Production-Grade Lab Infrastructure, Delivered as Code
BraveOn vLabs provisions full-stack lab environments — VDI desktops, GPU compute, container orchestration, secrets management, and monitoring — as versioned IaC templates. Your cohort gets a consistent, enterprise-grade stack on demand. We operate it. You deliver.
- Cost model line items
- 20+
- Cloud platforms supported
- 4
- Provisioning time
- <2 hrs
- From inference to H100-class
- 5 GPU tiers
- Starting VDI seat cost per hour
- $0.25
- Learner program capacity
- 800+
Why Infrastructure-as-Code Lab Delivery
Training partners choose BraveOn vLabs when they need production-grade compute without the cloud engineering overhead. Every lab stack is defined, versioned, and deployed as code — reproducible across every cohort run.
IaC at the Point of Need
Every cohort environment is defined as code: VDI seats, GPU inference and training nodes, container registries, CI/CD runners, Key Vault, and monitoring — all parameterized and version-controlled. Provision in minutes. Tear down cleanly after each session. No environment drift, no manual assembly.
Your Brand, Your Systems
BraveOn operates behind the scenes. Partners deliver under their own brand with customer-controlled identity via Azure Entra ID federation, Key Vault-managed secrets per deployment, and partner-configurable monitoring dashboards. No BraveOn branding surfaces in the learner-facing environment.
Multi-Cloud Flexibility
Lab stacks deploy to Azure, AWS, GCP, or OpenStack — and hybrid combinations. Validated configurations span Azure AVD + ACA + Azure ML, AWS WorkSpaces + EC2 GPU, GCP Cloud Workstations + GCE GPU, and OpenStack VDI with cloud-hosted GPU inference. Switching providers does not require re-engineering the lab.
Enterprise-Grade Security by Default
Every deployment enforces production-level controls: isolated Key Vault secrets management, Entra ID identity federation, network segmentation, container image signing, FSLogix profile isolation for pooled VDI, and compliance-ready audit trails. WAF and Defender tooling are line-itemed in every cost model.
Scales by Parameter, Not Effort
From 8-seat cohorts to 800-student programs, infrastructure scales by changing parameters — not by manual re-provisioning. GPU tiers scale from Tier-1 inference (L4/A10, 24 GB VRAM) through Tier-3 capstone workloads (H100-class, 80 GB VRAM). Per-cohort cost is decomposed across 20+ line items: inference, VDI seats, backend, egress, licensing, monitoring, and security.
What vLabs Delivers
A complete IaC-provisioned lab stack — from VDI desktops to GPU inference nodes — deployed to the cloud or hybrid environment of your choice. Every component is parameterized per cohort and torn down cleanly after the session.
Virtual Desktop Infrastructure
Pooled and personal VDI seats provisioned per cohort, with FSLogix profile isolation and partner-controlled identity.
Azure Virtual Desktop (AVD)
Pooled or personal session hosts on Azure, with FSLogix profile containers isolating user state without persistent VM allocation. Supports M365/E3/E5/BYOL licensing for internal users and external learner access modes.
AWS WorkSpaces
Managed desktop streaming on AWS with per-cohort provisioning and tear-down. Seat economics from ~$0.40/seat-hour inclusive of Windows licensing and session management.
GCP Cloud Workstations
Containerized development environments on GCP, suitable for GPU-adjacent workloads requiring custom toolchains. Integrated with GCE GPU instance scheduling.
OpenStack VDI
Provider-managed VDI on OpenStack infrastructure at the lowest seat cost tier (~$0.25/seat-hour). Supports hybrid configurations pairing OpenStack VDI with cloud-hosted GPU inference nodes on Azure, AWS, or GCP.
GPU Compute
Right-sized GPU nodes provisioned per session and torn down after — no idle cost leakage between cohort runs.
Inference Nodes (Tier-1)
NVIDIA L4 (AWS g6.xlarge) or Azure NV6ads A10 v5 GPU instances, 24 GB VRAM. Provisioned for model inference workloads and container-hosted AI service endpoints.
