High-Performance Architecture (HPA)BlogHigh Performance Computing (HPC)AI & Data
Blog24 minute read

How Rafay Simplifies Multi-Tenant GPU Workload Orchestration and Governance at Scale

Rafay Systems revolutionizes AI infrastructure by simplifying multi-tenant GPU orchestration and governance. It unifies complex environments into a secure, self-service platform, maximizing GPU utilization and enabling rapid AI innovation. Rafay's approach empowers platform teams to deliver efficient, compliant and scalable AI solutions, transforming operational challenges into strategic advantages.

In this blog

  1. From Kubernetes complexity to unified infrastructure orchestration
  2. Rafay: Purpose-built for platform teams operating at scale
  3. The modern platform imperative: A consumption-first strategy
  4. The architectural foundation for AI acceleration
  5. Core value propositions: From operational burden to strategic asset
  6. Use case & application scenario
  7. Implementation, adoption and integration
  8. Summary

The rapid rise of artificial intelligence and machine learning has created unprecedented demand for GPU-accelerated infrastructure. Enterprises are now investing heavily in compute capacity to power AI innovation, yet many struggle to operationalize these environments efficiently and securely. Platform engineering teams must manage increasingly complex stacks that span Kubernetes clusters, virtual machines, and bare-metal GPUs while maintaining governance, enforcing security, and optimizing utilization across clouds and data centers.

Multi-tenancy, which is the ability to safely and efficiently share infrastructure across multiple teams or customers, has emerged as a cornerstone of modern AI infrastructure. It maximizes utilization and reduces costs, but introduces new challenges related to governance, isolation, and performance consistency. Organizations require a platform that unifies orchestration, policy automation and self-service access into a single control plane.

Rafay Systems delivers this unified orchestration layer. Purpose-built for AI-driven enterprises and GPU cloud providers, the Rafay Platform abstracts away operational complexity across heterogeneous environments, enabling platform teams to deliver governed, self-service GPU infrastructure to developers and data scientists. With integrated policy controls, quota management, and multi-tenant automation, Rafay transforms infrastructure from a collection of silos into a composable, secure foundation for innovation.

 From Kubernetes complexity to unified infrastructure orchestration

Kubernetes remains a foundational technology for modern applications, but it is only part of a much larger orchestration challenge. While Kubernetes has established a consistent way to deploy and scale containerized workloads, enterprises now run a mix of VM-based, GPU-accelerated, and cloud-native environments that must operate under a single governance and automation framework. 

Industry analysis confirms that 93% of organizations struggle with Kubernetes management, a symptom of a broader issue: operational fragmentation. As infrastructure footprints expand across clouds, data centers and edge locations, the complexity of managing policies, lifecycle operations, and resource efficiency grows exponentially. 

This shift has catalyzed the rise of platform engineering, a discipline that goes beyond Kubernetes lifecycle management. Platform teams today are tasked with creating self-service, governed experiences for all forms of compute: Kubernetes clusters, virtual machines, and GPU workloads, so developers and data scientists can consume infrastructure on demand, securely and compliantly.

The market has evolved from Kubernetes management to infrastructure orchestration. While the first wave of innovation focused on container portability, the next one is about unifying the entire AI and high-performance architecture landscape.

This means bringing disparate environments, from on-prem data centers and specialized GPUaaS platforms to public cloud resources, together with existing cloud-native applications under a single control plane.

Without this unification, enterprises face persistent issues across their hybrid footprint: configuration drift, inconsistent governance, severe resource underutilization (especially of costly AI hardware) and slow AI adoption.

 Rafay: Purpose-built for platform teams operating at scale

Rafay delivers the orchestration fabric required for this new era of AI and cloud-native infrastructure. As a Platform-as-a-Service (PaaS) stack, it unifies Kubernetes, GPU, and multi-cloud operations into a single, governed platform.


