Deployed inside your infrastructure, governed by your controls
The full Primo stack runs inside your environment. On-premise or hybrid, Linux or Windows, single orchestrator or multi-tenant — documented because architects ask, not to look sophisticated.
Two deployment models, one architecture
Default posture
On-premise (default)
The full stack runs inside customer infrastructure. The default posture for regulated industries, financial services, public sector, and refineries. Documents and data stay inside the customer environment. Supports closed and air-gapped contours, with offline updates and offline licensing.
Distributed operations
Hybrid
Orchestrator and AI Server on customer infrastructure, with robots distributed across customer environments and branch and edge locations under central governance. For distributed operations that need one control point.
Security that stays inside your perimeter
In the on-premise model, documents and data never leave the customer environment. In hybrid, the data-flow boundary is configurable and documented per deployment. The platform runs under the controls you already enforce — no separate security posture required.
Residency governs where the platform lives; your processes still reach out when the work requires it. When a process needs an external service — a government or regulatory portal, a partner system — the robot makes that call outbound through the network controls you already enforce: proxy, firewall allow-lists, your existing egress path. External reach is deliberate, scoped per process, and runs under the same controls as the rest of your estate.
Your security bar is the platform's security bar.
RBAC integrates natively with enterprise identity providers — Active Directory, LDAP, SAML, OIDC. Credentials are stored in an encrypted vault, never in workflow definitions or plain text, with support for enterprise secrets management: CyberArk, HashiCorp Vault, Azure Key Vault.
Every robot action is logged with timestamp, process attribution, and target-system reference. Logs are centrally recorded and exportable to external SIEM and observability platforms — Splunk, Datadog, Grafana, Elastic — through standard interfaces. Tamper-evident retention is achievable by routing log streams to your organisation's immutable storage or SIEM of choice. Sensitive data in the database is AES-encrypted at the application layer. Environment isolation and native multi-tenancy are built in.
Technology foundation
Stack
C# / .NET Core backend · React frontend
Data
PostgreSQL · MS SQL · AES-encrypted sensitive data
Packaging
Docker images for Orchestrator and AI Server
APIs & messaging
REST / OpenAPI (Swagger) · RabbitMQ (AMQP) · webhooks via REST
Runtime environments
VMware · Hyper-V · VDI · Citrix / RDP sessions
Lifecycle
Git-based dev → test → prod, with project versioning and rollback
What Primo connects to
Packaged connectors
SAP (ERP, S/4HANA), Oracle E-Business Suite, Microsoft Office, SharePoint, Exchange, and standard databases (PostgreSQL, MS SQL, Oracle, MySQL), among others.
Connector SDK
Build connectors to other enterprise systems and package them as reusable logic packages. A one-off integration becomes a reusable asset across automations.
Identity & security
Active Directory, LDAP, SAML 2.0, OIDC, SCIM. Encrypted credential vault with enterprise secrets management: CyberArk, HashiCorp Vault, Azure Key Vault.
Observability
Grafana, Prometheus, Datadog, Splunk, Elastic, OpenTelemetry — via standard interfaces.
External & public portals
Government and regulatory portals, partner and counterparty systems, and public web services. Through web and UI-level automation where there is no API, or via REST where one exists.
Custom & legacy
UI-level automation for systems without APIs. Citrix, RDP, VMware Horizon. Mainframe via terminal emulation.
Scale and resilience
Horizontal scaling
Designed to scale horizontally across nodes. New nodes and robots are added without changing automation logic.
High availability
Built on node redundancy and failover. Active-passive configuration supported for regulated environments.
Resilience & backup
Works with your infrastructure's backup and recovery tools — compatible with online database backup and VM snapshots.
Multi-tenancy
Native multi-tenant configuration for managed service providers and large enterprises with separated business units.
Geographic distribution
Robot fleets distributed across regions with central governance from a single Orchestrator.
Banking · Linux migration
How a major bank moved its robot fleet to Linux without rewriting a single workflow
Read the case study →Architectural decisions worth knowing
RPA core, AI on top. The deterministic execution layer sits underneath the AI layer. Failure modes in agentic workflows fall back to deterministic RPA, not to undefined behavior. Pure AI-agent approaches are harder to govern in production environments where auditability and predictability are required.
Modules are independent. Each module — Orchestrator, Studio, Robot, AI Server, Idea Hub, ART — installs and scales independently and has a documented interface to the others. Adopt one module or all six.
Linux is native. Primo RPA Robot runs natively on Linux. For supported activities and connectors, the same workflow definitions can target Windows or Linux runtimes. Workflows that depend on Windows-only desktop or screen interactions may use a hybrid runtime pattern. See the banking migration.