Training Nodes (Tier-2)
NVIDIA L40S (~48 GB VRAM, AWS g6e.xlarge) for LoRA and QLoRA fine-tuning workloads. Scaled per cohort size with parameterized instance counts.
Full-GPU Inference (Tier-2+)
Azure NV36ads A10 v5 full-GPU instances for sustained inference loads requiring the full A10 VRAM budget without the cost of Tier-3 hardware.
Capstone / Scale Demonstration (Tier-3)
H100-class GPU nodes (80 GB VRAM) for high-throughput inference or large-model demonstrations at program capstone milestones.
Container Orchestration & Registry
Build, sign, store, and deploy container images within the IaC boundary — no manual registry management.
Azure Container Registry (ACR)
Versioned container image storage with automated build-tag-sign-push lifecycle. Private registry scoped per deployment; images are signed before deployment to managed container services.
Azure Container Apps (ACA)
Serverless container hosting for Dockerized AI services and lab backends. Scales to zero between sessions; provisioned as part of the IaC stack, not manually configured.
CI/CD Pipelines
GitHub Actions workflows with stages for test, build, publish, and deploy. Pipeline definitions are version-controlled alongside lab IaC templates.
Managed Endpoints & AI Compute
Azure ML and Azure Foundry integrations for notebook compute and managed inference endpoints.
Azure ML Online Endpoints
Managed HTTPS inference endpoints for the notebook-to-production path. Provisioned per cohort with configurable instance types and scaling rules inside the IaC boundary.
Azure ML Notebook Compute
Shared CPU and dev compute for notebook-based lab sessions. Provisioned on demand and released after the session window to eliminate idle compute spend.
Azure AI Foundry
Unified platform integration for model access, evaluation workflows, and orchestration. Deployed as a managed resource within the cohort stack.
Azure AI Search / Vector Index
Retrieval-augmented generation (RAG) infrastructure for labs requiring grounded model responses. Provisioned per cohort with configurable index capacity.
Secrets, Identity & Security
Production-level security controls in every deployment — not optional add-ons.
Azure Key Vault
Secrets, keys, and certificates management scoped per deployment. No environment shares credentials; Key Vault is a required component of every vLabs IaC stack.
Azure Entra ID Federation
Customer-controlled identity and access management with federation support for existing IdP configurations. Partners maintain ownership of user identities and tenant configuration.
WAF & Defender
Web Application Firewall and Microsoft Defender for Cloud (or provider equivalents) are line-itemed security components in every cost model. Not billed as surprise add-ons.
Monitoring & Observability
Partner-configurable dashboards and alerting that feed into the partner's operational workflow.
Azure Monitor / Application Insights
Runtime monitoring, alert rules, and log ingestion per cohort stack. Dashboards are partner-configurable; telemetry flows to the partner's operational tooling, not to BraveOn.
Data Egress Modeling
Per-cohort egress budgets with per-GB rate tracking across all provider billing zones. Egress costs are decomposed as a named line item in the cost model.
GPU Compute Tiers
Right-sized GPU nodes provisioned per session and torn down after — no idle cost leakage between cohort runs.
| Tier | Purpose | Example SKUs | VRAM |
|---|---|---|---|
| Tier-1 — Inference | Model inference, container-hosted AI endpoints | NVIDIA L4 (AWS g6.xlarge)/Azure NV6ads A10 v5 | 24 GB |
| Tier-2 — Training | LoRA / QLoRA fine-tuning workloads | NVIDIA L40S (AWS g6e.xlarge) | ~48 GB |
| Tier-2+ — Full-GPU Inference | Sustained inference requiring full GPU allocation | Azure NV36ads A10 v5 (full A10) | Full A10 |
| Tier-3 — Capstone | Large-model demonstrations and high-throughput inference | H100-class | 80 GB |
| Reference — High-Memory | High-memory training and inference | A100 | 40 / 80 GB |
Multi-Cloud Deployment
Lab stacks deploy to Azure, AWS, GCP, or OpenStack — and hybrid combinations. Switching providers does not require re-engineering the lab.