Rafay enables platform teams to master three core imperatives:

  1. Operational Simplicity:
    Automates the full lifecycle of Kubernetes clusters and hosted applications—from initial provisioning to Day-2 operations—reducing manual intervention and drift.
  2. Enterprise-Grade Governance:
    Enforces security, compliance, and cost policies across globally distributed fleets through a unified control plane, ensuring consistency without sacrificing speed.
  3. Optimized AI/ML Workloads:
    Integrates GPU orchestration and scheduling natively, maximizing the utilization of costly compute resources and removing bottlenecks that slow down AI initiatives.

By abstracting operational complexity, Rafay transforms platform engineering from a reactive function into a strategic enabler of innovation. The platform provides not only technical unification but also organizational leverage, freeing teams to focus on accelerating developer velocity and deploying AI workloads with confidence.

This article provides an analysis of the Rafay platform, detailing its architecture, core value propositions, and technical differentiators. It serves as a guide for platform engineers, infrastructure architects, and technology leaders seeking to transform their practice from a source of operational burden into a strategic asset for innovation at scale. 

 The modern platform imperative: A consumption-first strategy

The demands facing today's platform teams are not isolated issues but a set of interconnected imperatives at the intersection of scale, security, and speed, with the ultimate goal of making it easy for developers and data scientists to effortlessly spin up the necessary infrastructure and tooling to build amazing new capabilities and features. A shortcoming in one domain directly influences the others, creating new complexities. An effective platform strategy must therefore address these forces in a unified and holistic manner.

 The Multi-tenancy mandate

For any enterprise operating at scale, multi-tenancy is not an optional feature but a foundational business requirement. The need to securely share infrastructure among different teams, business units, or even external customers is driven by three critical imperatives:

  • Security and Isolation: The primary mandate is to create strict boundaries that prevent one tenant's workload, misconfiguration, or security vulnerability from impacting another. Without robust isolation, a shared cluster becomes a single, large blast radius.
  • Resource Optimization: Dedicated clusters for every team or project are prohibitively expensive, especially when dealing with high-cost resources like GPUs. Effective multi-tenancy enables the consolidation of workloads onto shared infrastructure, dramatically increasing utilization rates and reducing costs.
  • Cost Accountability: To manage costs effectively, organizations must be able to attribute resource consumption back to the teams that incurred it. Multi-tenancy is a prerequisite for implementing FinOps practices, such as chargeback and showback, which fosters a culture of cost-consciousness.

 The AI infrastructure bottleneck

The explosion of Artificial Intelligence (AI) and Generative AI has created an unprecedented demand for high-performance computing (HPC). One key enabler driving this evolution of HPC and ML is the development of graphics processing unit (GPU) technology. This has exposed a critical gap in standard Kubernetes, which is not inherently designed for the efficient scheduling of these specialized resources. Conventional Kubernetes schedulers lack the awareness to handle fractional GPUs or time-slicing, often leading to severe underutilization where a single, non-intensive workload can monopolize an entire powerful GPU. Furthermore, data scientists and ML engineers require a seamless, self-service experience to access complex MLOps toolchains and curated environments. Platform teams, using traditional tools, struggle to provide this experience in a way that is secure, repeatable and governed, creating a significant bottleneck that slows down innovation.

 The governance and security imperative

In a distributed, multi-cluster environment, maintaining consistent governance and a strong security posture is a paramount challenge. Without a centralized control plane, enforcing corporate and regulatory policies (such as PCI for finance or HIPAA for healthcare) becomes a manual, error-prone process for each cluster. A critical vulnerability arises from configuration drift, where out-of-band changes made directly to a cluster create deviations from the approved standard, opening security holes and causing operational instability.

 The Developer Experience Paradox

Platform teams are caught in a constant tension between two competing demands. On one side, developers require autonomy and a frictionless, self-service experience to innovate and ship code faster. They cannot afford to wait days or weeks for infrastructure to be provisioned via a manual ticketing process. On the other side, central IT and security teams must enforce standardization, governance and control to ensure reliability, security and compliance. A critical goal of a successful platform engineering initiative is to resolve this paradox by providing "self-service with guardrails"—an experience that empowers developers while ensuring their actions remain within the safe and compliant boundaries defined by the platform team.

