildcard cert and a single hashed bearer token. No shared load balancer, no shared disk, no shared memory. Account & billing (signup, console) is global; your data stays in the region you pick.

Sharding, replicas, and high availability are engine-level concerns, not infrastructure tricks. There is one managed engine per tenant - nothing extra to schedule.

Choosing a region + configuration

configuration use RAM topology
Single-zone First production workload, prototypes, dev environments 8 GB No SLA. Single instance. Card required at signup; billed from day 1.
HA Production SaaS with SLA 16 GB Sync replica for fault tolerance, 99.9% SLA.
HA+ High-concurrency customer-facing SaaS 32 GB Primary + 2 replicas for fault tolerance, 99.95% SLA.
Enterprise Custom - HIPAA BAA, GDPR DPA, dedicated capacity by spec Per-contract terms, 99.99% SLA target.

Pricing multiplier: the home region is the base price; every other region adds 1.15× on compute and storage to cover cross-region operational overhead.

Selecting add-ons

Base configurations ship with the core engine, single-row CAS, boolean FTS, and continuous-archive PITR. Everything else is an opt-in monthly add-on you can add or remove any time. See /pricing#addons for line-item costs.

SQL Pro
Analytics workloads - JOIN, OUTER JOIN, GROUP BY, HAVING.
Vector Search
Embedding workloads - HNSW ANN with SIMD, filtered topk.
Full-Text Pro
Search workloads - BM25, phrase, Unicode, Snowball stemming.
Graph
Relationship workloads - neighbors, BFS, path, weighted Dijkstra.
Transactions
Multi-row OLTP - snapshot isolation with optimistic conflict detection.
Sub-Second PITR
Sub-second restore granularity. Continuous log archive.
Multi-Writer Cluster
Active-active cross-region replication. Enterprise - contact sales.

Add-ons attach to any configuration and bill on the next invoice. Toggle on or off from the console at any time; line items prorate to the day.

Provisioning

Click-to-running takes ~30 seconds. There are no manual steps; the console drives the whole flow.

1. Pick region + configuration
Console → New instance. There is a home region at base price; other regions carry a 1.15× pricing multiplier on compute + storage.
2. Click create
We provision a dedicated managed instance and, on paid configurations, a sync replica in the same region - both behind a TLS 1.3 listener with a managed wildcard cert under db.originchain.ai.
3. Copy your bearer
Console mints a securely hashed bearer token at instance creation. One active token at a time. Rotation is a single click and emits an audit-log entry; the prior token is honored for 60s to cover rolling deploys.
4. Connect
Endpoint is <tenant>.db.originchain.ai. Median time from click to first 200 OK on /health is ~30 seconds.

DNS & TLS

Each tenant gets a DNS record auto-provisioned at <tenant>.db.originchain.ai pointing at your instance. The managed wildcard cert under *.db.originchain.ai auto-renews; you never see the private key.

On failover the same DNS record is re-pointed at the promoted instance with a 60-second TTL - propagation is typically sub-minute.

Bearer rotation

Rotate from the console at any time. The new token activates immediately and the prior token stays honored for 60 seconds so a rolling deploy can swap without a 401-storm. Every rotation lands an entry in the per-tenant audit log with actor, timestamp, and source IP.

Replication topology

Paid configurations run a primary plus a sync replica in the same region. Commits durably acknowledge only once the replica also holds the commit: RPO is 0 in steady state, RTO is ~25 seconds via automatic failover (see ops → failover). Split-brain is fenced automatically so only one instance ever accepts writes.

Cross-region active-active replication is available on Enterprise via the Multi-Writer Cluster add-on. On other configurations, every byte stays in the region you picked.

Migration from existing data

Importing from Postgres? See Postgres ingest. For CSV / JSON / NDJSON dumps, see the bulk-load section in Insert → bulk. Connectors for DynamoDB and MongoDB are on the roadmap; in the meantime you can stream your dump through the standard bulk insert.