SDNS Vision How It Works Sovereignty Safer Together Integration Use Cases
Integration

How it plays with the rest of the orchestra.

SDNS is the meta-control plane above NIVMIA, IVMIA, OpenUTM, and VaultSync — federation, not orchestration. The specialists stay sovereign in their specialty; the Quorum is where they reach decisions together. Here's what each product gains when they talk to each other through the shared databus.

Each section keeps its expertise. The score is shared.

A violinist is better at violin than the conductor. A percussionist knows percussion better. The conductor doesn't take over — the conductor provides the shared context: tempo, dynamics, cues. That's the relationship between the shared databus and the individual DEC-LLC products.

Each product stays fully functional on its own. NIVMIA manages your network today without the others. IVMIA manages your VMs today without them. OpenUTM guards your perimeter today without them. VaultSync protects your data today without them. What changes when the products are connected: they stop being four separate instruments and start being one performance.

What each product gains

Four expert products, one shared set of answers.

NIVMIA with the integrated suite

NIVMIA today logs into your switches, routers, and firewalls and tells you what's happening. Connecting it to the other products adds three things:

  • Who can NIVMIA log in as? Today, NIVMIA holds its own credentials for each device. With the shared databus, NIVMIA gets a coordinated identity — and when that identity is rotated, every connection rotates at the same time.
  • Which devices exist? Today, you tell NIVMIA which devices to watch. Through the databus, the inventory is a shared record — new devices added to the directory show up in NIVMIA's watch list automatically.
  • Which rules should be enforced? Today, NIVMIA reports drift from a baseline you define. With the integrated suite, the baseline is a shared policy — and a change to the baseline propagates to every device NIVMIA manages.
NIVMIA alone tracks every device, but its inventory, credentials, and baselines sit inside NIVMIA and drift from what the rest of the suite sees. Connected through SDNS, every change — new devices, rotated credentials, updated baselines — propagates in both directions, so what NIVMIA enforces matches what IVMIA, OpenUTM, and VaultSync understand.

IVMIA with the integrated suite

IVMIA today manages virtual machines across VMware, Proxmox, Hyper-V, and cloud providers. Connecting it brings:

  • Consistent VM naming and ownership. A VM created through the integrated suite gets a name from your directory, an owner from your identity, and tags from your policy — automatically and uniformly, regardless of which hypervisor it lives on.
  • Policy-driven placement. "This VM contains customer data, so it can only run in the PCI zone" is a rule the shared policy store enforces; IVMIA doesn't have to carry that rule separately.
  • Unified certificates for VM-to-VM traffic. When your VMs talk to each other encrypted, they use certificates issued by your own infrastructure — not a patchwork of self-signed or per-hypervisor certs.
IVMIA alone treats each hypervisor platform independently, so naming, ownership, placement rules, and cert issuance have to be authored per platform. Connected through SDNS, a single workload policy applies across every platform IVMIA manages — VMware, Proxmox, Hyper-V, cloud — uniformly.

OpenUTM with the integrated suite

OpenUTM today is firewall, VPN, intrusion detection, and content filtering. Connecting it:

  • VPN users come from your directory. No separate VPN account database. When someone leaves, revoking them in the shared directory revokes their VPN access instantly.
  • Firewall rules reference your policy, not raw IPs. "HR laptops can reach payroll" is a rule — not a list of IPs that drift as laptops change.
  • Certificates for VPN and management interfaces come from your own CA. No dependency on public certificate authorities for internal secure connections.
OpenUTM alone enforces firewall and VPN policy against its own local identity store, which has to be kept in sync with the rest of your systems. Connected through SDNS, OpenUTM references the live directory and shared policy, so identity revocations and additions propagate automatically — not on the next manual sync.

VaultSync with the integrated suite

VaultSync today backs up VMs, physical servers, workstations, configs, and mobile devices. Connecting it:

  • Backup policies live in one place. "Customer-data systems: daily backup, 7-year retention, encrypted with keys from the shared certificate store" is a single rule, not a copy-pasted configuration per system.
  • Encryption keys rotate with the rest of your infrastructure. Backup encryption keys are managed through coordinated certificate management — and they rotate on the schedule your policy defines.
  • Restore authorization uses your identity. A restore request is an action attributed to a specific person from your directory, with approval by whoever your policy designates.
VaultSync alone runs on its own schedules, retention rules, and encryption keys, disconnected from the policy the rest of your infrastructure uses. Connected through SDNS, backup cadence, retention, key rotation, and restore authorization all flow from the shared policy — so backups obey the same rules as the systems they protect.

One screen, four expertises

What "single pane of glass" actually feels like.

Your Infrastructure — unified through SDNS Network (NIVMIA) ✓ 47 devices online ⚠ Port 14 on 10GSwitch-2 dropping 8% ✓ Config drift clean 3 firmware updates available last scan: 3 min ago Compute (IVMIA) ✓ 124 VMs across 4 hypervisors ✓ All capacity thresholds green ⚠ app-db-03 idle 11 days, orphan? 2 hosts need maintenance reboot last sync: 1 min ago Security (OpenUTM) ✓ All firewall rules current ✓ VPN: 14 active sessions ⚠ 3 blocked scans from 203.x.x.x ✓ Certificates: 24/24 valid last event: 12 sec ago Data (VaultSync) ✓ Last night's backups: 47/47 OK ✓ Quarterly restore test: passed ✓ Retention within policy Next backup: 02:00 tomorrow last job: 6 hr ago
One view. Four domains. Each panel is the live report from that product's own brain — coordinated through the shared databus so they share identity, policy, audit, and context.

What stays the same when the products connect

  • Each product's CLI and API still work. If you have scripts that call NIVMIA directly, they keep working. The databus doesn't demand that every action go through it.
  • Each product can operate in isolation. If the databus is down for maintenance, your firewall still firewalls, your VMs still run, your backups still run.
  • Each product's upgrade path is independent. You can upgrade NIVMIA without upgrading the others. Versions are loosely coupled, not lockstep.
  • Your existing login accounts still work during transition. The shared directory adds a unified identity layer — it doesn't demand you abandon the directories you have on day one.

The orchestra is better together than alone.

Each DEC-LLC product is strong on its own. Connected through SDNS, they become infrastructure that moves as one.

See Real Scenarios Back to Vision