Product Reviews

HomeDock OS Enterprise: On-Premise Cloud for Businesses

On-premise private AI, encrypted tunnels, firewall, compliance logging, audit reports and white-label branding. Enterprise security modules for businesses

13 min read
HomeDock OS Enterprise - Security Modules Overview

HomeDock OS started as a cloud operating system for self-hosters. Now it also serves businesses, governments, and institutions that need on-premise infrastructure with enterprise-grade security. HomeDock OS Enterprise extends the core platform with 7 specialized modules designed for organizations that can’t afford to compromise on data sovereignty, compliance, or operational control.

Why on-premise? Because regulations like GDPR, ISO 27001, and sector-specific compliance frameworks increasingly demand that sensitive data stays within the organization’s physical boundaries. Third-party cloud providers introduce risk, dependencies, and audit complexity that many institutions simply cannot accept. With HomeDock OS Enterprise, everything runs on your hardware, on your network, under your control.

What is HomeDock OS Enterprise?

HomeDock OS Enterprise - Security Modules Overview perfect for Businesses, Institutions and Organizations

HomeDock OS Enterprise is the commercial tier of HomeDock OS, built for businesses, organizations and institutions requiring advanced security, compliance features, and professional branding capabilities. It follows an Open Core model, meaning successful Enterprise features may eventually make their way into the free core product for all users.

The Enterprise suite activates automatically with a valid commercial license and includes 7 integrated modules plus the existing Drop Zone encryption from the core platform:

ModulePurpose
Local GPTPrivate AI language models running entirely on-premise, includes DeepSeek, OpenAI GPT-OSS and more
Data SpaceEuropean Data Space Protocol connector for secure inter-organizational data sharing
FirewallApplication-layer IP blocking with CIDR support and multiple response actions
Secure TunnelEnd-to-end encrypted communication that survives proxy and CDN termination
Audit TrailComplete HTTP and HTTPS request logging with real-time monitoring
System ReportProfessional PDF reports with metrics, logins, and audit data
White LabelCustom branding with business / organizational logos and names

Each module addresses a specific enterprise need. They work independently but integrate with each other, for example Audit Trail feeds into System Report, and Firewall rules can be informed by Audit Trail patterns.

Private AI Without External Dependencies: Local GPT

HomeDock OS Enterprise - Local GPT Private AI Inference

Organizations dealing with sensitive data, legal documents, financial records, internal communications, can’t feed that information into external AI services. Local GPT solves this by running AI language models directly on your infrastructure, let’s say… ANY employee laptop using Windows or macOS. Every conversation, every query, every response stays within your network and never leaves your infrastructure.

What models can I run on-premise?

The module offers models across four tiers depending on hardware capacity:

  • Basic (2-4GB RAM): Qwen, Llama, Gemma variants for simple tasks
  • Standard (6-8GB RAM): Phi, Qwen Thinking, and Qwen Coder for coding and reasoning
  • High (8-10GB RAM): DeepSeek R1 and Llama 3.1 for complex analysis
  • Super-High (20GB RAM): GPT-OSS 20B for advanced reasoning

Are conversations stored or logged?

Conversations are stored locally within the computer where HomeDock OS Enterprise is running never leaving your business infrastructure, but Privacy Mode disables conversation storage entirely. When Privacy Mode is enabled, conversations exist only in memory during your session and disappear when it ends. No logs, no history, no traces on disk. For standard use, the system auto-saves conversations locally and supports export in Markdown format.

GDPR-Compliant Data Sharing Between Organizations: Data Space

Data Space for European Businesses under Data Act

For European businesses operating under GDPR and the EU Data Act, sharing data between organizations is a compliance nightmare, we’re pretty aware about that. Our Data Space module implements the European Data Space Protocol, enabling secure and policy-controlled data sharing between trusted partners across the EU.

The workflow is straightforward: publish datasets, discover partners, negotiate transfers, and execute them with complete audit trails. Organizations maintain full sovereignty, data never leaves your premises unless you explicitly authorize a transfer. Data Space handles encryption, access control, and compliance logging automatically.

How do organizations identify and trust each other?

Partner identity is handled through .eucard files, a portable format containing the connector ID, public key, endpoint URL, and organization name. Think of it as a machine-to-machine digital business card with cryptographic signatures that prevent tampering, ensuring authenticity and integrity across exchanges.

Who needs a Data Space connector?

Supply chain coordination, healthcare provider collaboration, regulated financial data exchange, research institution partnerships, and government inter-agency data sharing. Any scenario where two organizations need to exchange sensitive data under regulatory oversight. Every transfer is encrypted, logged, and policy-enforced under GDPR principles and contract based data governance.

Application-Layer IP Blocking and Threat Response: Firewall

HomeDock OS Enterprise - Application Layer Firewall

The Enterprise Firewall module operates at the application layer, complementing your existing network-level firewalls following defense-in-depth principles. It provides IP blocking with flexible response actions that go beyond simple block/allow, enabling tailored responses to different threat scenarios based on your organization’s security policies.

