Run Diwan on your own metal.
Same code as Cloud. Your hardware, your network, your keys. No phone home, no telemetry, no SaaS dependency. The deployment posture your CISO and your legal team already approved.
What we ship
A signed bundle, a license file, an operator guide, and two days of our engineer's time. That is the entire delivery.
A signed install bundle
Docker compose with the Diwan app, MongoDB, nginx, and Let's-Encrypt automation. SHA-256 manifest, optional Cosign signature.
A license file
JSON envelope with tenant slug, plan tier, expiry, and feature gates. Verified locally; no callback to Diwan required to operate.
A 60-page operator guide
Hardware sizing, install, backup + restore, upgrade path, log rotation, monitoring hooks, break-glass admin recovery.
Two days of remote install
Our engineer pairs with your team over Teams/Zoom: deploy, smoke, hand off. Onsite available in Muscat for an additional fee.
A year of patch releases
Quarterly minor releases + out-of-band CVE patches delivered as a signed bundle to your operator email. Renewals optional.
Hardware sizing
Diwan is a Node + Mongo workload. It is not heavy. The numbers below are conservative; most customers run a tier larger than they need to leave room for backups + Mongo working set.
| Tier | Scope | CPU | RAM | Disk | Notes |
|---|---|---|---|---|---|
| Small board | Up to 25 active users · 1 tenant | 2 vCPU | 4 GB | 40 GB SSD | Fits comfortably in a single hypervisor VM. |
| Department | 25–150 users · up to 5 tenants | 4 vCPU | 8 GB | 120 GB SSD | Recommended baseline for ministries and SOEs. |
| Large org | 150–1,000 users · 5+ tenants | 8 vCPU | 16 GB | 500 GB SSD | Pair with daily snapshots; we ship the cron jobs. |
| Sovereign | Multi-site, HA, regulated | 16 vCPU+ | 32 GB+ | 1 TB+ SSD | Active/passive across two sites + offsite encrypted backup. |
Install in five steps
Typical install: under three hours from blank VM to first board login. Our engineer pairs with you the whole way.
Provision the host
Ubuntu 22.04 or RHEL 9, root SSH, an FQDN that resolves on your internal DNS, ports 80/443 reachable from your users.
Drop the bundle
scp the signed tar.gz to the host, verify the SHA-256, extract to /opt/almajlis.
Run setup
`sudo bash setup.sh` walks you through TLS (your cert or Let's-Encrypt internal), the admin email, and the seed password.
Activate the license
Place license.json in /opt/almajlis/etc/. The app verifies the signature on start; no outbound call needed.
Smoke + hand off
We run the same 104-check smoke we run on Cloud, then watch you log in as the first admin. Done.
Security posture
On-prem exists for a reason: no SaaS dependency, no shared infrastructure, no third-country data transfer. Here is exactly what changes vs Cloud.
You keep the keys
TLS private key, MongoDB credentials, JWT signing secret, and the Paymob webhook secret all live on YOUR disk. We never see them.
No phone home
On-Prem mode (MAJLIS_MODE=onprem) disables every outbound call: no telemetry, no auto-update check, no error reporter. The only outbound traffic is the OTP delivery you configure (your own SMTP / WhatsApp Business API).
Your network, your rules
Run it air-gapped behind your jump host. Restrict admin to a VPN range. The app does not require egress to function.
Audit log on your disk
Every admin action lands in /opt/almajlis/data/tenants/<slug>/audit.json as append-only JSONL. Ship it to your SIEM with rsyslog or Filebeat, we provide the example pipeline.
Source-available escrow
Enterprise on-prem customers can request source-code escrow with a third-party agent (Iron Mountain or Escrow Associates Oman). Triggered on Diwan ceasing operations or breach of support SLA.
Frequently asked
Do we need internet to run Diwan on-prem?
No. The app verifies the license file locally and runs entirely on your network. You only need outbound for the OTP channel YOU pick (your SMTP relay or WhatsApp Business API). Air-gapped deployments are supported.
How do we receive updates?
We email a signed tar.gz to your operator inbox. You verify the signature, drop it on the host, and run `bash upgrade.sh`. Rollback is a single symlink swap. We ship one minor release per quarter and out-of-band patches for any high-severity CVE.
Can we use our own MongoDB cluster?
Yes. Set MONGO_URL in the env file and Diwan will skip the bundled mongo container. Tested against MongoDB 6 and 7, both Atlas-equivalent self-hosted and Percona.
What about backups?
The bundle ships a daily mongodump cron + a per-tenant data/ tarball, both encrypted with the operator's public key. You decide where they go: NAS, offsite, S3-compatible object storage. We do not touch your backups.
Is the source code available?
On Enterprise tier we offer source-available escrow with a third-party agent. On Sovereign tier we deliver the source bundle directly under a perpetual evaluation + modification license, no redistribution. Cloud customers run the same compiled binary; the source is our IP.
Can we move from Cloud to On-Prem (or back)?
Yes, both directions. We provide an `almajlis export` command that produces a single tar.gz of your tenant data; the new host imports it on first boot. Cutover is typically a 30-minute window.
How is on-prem priced?
OMR 12,000 per year per tenant. Includes the install, the license, all updates for 12 months, and one year of email + WhatsApp support. Sovereign tier (HA, dedicated engineer, source escrow) is quoted separately.
Does fencing.om run on this same code?
Yes. fencing.om is the OFC tenant on Diwan Cloud. Every on-prem release is the SAME codebase the OFC runs on the SaaS, with the on-prem license envelope and outbound calls disabled. You inherit OFC's production hours every release.