> ## Documentation Index
> Fetch the complete documentation index at: https://ona.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Architecture Overview

> How the management plane and runners work together to keep your code secure while providing a consistent development experience.

Ona uses a two-plane architecture that separates coordination from execution. This page explains what each plane does, why they're separated, and what data flows between them.

## Two planes

### Management Plane

Hosted by Ona. Handles coordination, identity, and configuration:

* Authentication and identity
* Organization management
* Guardrail enforcement
* Runner coordination
* Dashboard and API

### Runners

Run on [Ona Cloud](/ona/runners/ona-cloud) or in your own infrastructure ([AWS](/ona/runners/aws/overview), [GCP](/ona/runners/gcp/overview)). Handle everything that touches your code:

* Environment provisioning
* Source code access
* Secret injection
* Agent execution
* Build and test execution

## Why the split

The separation exists for three reasons:

**Data sovereignty.** Your source code and SCM credentials are handled by runners, not the management plane. With a runner in your VPC, all sensitive assets stay in your infrastructure. With [Ona Cloud](/ona/runners/ona-cloud), code runs on Ona-managed infrastructure separate from the management plane. You choose the trade-off between convenience and control.

**Compliance.** Audit logs track every action. Guardrails are defined centrally and enforced at the runner level. The management plane sets the rules; runners enforce them during execution.

**Flexibility.** You can deploy runners in different regions and cloud providers. Each runner can have different environment classes with different compute specs. The management plane coordinates across all of them.

## Data flow

The diagram below shows what stays in each plane:

<img src="https://mintcdn.com/gitpod-13c83c2b/qBniPNCSoCrW-zJ5/images/understanding/data-flow.svg?fit=max&auto=format&n=qBniPNCSoCrW-zJ5&q=85&s=81f94ce00b0f6be8b88066e49106f362" alt="Data flow between planes" width="800" height="440" data-path="images/understanding/data-flow.svg" />

## Next steps

* [Core components](/ona/understanding/core-components): what each part of Ona does
* [Runners overview](/ona/runners/overview): where your environments and agents execute
* [Guardrails](/ona/guardrails/overview): configure guardrails and compliance controls