Rules support both individual IP addresses and CIDR ranges for subnet-level blocking. The dashboard tracks total blocked IPs, CIDR ranges, and cumulative block events, providing visibility into threat patterns. Management is straightforward through an intuitive interface for adding, editing, and removing rules.

Four response actions are available:

ActionBehavior
BlockReturns 403 Forbidden
RedirectRedirects ALL traffic to a custom URL (eg: disneyland.com)
TarpitDeliberately slows responses (~30 seconds)
DropNo response at all, appears offline

What is a Tarpit and why use it instead of blocking?

The Tarpit action is particularly useful against attackers. Instead of immediately revealing that they’ve been detected (which a 403 would do), it wastes their time and resources with deliberately slow responses. Combined with Audit Trail data, you can identify suspicious patterns and respond with the appropriate action, whether that’s blocking, redirecting, or dropping traffic entirely.

End-to-End Encryption Beyond HTTPS: Secure Tunnel

HomeDock OS Enterprise - Secure Tunnel Encryption, with military-grade encryption

Standard HTTPS encrypts data in transit, but that encryption terminates at every intermediary: load balancers, reverse proxies, CDNs. After TLS termination, your data travels in plaintext through internal infrastructure. Secure Tunnel adds a second encryption layer at the application level, encrypting data within the HTTP payload itself.

How does the encryption handshake work?

The handshake process works as follows:

  1. 1.- The client generates a random 256-bit AES key
  2. 2.- The server provides its RSA public key
  3. 3.- The client encrypts the AES key using RSA-OAEP with SHA-256
  4. 4.- The encrypted key is sent to the server
  5. 5.- Both parties establish a shared symmetric key for the session

From that point on, all communication uses AES-256-GCM encryption with 12-byte random IVs per request and 128-bit authentication tags. Even if someone intercepts traffic after TLS termination, the data remains encrypted and authenticated, protecting confidentiality and integrity.

Are encryption keys stored anywhere?

No. Sessions are browser-scoped and keys exist only in memory. Nothing is written to disk. Users can manually terminate sessions at any time. This module is essential for financial institutions, government agencies, healthcare providers, and legal firms handling sensitive data that must remain confidential even within internal networks.

Real-Time Compliance Logging and Access Monitoring: Audit Trail

HomeDock OS Enterprise - Audit Trail Logging Icon on Blue Abstract Background

Compliance frameworks like GDPR, ISO 27001, and SOC 2 require organizations to demonstrate who accessed what, when, and from where. Audit Trail provides complete HTTP request logging with real-time monitoring, enabling organizations to track access patterns, investigate incidents, and generate compliance reports.

Every entry captures the timestamp, HTTP method, endpoint accessed, response status code, client IP address, and authenticated user details (if any). Logs appear in real-time as requests happen, displayed in a virtualized table that handles large datasets efficiently. Entries are stored securely on disk with rotation policies to manage retention.

The interface uses color coding for quick visual scanning: green for 2xx success, blue for 3xx redirects, yellow for 4xx client errors, and red for 5xx server errors. HTTP methods also get distinct colors, making it easy to identify patterns at a glance.

How do I filter out noise from system requests?

Pattern exclusion lets administrators filter out routine events like system metrics polling, container status checks, and log fetching endpoints. This keeps the audit log focused on meaningful actions rather than background chatter, simplifying analysis and investigation.

Can I search for specific events or users?

Search and filtering support endpoint paths, HTTP methods, IP addresses, usernames, and status codes, everything you need for security incident investigation or compliance audits, all in real-time. Combined with Firewall, suspicious IPs can be blocked immediately based on Audit Trail patterns.

Professional PDF Reports for Auditors and Management: System Report

HomeDock OS Enterprise - PDF System Report for Compliance and Auditing

When management, auditors, or regulatory bodies need documentation, they want a PDF, not a dashboard login. System Report generates professional PDF documents containing system metrics, authentication records, and audit data, providing a comprehensive overview of your HomeDock OS Enterprise deployment’s security posture and access history across a specified time range.

What data is included in each report?

Each report includes three sections:

  • System Metrics: CPU temperature and usage statistics, RAM consumption, network traffic data, and disk utilization across all drives.
  • Login Attempts: Authentication event records with timestamps, success/failure status, source IP addresses, and usernames.
  • Audit Trail Statistics: When Audit Trail is enabled, the report adds request counts by HTTP method, status code breakdowns, endpoint access rankings, and top IP addresses.

Is the format suitable for compliance audits?

Reports follow the naming convention HomeDock_System_Report_YYYY-MM-DD_HH-MM-SS.pdf and are formatted with headers, sections, tables, charts, and footers. One click, one PDF, ready for compliance meetings or incident documentation across all on-premise deployments within your organization or business.