Azure
- Azure Virtual Desktop (AVD)
- Azure Container Apps (ACA)
- Azure ML (online endpoints + notebook compute)
- Azure AI Foundry
- Azure Container Registry (ACR)
- Key Vault, Entra ID, Application Insights
Full-stack Azure deployment is the primary reference architecture. Supports M365/E3/E5/BYOL VDI licensing and customer-owned Entra tenant federation.
AWS
- Amazon WorkSpaces (VDI)
- EC2 GPU instances (g6.xlarge, g6e.xlarge)
- Elastic Container Registry (ECR)
AWS GPU instances are the primary alternative for Tier-1 and Tier-2 compute. Hybrid configurations pair AWS GPU nodes with OpenStack VDI for cost optimization.
GCP
- GCP Cloud Workstations
- GCE GPU instances
- Artifact Registry
GCP option for partners with existing GCP agreements or compliance requirements. Cloud Workstations support custom container toolchains.
OpenStack
- Provider-managed VDI
- GPU compute (provider-dependent)
Lowest VDI seat cost (~$0.25/seat-hour). Hybrid configurations supported: OpenStack VDI with cloud-hosted GPU inference (Azure, AWS, or GCP).
vLabs IaC Delivery vs. Manual Lab Setup
| Dimension | Manual Setup | vLabs IaC Delivery |
|---|---|---|
| Provisioning speed | Days to weeks of cloud engineering per cohort | Minutes to hours — IaC templates deploy full stacks on demand |
| Environment consistency | Drift across cohorts; 'works on my machine' failures | Identical, versioned environments every run |
| GPU access | Ad-hoc quota requests, manual provisioning, idle cost leakage | Right-sized GPU tiers (L4/A10 through H100) provisioned per session, torn down after |
| Multi-cloud | Locked to one provider; re-engineering required to move | Deploy to Azure, AWS, GCP, or OpenStack from the same IaC definitions |
| Cost transparency | Surprise bills; no per-cohort cost attribution | Per-cohort cost model with 20+ line items decomposed: inference, VDI, backend, egress, licensing, monitoring, and security |
AI Governance & Ops for the Modern Enterprise
Download the BraveOn AI Governance whitepaper: a practical framework for treating humans as governance workers in production AI systems. Covers risk-management patterns for regulated industries, observability and audit trails for AI pipelines, and a roadmap for building internal governance capabilities that deliver measurable business value.
No account required. PDF, immediate download.
// vLabs IaC Stack Definition
module "cohort_lab" {
vdi_seats = var.cohort_size
gpu_tier = "tier-1-inference"
gpu_sku = "NVIDIA-L4"
container_registry = true
key_vault = true
identity = "entra-id-federation"
monitoring = "app-insights"
}
Infrastructure Built for Production. Delivered for Training.
Production security controls in every deployment
Key Vault, Entra ID federation, container image signing, network segmentation, and WAF/Defender tooling are standard — not optional add-ons.
Zero BraveOn branding in the learner environment
Whitelabel delivery model. Partners present under their own brand; BraveOn operates the infrastructure layer only.
Customer-owned identity and secrets
Azure Entra ID federation uses customer-owned tenants. Key Vault secrets are scoped per deployment; BraveOn has no standing access to partner credentials.
Fully versioned, reproducible environments
IaC templates are version-controlled. Every cohort run deploys the same stack definition — eliminating environment drift and 'works on my machine' failures.
Per-cohort cost model before any commitment
Cost scoping includes 20+ line items decomposed by provider, seat count, GPU tier, and session hours. No surprise bills.
Ready to Stop Building Lab Infrastructure from Scratch?
BraveOn vLabs provisions, operates, and tears down full-stack lab environments so your team focuses on content and learners — not cloud engineering. Reach out to request specs, pricing, or a deployment scope.