These challenges are deeply intertwined. For example, an organization's push to accelerate AI development requires giving data scientists self-service access to GPUs. To do this cost-effectively, these GPUs can be hosted on shared, multi-tenant clusters. To secure these shared clusters, robust governance and isolation mechanisms are non-negotiable. To manage this complex fleet of multi-tenant clusters, powerful automation is required to reduce operational complexity. This causal chain illustrates that resolving high-level business problems necessitates a comprehensive platform that addresses operational, security and governance challenges in a unified manner.

 The architectural foundation for AI acceleration

The Rafay Platform is architected around three core pillars; however, this article focuses specifically on the pillar delivering a GPU Platform-as-a-Service (PaaS) for AI/ML and GenAI initiatives. This isn't merely a feature; it's the result of a deliberate, secure architectural design that transforms complex GPU infrastructure into a simple, consumable service.

Rafay's GPU PaaS acts as an orchestration and governance layer—middleware that sits atop heterogeneous infrastructure (cloud, on-prem, bare metal). Its core design philosophy centers on abstracting infrastructure complexity to deliver a true, self-service AI Cloud experience, thereby maximizing developer efficiency and optimizing utilization of scarce, expensive GPU assets.

At its heart, Rafay's architecture is built on two key components: the central Rafay Controller and a lightweight Rafay Agent.

  1. The Rafay Controller is the platform's intelligent core, serving as a centralized management plane for all operations. Think of it as the central governance and orchestration engine for the GPU PaaS environment. It provides a unified control point, simplifying oversight and action across the entire environment. The Controller is available via a fast-to-deploy SaaS model or can be deployed in a Self-hosted, air-gapped configuration for organizations with strict data sovereignty or security compliance needs.
  2. The Rafay Agent: This agent is deployed into the target environment, whether it's a data center, public cloud, or edge location. It establishes a secure, outbound-only, mutually authenticated TLS connection back to the Controller.

 Controller infrastructure and sizing requirements

There are multiple determining factors for Controller sizing. Supported deployment controller sizes include small, medium, and large controllers. What determines whether your deployment requires a small versus a large controller is based on the following criteria:

  1. Number of Managed Clusters and Nodes (Scale)
  • This is the most direct measurement of the required capacity. A larger deployment handles a bigger fleet.
  • Large Controller: Required for managing a vast fleet of Kubernetes clusters (e.g.,100+ clusters), potentially spanning multiple regions, clouds (EKS, AKS), and on-prem data centers. Each cluster runs an Agent that maintains a persistent connection and constantly reports telemetry, which the Controller must process and store.
  • This measures the rate and frequency of changes, which directly impacts the Controller's transactional load.
  • High-Frequency Operations: A large deployment is necessary for environments where operations teams frequently perform fleet-wide upgrades (e.g., upgrading the Kubernetes version or GPU Operator across 50 clusters simultaneously). This generates a huge burst of API activity and state reconciliation processes that the Controller must handle without slowdown.
  • This relates to the complexity of the security model and the number of concurrent user interactions.
  • Large Controller: Required when supporting hundreds of developers and data scientists who are all simultaneously performing self-service provisioning (e.g., launching new Jupyter Notebook environments, starting training jobs or applying blueprints)
  1. Operational Activity and Command Volume (Load)
  2. Number of Users and Multi-Tenancy (Complexity)

SaaS (cloud-hosted) model: 

  • Infrastructure: The Controller is hosted and managed by Rafay (Platform-as-SaaS).
  • Customer Requirement: Minimal—customers only need to ensure their managed GPU clusters have outbound connectivity (usually TCP Port 443) to communicate with the cloud-hosted Controller. No inbound ports need to be opened on the customer's firewall for the control plane traffic.

Self-hosted (air-gapped/on-prem) model

  • Many of our customers opt for the self-hosted deployment. In this model, the Controller is deployed as a containerized, microservices application packaged in a Helm chart, necessitating a dedicated Kubernetes cluster for its operation.

The number of nodes required for the Controller depends entirely on the desired level of availability. 

