# Managed + remote hybrid — Use case > Run the Manager where you trust it most and push Workers to wherever traffic lives — partner data centers, edge sites, sovereign zones, even air-gapped operators. *Platform teams · Hybrid · For platform teams* ## Run the control plane where you trust it. Push the runtime where the traffic is. Managed control plane in your central cluster, Workers in regions you might not even own. One source of truth, many runtimes, zero shared root access. [Request a demo](https://calendly.com/apinizer/15min) · [Read the docs](https://apinizer.com/developers/docs) --- ## The problem *The problem* ### Sometimes you can't put the gateway where the traffic is. A partner won't give you a kubeconfig. A regulator demands the data stays in-country. A factory floor goes offline twice a day. Most gateways collapse under any of those — the platform either gives up on the edge or hand-rolls a second installation. Apinizer's hybrid pattern keeps one Manager in charge while Workers run wherever, with no shared credentials and no shared blast radius. --- ## Capabilities ### Managed control plane Run the Manager on your most trusted cluster. It publishes definitions, holds the audit trail, and never sits in the runtime path. ### Remote Workers Push Workers to partner data centers, edge sites, or sovereign zones. The Manager pulls health and pushes definitions over a secure outbound channel. ### No shared root Partners never get keys to your cluster, and you never get keys to theirs. The Worker authenticates with a short-lived credential issued by the Manager. ### Survives WAN cuts When the link to the Manager drops, the Worker keeps serving on the last published definition. Reconciliation resumes when the WAN comes back. ### Data residency by design Traffic stays in the country the Worker runs in. Logs, metrics, and policy can be configured to never leave the local cluster. ### Air-gap mode Operators that cannot reach the central Manager pull a signed bundle on a schedule. The audit ledger reconciles when connectivity is restored. --- ## Real-world examples ### Banking **Scenario:** Aktif Bank-style retail bank serves branch APIs from in-country edge **Outcome:** Central Manager in Istanbul publishes to Worker clusters at four regional sites. Each Worker handles branch traffic locally; nothing leaves the country. ### Automotive **Scenario:** Stuttgart OEM ships Workers into Tier-1 supplier data centers **Outcome:** Suppliers run Apinizer Workers locally for parts integration. The OEM owns the definitions; suppliers own their operating environment. **Metric:** 9 suppliers, 0 shared keys ### Government **Scenario:** Riyadh ministry runs the Manager in a sovereign cloud, Workers on-prem **Outcome:** Definitions published from a national sovereign cloud. Workers in legacy on-prem clusters reconcile inbound; no public endpoint exposed. ### Healthcare **Scenario:** Lyon hospital network runs HIS APIs on a hospital-local Worker **Outcome:** Patient data never leaves the hospital. The Manager in the regional health authority publishes policy and receives sanitized telemetry. **Metric:** 0 PHI egress ### Energy **Scenario:** Baku utility serves SCADA APIs from an air-gapped operator network **Outcome:** Air-gap mode: a signed bundle ships nightly. The operator network never establishes outbound to the Manager; audit reconciles weekly. ### Telecom **Scenario:** Bucharest carrier runs Workers at 230 partner edge POPs **Outcome:** Partner POPs run Workers for B2B traffic. The Manager publishes to all of them in parallel; rollout time goes from weeks to minutes. **Metric:** 230 edges ### Manufacturing **Scenario:** Gothenburg factory floor survives twice-daily WAN cuts **Outcome:** When the WAN drops at shift change, the local Worker keeps serving MES APIs. Reconciliation picks up when the link returns; the line never stops. ### Public sector **Scenario:** Doha ministry handles partner integration without shared credentials **Outcome:** Partner data centers run Workers under their own ops. The ministry's Manager publishes policy and pulls health; partners never see ministry secrets. --- ## Manager publishes outbound. Workers reconcile inbound. - **01 · Decide where the Manager lives** — Pick the cluster you trust most — central, regional, sovereign. The Manager never carries production traffic. - **02 · Provision remote Workers** — Install Workers in partner, edge, or air-gapped environments. They register with the Manager using a short-lived credential. - **03 · Publish definitions** — Apply once on the Manager. Each Worker reconciles on its own schedule — minutes for online, hours/days for air-gap. - **04 · Operate at distance** — Health, lag, and audit roll up to the Manager. Partners and operators keep ops local; you keep policy central. --- ## Recommended modules - [API Gateway](https://apinizer.com/products/api-gateway) — The Worker pattern designed for managed + remote: short-lived credentials, inbound reconcile, local survival. - [AI Gateway](https://apinizer.com/products/ai-gateway) — Same hybrid pattern for LLM and agent traffic — keep model calls in-region, govern from the center. - [Monitoring](https://apinizer.com/products/monitoring) — Probes that run inside each remote Worker; alarms that escalate when reconcile lag crosses a threshold. - [Analytics Engine](https://apinizer.com/products/analytics-engine) — Per-Worker traffic and health — see what each remote site is doing without ssh'ing into it. --- ## Resources - [Managed + remote topology](https://docs.apinizer.com/en) — How the Manager pushes policy outbound while Workers reconcile inbound — even from air-gapped networks. - [Architecture overview](https://docs.apinizer.com/en/concepts/architecture) — Control plane / data plane separation with no shared root between sites. - [Three-tier permissions](https://apinizer.com/solutions/three-tier-permissions) — Project / environment / endpoint scopes apply identically across managed and remote Workers. - [Analytics Engine](https://apinizer.com/products/analytics-engine) — Per-Worker, per-region, per-environment visibility. - [Multi-cluster deployment](https://apinizer.com/solutions/multi-cluster-deployment) — Topology patterns when you do own every cluster in the picture. - [API Gateway](https://apinizer.com/products/api-gateway) — The Worker that runs anywhere Kubernetes runs. --- ## Related use cases - [Multi-cluster deployment](https://apinizer.com/solutions/multi-cluster-deployment) — For platform teams - [Hot deploy & cache](https://apinizer.com/solutions/hot-deploy-cache) — For platform teams - [Observability & audit](https://apinizer.com/solutions/observability-audit) — For platform teams - [Three-tier permissions](https://apinizer.com/solutions/three-tier-permissions) — For platform teams --- ## Next step *Hybrid, by design* **Put the runtime where the traffic actually lives.** A 30-minute walkthrough — managed control plane, remote Workers, air-gap mode — on a Kubernetes of your choice. [Book a Demo](https://calendly.com/apinizer/15min) · [Read the docs](https://apinizer.com/developers/docs) --- ## Links - Products: https://apinizer.com/products - AI Gateway: https://apinizer.com/products/ai-gateway - Solutions: https://apinizer.com/solutions - Pricing: https://apinizer.com/pricing - Developers: https://apinizer.com/developers - Documentation: https://docs.apinizer.com/index-en - Blog: https://apinizer.com/blog - Contact: https://apinizer.com/company/contact © 2026 Apinizer. All rights reserved.