Custom Branding for Your Organization: White Label

For organizations deploying HomeDock OS as part of their internal infrastructure, branding matters. White Label allows customization with your company name, logo, and attribution text throughout the interface, creating a cohesive experience that aligns with your organizational identity and professionalism.

What can I customize?

Company name and Logo throughout the interface. Logos should be PNG with transparency, square aspect ratio, minimum 192x192 pixels, and under 100KB, optimized for web use. Attribution text appears in the footer of our Prism Window Manager interface, customizable to reflect your organization’s messaging.

Why does white-labeling matter for internal deployments?

For IT departments deploying HomeDock OS across teams, it looks and feels like an internal tool rather than third-party software. A professional, branded appearance reinforces organizational identity and builds trust with end users, especially in regulated environments where perception of security and professionalism is crucial.

The Full Picture: Defense in Depth

These 7 modules aren’t isolated features. They form an integrated security and compliance stack:

  • Secure Tunnel encrypts all communication at the application layer
  • Firewall blocks malicious actors before they reach your services
  • Audit Trail logs every request for accountability and investigation
  • System Report packages everything into professional compliance documents
  • Local GPT keeps AI conversations private and on-premise
  • Data Space enables secure inter-organizational data exchange under European regulations
  • White Label ensures the platform integrates visually with your organization
  • Drop Zone (core feature) provides file encryption with over 1.2 million iterations of PBKDF2 hashing for data at rest

Combined with HomeDock OS’s existing Shield Mode rate limiting and the Drop Zone encryption already included in the core platform, Enterprise deployments get a comprehensive security posture that covers encryption in transit, encryption at rest, access control, monitoring, and compliance documentation.

Need Something Specific? We Build Custom Modules

HomeDock OS Enterprise - Bespoke Software Development as Custom Modules

The 7 modules above cover the most common enterprise needs, but every organization is different. If your business requires a feature that doesn’t exist yet, we can build it. Our team develops custom Enterprise modules tailored to your specific infrastructure, workflows, or compliance requirements.

Internal communication tools, custom dashboards, industry-specific integrations, proprietary data pipelines, specialized monitoring, practically anything that can run on your on-premise deployment. Each custom module integrates natively with the existing Enterprise stack: it connects to Audit Trail, appears in System Reports, respects Firewall rules, and works behind Secure Tunnel encryption, just like the built-in modules.

This isn’t a feature request queue. It’s direct development engagement with our engineering team, scoped to your organization’s needs and delivered as a first-class module within HomeDock OS Enterprise.

Getting Started with HomeDock OS Enterprise

HomeDock OS Enterprise is available for on-premise deployment only on businesses, institutions and organizations. Modules activate automatically with a valid commercial license. For licensing details and deployment support, contact our team at sales@homedock.cloud or visit the Enterprise documentation.

The core of HomeDock OS remains free for personal use. Enterprise extends it for organizations that need more. Enterprises needed a secure, compliant, and private on-premise cloud solution. HomeDock OS Enterprise delivers exactly that, we closed another gap.

At a Glance: What You Get

WhatHow
Private AILocal GPT runs language models on-premise, no external API calls
Data SovereigntyData Space shares datasets between organizations under GDPR and EU Data Act
Threat ResponseFirewall blocks, redirects, tarpits, or drops traffic at the application layer
Double EncryptionSecure Tunnel adds AES-256-GCM encryption inside HTTP payloads, beyond HTTPS
Full AccountabilityAudit Trail logs every request with IP, user, method, and status in real-time
Compliance ReportsSystem Report generates PDF documents ready for auditors and management
Your BrandWhite Label replaces our branding with your organization’s identity
Custom DevelopmentNeed something else? We build bespoke modules for your infrastructure

Your data, your infrastructure, your rules. That’s what Enterprise means to us.

HomeDock OS

Enterprise
Advanced security, compliance, and audit capabilities for businesses, governments, and institutions. On-premise deployment with dedicated support.
Local GPTOn-Premise AI Engine
Data SpaceEU Data Space Protocol
FirewallApplication-level IP blocking
Secure TunnelEnd-to-end encryption
Audit TrailFull request logging
System ReportPDF compliance reports
White LabelCustom branding
Get Enterprise PricingLearn more about HomeDock OS EnterpriseCustom quotes tailored to your organization's needsDedicated support • SLA guarantees • Bulk deployment
Back/blog/reviews/

Image Gallery

HomeDock OS Enterprise - Security Modules Overview
Local GPT, Private AI Inference on-premise for Businesses and Organizations
Data Space Connector for European Businesses under the Data Act
Application Layer Firewall with CIDR Support for Businesses and Institutions
Secure Tunnel End-to-End Encryption for Banks and Governments
Audit Trail for Granular System and Endpoint Access Logging
System Reports Exported via PDF for Compliance and Auditing
White Label for Customization Across Your Business and Organization

Related Links

Contact Sales HomeDock OS Enterprise Documentation

Tags

#enterprise#on-premise#cloud#compliance