Availability RequirementNumber of NodesConfiguration
Minimal Installation1 nodeA single node installation for non-production or evaluation environments.
High Availability (HA)4 nodes (Minimum)A multi-node configuration with 3 master/control plane nodes and 1 worker node (minimum). The installation often deploys Kubernetes on these instances as converged master/worker nodes

 

Communication patterns

For the self-hosted High Availability (HA) deployment of the Rafay Controller, the communication between nodes is primarily governed by its foundational Kubernetes (K8s) architecture. The Controller microservices themselves are deployed as standard K8s artifacts on this cluster.

Self-Hosted Communication Flow

The communication flow can be broken down into three main categories: External User Access, Managed Cluster Communication, and Internal Node Communication.

  1. External Access Flow (User to Controller): This is the path for administrators and users accessing the Rafay platform UI, CLI, or API.

 

  1. Managed Infrastructure Flow (Agent to Controller): This is the critical path for managing customer GPU clusters.
  • Step 1 - Connection
    • The Rafay Agent initiates a connection from the managed GPU cluster (on-prem or cloud) to the central platform.
    • Step 2 - Secure Channel
      • This connection uses TCP 443 Outbound and is secured with Mutually Authenticated TLS (mTLS), creating a Zero-Trust communication channel to the Controller's load balancer.
    • Step 3 - Policy/State: 
      • The Rafay Controller Microservice uses this channel to send declarative configuration (policies, commands) to the Agent, and the Agent sends back real-time cluster state, telemetry, and GPU utilization data.

Figure 1: Communication Flow Agent to Controller

 

  1. Internal HA Flow (Node to Node)
  • etcd Communication: This is the most critical communication. The master nodes use the etcd database, which serves as the single source of truth for the entire Controller's state (all configuration, policy, and inventory data).
    • Purpose: Maintain a consistent, replicated state across all master nodes to prevent data loss or drift.
    • Protocol: etcd uses an internal protocol (Raft) and typically communicates over a dedicated port (often TCP 2379/2380) between the control plane nodes.
    • API Server Communication: The master nodes' K8s API Servers communicate internally to manage the cluster itself.
      • Purpose: Internal orchestration, health checks, and lifecycle management of the Rafay microservices (the Controller components).
      • Protocol: K8s components communicate securely via TLS (often TCP 6443) to the API Server endpoint, which is load-balanced across the master nodes.
    • Pod-to-Pod Communication (Microservices): The various Rafay Controller microservices (e.g., policy engine, inventory, authentication) run as pods on the Controller cluster.
      • Purpose: Internal API calls and data exchange between the different functional components of the Rafay platform.
      • Mechanism: Handled by the Cluster Network Interface (CNI) layer deployed within the Controller's K8s cluster, which ensures networking and service discovery for all running microservices.
    • Persistent Storage Communication: If persistent data is managed by a dedicated storage layer, the nodes communicate with that layer to ensure data persistence.

This secure and decoupled model is precisely what enables the Rafay GPU PaaS for AI/ML & GenAI. It allows the Rafay platform to safely connect to and orchestrate disparate and complex GPU resources, abstracting away the underlying hardware. This turns pools of powerful but difficult-to-manage GPUs into a catalog of on-demand, self-service resources for data scientists and developers. Through this architecture, end-users can instantly access AI workbenches, Kubernetes clusters and virtual compute instances without ever needing to become infrastructure experts, allowing them to focus on innovation while the platform handles the complexity.

 

GPU orchestration engine

Rafay's GPU orchestration capabilities are designed to treat GPUs as first-class, schedulable resources within Kubernetes.

  • Fractional GPU Support: The platform provides a flexible framework for GPU sharing. For production workloads demanding guaranteed performance, it automates the configuration of Multi-Instance GPU (MIG), which partitions a physical GPU into up to seven hardware-isolated instances. For development and less-intensive workloads, it supports time-slicing, which allows multiple containers to share a GPU by context-switching.
  • AI-Friendly Scheduler: The platform's scheduling logic can be optimized for the unique patterns of AI/ML workloads. It can support advanced scheduling concepts, such as gang scheduling (ensuring all pods for a distributed training job start simultaneously), and can integrate with specialized AI workload orchestrators like Run:AI to provide a comprehensive solution for managing the entire MLOps pipeline.

