> ## Documentation Index
> Fetch the complete documentation index at: https://ona.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Runner infrastructure
> Runners provision and manage your environments and agents. Deploy on Ona Cloud or in your own AWS or GCP account.
Runners are the infrastructure layer that provisions and manages your [environments](/ona/environments/overview) and [agents](/ona/agents/overview). Every environment you launch and every agent task you run executes on a runner.
## What a runner handles
A runner handles everything that touches your code:
* **Environment provisioning:** creates isolated VMs from your [Dev Container](/ona/configuration/devcontainer/overview) configuration
* **Source code access:** clones repositories using credentials stored on the runner, not the management plane
* **Secret injection:** delivers [secrets](/ona/configuration/secrets/overview) into environments at startup
* **Agent execution:** runs [Ona Agent](/ona/agents/overview) tasks inside the same isolated environments developers use
* **Build and test execution:** runs [prebuilds](/ona/projects/prebuilds), [tasks, and services](/ona/configuration/tasks-and-services/overview) defined in your project
## How runners fit into the architecture
Ona uses a two-plane architecture:
| | Management Plane | Runners |
| --------------------- | ------------------------------------------------------ | ------------------------------------------------------------------------ |
| **Hosted by** | Ona | Ona Cloud or your VPC |
| **Handles** | Authentication, org settings, guardrails, coordination | Environment provisioning, code access, secret injection, agent execution |
| **Touches your code** | No | Yes |
The management plane coordinates. Runners execute. This separation exists for three reasons:
1. **Data sovereignty.** Source code and SCM credentials stay on runners, not the management plane. With a runner in your VPC, sensitive assets never leave your infrastructure.
2. **Compliance.** [Guardrails](/ona/guardrails/overview) are defined on the management plane and enforced at the runner level. [Audit logs](/ona/audit-logs/overview) track every action.
3. **Multi-region, multi-cloud.** Deploy runners in different regions and cloud providers. Each runner supports multiple environment classes with different compute specs.
For a deeper look at data flow between planes, see the [Architecture overview](/ona/understanding/architecture).
## Deployment options
### Ona Cloud
Zero-setup managed infrastructure. A runner in your nearest region is automatically provisioned when you create your account.
* No infrastructure to manage
* Available in **EU (Frankfurt)** and **US (N. Virginia)**
* Included with Core plans
Best for individuals, small teams, and organizations that want to start immediately.
[Get started with Ona Cloud →](/ona/runners/ona-cloud)
### AWS
Available on the Enterprise plan. [Contact sales](https://ona.com/contact/sales) to learn more.
Deploy runners as ECS services in your own AWS VPC. Environments run as EC2 instances. Deployment is automated via CloudFormation templates.
* Private networking with AWS PrivateLink
* Custom domains with your own SSL/TLS certificates
* Fine-grained IAM permission boundaries
* HTTP proxy and custom CA support
Setup takes 30-60 minutes. See [AWS Runner overview](/ona/runners/aws/overview) and [Setup guide](/ona/runners/aws/setup).
### GCP
Available on the Enterprise plan. [Contact sales](https://ona.com/contact/sales) to learn more.
Deploy runners in your Google Cloud VPC. Environments run as Compute Engine instances. Deployment is automated via Terraform modules.
* External or internal load balancer configurations
* Private Google Artifact Registry access
* Vertex AI private connectivity
* Full control over networking and security
Setup takes 30-60 minutes. See [GCP Runner overview](/ona/runners/gcp/overview) and [Setup guide](/ona/runners/gcp/setup).
## Choosing a deployment option
| | Ona Cloud | AWS / GCP (your VPC) |
| ------------------- | ---------------------------- | ------------------------------------ |
| **Setup time** | Instant | 30-60 minutes |
| **Infrastructure** | Managed by Ona | Managed by you |
| **Data residency** | Ona's infrastructure | Your VPC |
| **Network control** | Standard | Full (PrivateLink, internal LB, VPN) |
| **Compliance** | SOC 2 | Your controls + Ona guardrails |
| **Best for** | Getting started, small teams | Enterprise, regulated industries |
Organizations can run multiple runners across regions and cloud providers to support distributed teams and compliance requirements.
## Capabilities across all deployment options
All runners support these features regardless of where they run:
* [Prebuilds](/ona/projects/prebuilds) for fast environment startup
* [Ona Agent](/ona/agents/overview) for AI-powered development
* Environment classes with configurable compute (CPU, memory, storage)
* [Dual disk environments](/ona/runners/dual-disk) for resilient Enterprise environment storage
* Dev Container caching for faster rebuilds
* [Custom metrics pipeline](/ona/runners/monitoring-and-metrics) for operational visibility
* Runner sharing across organizations
## Next steps
* [Ona Cloud](/ona/runners/ona-cloud): get started with zero setup
* [AWS Setup](/ona/runners/aws/setup): deploy a runner in your AWS account
* [GCP Setup](/ona/runners/gcp/setup): deploy a runner in your GCP project
* [Architecture overview](/ona/understanding/architecture): how the management plane and runners interact
* [Capacity planning](/ona/runners/aws/capacity-planning): plan infrastructure requirements for runners in your VPC