Zero-trust security model

Rafay's security model is built on the principle of "never trust, always verify."

  • Private Datapath: The Zero-Trust Kubectl Access (ZTKA) service is a cornerstone of this model. The Rafay agent on a managed cluster initiates a secure, outbound-only mTLS connection to the Rafay ZTKA proxy. All kubectl traffic from users is routed through this proxy. This means the Kubernetes API server endpoint is never exposed to the internet, and no inbound firewall rules are required, dramatically shrinking the attack surface.
  • Just-in-Time (JIT) Access: When a user authenticates via their corporate identity provider (e.g., Okta, Azure AD), Rafay dynamically creates an ephemeral, just-in-time Kubernetes service account for their session, with permissions scoped precisely to what their role allows. When the session ends, the credentials expire. This eliminates the risk associated with long-lived, static credentials.

Observability and FinOps

The platform provides a unified framework for observability and cost management across the entire fleet.

  • Unified Metrics Collection: When a cluster is provisioned or imported, the Rafay blueprint can automatically deploy and configure Prometheus to scrape metrics. These metrics, including detailed GPU telemetry, are then securely streamed to and aggregated within a centralized, multi-tenant Cortex (a CNCF project) time-series database, managed by the Rafay control plane. This provides a single source of truth for monitoring and alerting across all environments.
  • Chargeback Data Collection: The platform meticulously tracks resource requests and usage, associating them with their corresponding project, namespace, or custom labels. This granular data can be easily exported via API to power internal billing systems, enabling accurate chargeback to business units and providing development teams with clear visibility into the cost of their applications.

 Core value propositions: From operational burden to strategic asset

The Rafay platform is designed to deliver tangible business value by addressing the most pressing challenges in Kubernetes operations. Its capabilities transform infrastructure from a reactive cost center into a proactive, strategic enabler of business innovation. This is achieved by providing platform engineering teams with the tools to build and operate their internal platform as a product, offering a curated catalog of services to their internal customers.

 Simplified Kubernetes operations

Rafay radically simplifies the entire Kubernetes lifecycle, from initial deployment to ongoing maintenance, freeing up valuable engineering resources to focus on higher-value tasks.

  • Automated Lifecycle Management: The platform automates Day-0 to Day-2 operations, including one-click provisioning, scaling, and in-place upgrades for any CNCF-conformant Kubernetes distribution, including Amazon EKS, Azure AKS, Google GKE and Red Hat OpenShift, across any cloud or on-premises data center.
  • Day 2 Operations Automation: Through Cluster Blueprints, Rafay provides turnkey lifecycle management for the entire ecosystem of essential add-on services, including Istio for service mesh, Prometheus for monitoring, HashiCorp Vault for secrets management and more. This ensures that the entire software stack on a cluster is consistently managed, versioned, and upgraded.
  • Reduced Operational Overhead: Customers consistently report a significant reduction in the time and personnel required to manage their Kubernetes environments. This enables skilled DevOps and SRE teams to shift their focus from routine maintenance to strategic initiatives that have a direct impact on the business.

 Advanced multi-tenancy

Rafay provides a multi-layered, defense-in-depth approach to multi-tenancy, enabling organizations to share infrastructure securely and efficiently.

  • Secure Isolation: The platform offers multiple, composable layers of isolation to meet varying security requirements. This includes virtual clusters (vClusters) for control plane isolation, runtime isolation using technologies like Kata Containers for kernel-level security, and network policies for fine-grained traffic control between tenants.
  • Governed Self-Service: Rafay empowers platform teams to offer "Namespace-as-a-Service" or "Cluster-as-a-Service" to their developers. Development teams can self-provision the resources they need from a curated catalog of pre-approved templates, which come with baked-in resource quotas and security policies. This provides developers with autonomy within centrally defined guardrails.
  • FinOps Enablement: The platform provides the necessary visibility and data collection to implement robust FinOps practices. It can track resource consumption by tenant, project or application and export this data to enable granular cost allocation, chargeback for business units, and showback for development teams, driving cost accountability across the organization.

 GPU and high-performance computing

Rafay has specialized capabilities designed to maximize the return on investment for expensive and scarce GPU resources, making it an ideal platform for AI/ML workloads.

  • Optimized Scheduling: The platform supports a range of fractional GPU technologies to match the right level of performance and isolation to the specific needs of a workload. This includes hardware-level partitioning with Multi-Instance GPU (MIG) for production inference workloads requiring predictable performance, software-based time-slicing for flexible experimentation in development environments, and custom schedulers for implementing fine-grained quotas and fair-sharing policies.
  • AI/ML Workflow Enablement: Rafay accelerates the entire ML lifecycle by providing self-service "AI Workbenches." These are pre-configured, on-demand environments for data scientists that include Jupyter notebooks, access to MLOps toolchains like Kubeflow and MLflow, and seamless access to underlying GPU resources. This dramatically increases the productivity of data science teams.
  • Unified Monitoring: The platform provides a single dashboard that correlates traditional Kubernetes metrics (CPU, memory) with critical GPU metrics (utilization, memory bandwidth, temperature), offering operators a holistic view necessary for performance tuning, troubleshooting and capacity planning of AI infrastructure.

 Enterprise-grade governance

Rafay embeds governance and compliance into every stage of the infrastructure and application lifecycle, enabling organizations to operate at scale without sacrificing control.

  • Policy as Code: All governance constructs—including cluster configurations, network policies, RBAC permissions, and OPA security policies—are managed as code through version-controlled blueprints. This ensures that governance is repeatable, auditable, and consistently applied across the entire fleet.
  • Continuous Compliance: The platform continuously monitors all managed clusters and applications for drift from their approved blueprint configurations. Any unauthorized, out-of-band changes can be automatically detected, alerted on, and optionally blocked or remediated, ensuring that the environment remains in a known, compliant state.
  • Comprehensive Auditability: Rafay captures an immutable, centralized audit log of every action taken by any user or system across the entire fleet of clusters. This end-to-end audit trail is crucial for meeting regulatory compliance requirements (e.g., SOC2, HIPAA) and for conducting security forensics in the event of an incident.

 Use case & application scenario

A powerful use case for the Rafay Platform is its ability to transform high-performance, yet static, AI infrastructure into a dynamic, self-service GPU cloud. The recent collaboration with Cisco provides a clear example. Organizations are building their "AI Factory" on High-Performance Architecture solutions, such as Cisco AI Pods. These are pre-validated, modular systems that combine high-speed compute, networking, and storage specifically optimized for the demands of AI workloads. This hardware foundation provides immense power, but on its own, it remains a complex asset that IT teams must manually provision and allocate to data science and developer teams. This manual process is often slow, inefficient, and creates a bottleneck to innovation.

This is precisely the challenge the Rafay Platform addresses. By layering its software on top of the Cisco AI Pods, Rafay adds the critical orchestration and consumption layer that makes the infrastructure truly usable at scale. Rafay's platform abstracts away the hardware complexity and enables IT to create a secure, multi-tenant environment. From a single control plane, they can offer various standardized "SKUs" of AI resources—such as virtual clusters with fractional GPUs, dedicated namespaces, or complete AI workbenches—that developers can provision on demand. This transforms the powerful but rigid AI Pod into an agile, cloud-like experience, accelerating AI projects by providing end-users with the governed autonomy they need, while allowing the organization to maximize the return on its significant hardware investment.

 

 For AI/ML platform tTeams

AI/ML platform teams are responsible for providing data scientists and ML engineers with the necessary tools and infrastructure to build, train, and deploy models efficiently. They face the dual challenge of managing complex, expensive GPU infrastructure while providing a simple, productive experience for their users.

  • Scenario: A global pharmaceutical company's AI center of excellence needs to provide hundreds of data scientists with isolated, on-demand environments for experimenting with large language models (LLMs) for drug discovery research.
  • Rafay Solution: Rafay's support for MIG ensures that each scientist gets a hardware-isolated slice of a GPU, guaranteeing predictable performance and preventing resource contention. This accelerates the research cycle while maximizing the utilization of the high-value GPU cluster.

 Implementation, adoption and integration

Rafay is designed for seamless integration into complex enterprise environments, offering flexible deployment models and turnkey connections to the broader ecosystem.

 Deployment models

The platform offers deployment flexibility to meet diverse organizational needs:

  • SaaS: One delivery model is a multi-tenant SaaS platform, which provides the fastest time-to-value and lowest operational overhead. This is the ideal choice for most enterprises looking to accelerate their AI journey.
  • Self-Hosted: For organizations in highly regulated industries or with strict data sovereignty requirements, the Rafay control plane can be deployed as a self-hosted instance within their own private cloud or data center. This provides all the functionality of the SaaS platform with the added control of a single-tenant, customer-managed environment.

 Ecosystem integration

A core design principle of Rafay is its unopinionated, open approach to integration. It is built to enhance, not replace, the tools that enterprises have already invested in.

  • Infrastructure as Code (IaC): Rafay offers a fully validated and supported Terraform Provider, allowing platform teams to manage the entire lifecycle of Rafay resources—including clusters, blueprints, and policies—as code. This enables a fully automated, GitOps-driven approach to platform management.
  • CI/CD Pipelines: The platform offers seamless integrations with popular CI/CD systems, including Jenkins, GitLab CI, GitHub Actions and CircleCI. This enables application deployment pipelines to trigger deployments to Rafay-managed clusters seamlessly.
  • Identity Providers (IdP): Rafay integrates with enterprise identity systems such as Okta, Azure Active Directory and other SAML/OIDC providers for Single Sign-On (SSO) and centralized user management.
  • Monitoring and Observability: While Rafay provides a built-in monitoring solution, it can also integrate with existing enterprise observability platforms like DataDog, Splunk and Grafana, forwarding metrics and audit logs to provide a consolidated view.

 Empowering developer workflows: Provide a true self-service consumption model

Ultimately, the success of a platform is measured by its adoption and the productivity gains it delivers to the organization. Having met with numerous Enterprise customers on their AI workload management strategy, it's clear there isn't a universal one-size-fits-all approach. A recent customer we worked with was most comfortable using the CLI rather than a GUI interaction. However, data scientists and developers can interact with the platform through the interface of their choice—a user-friendly web UI, a powerful command-line interface (CLI), a declarative GitOps workflow, or via API integrations with developer portals and ITSM tools, such as ServiceNow. This flexibility allows them to provision environments, deploy applications, and access telemetry data quickly and independently, all while operating within the secure and compliant guardrails established by the central platform team.

 Summary

The rapid rise of AI and machine learning has created unprecedented demand for GPU-accelerated infrastructure. However, IT and platform engineering teams struggle to efficiently operationalize these complex and costly assets. They face the challenging task of providing self-service access that data scientists and developers demand, while simultaneously enforcing security, maintaining governance and optimizing the utilization of expensive hardware. This operational friction creates a significant bottleneck, slowing innovation.

The Rafay Platform addresses this problem by providing a unified orchestration and governance layer, specifically designed for AI workloads. It functions as a GPU Platform-as-a-Service (PaaS) that abstracts the underlying complexity of hybrid cloud, on-premises, and bare-metal environments. For the IT organization, Rafay transforms infrastructure from a collection of silos into a composable, secure foundation.

This approach delivers tangible value by enabling secure, multi-tenant sharing of GPU resources, which maximizes utilization and enables FinOps chargeback. The platform's ability to manage fractional GPUs ensures that costly hardware is never underutilized. Most importantly, Rafay empowers platform teams to provide "self-service with guardrails." They can offer a curated catalog of "AI Workbenches" and on-demand environments, allowing data scientists to innovate quickly while a zero-trust security model and policy-as-code automation ensure the entire fleet remains secure and compliant.