Catalyst The data mesh for contested environments. Post-quantum, zero-trust.
Catalyst is the secure data layer beneath CODA™ — a decentralized mesh that connects organizations without a central server, VPN, or shared certificate authority. When the network is hostile, Catalyst routes your data anyway.
The network is hostile. Assume it's already compromised.
Russia-Ukraine proved the internet survives sustained operations — but adversaries reroute traffic, hijack BGP, forge TLS certificates, and record encrypted data today for quantum decryption later. Standard zero-trust breaks in DDIL environments where there's no center to trust.
Post-quantum. Decentralized. No center required.
Catalyst encrypts every link with X25519MLKEM768 — a hybrid post-quantum cipher combining X25519 (ECDHE) with ML-KEM-768 (formerly Kyber768) — with no central CA or VPN tunnel required. Nodes peer directly, establish trust out-of-band, and operate autonomously when connectivity is lost.
How Catalyst Works
Each workspace manages its own data. Catalyst routes data through the Common Operational Data Layer — protected in transit — and delivers it to the operators who need it. Users click any workspace to connect or disconnect data sharing.
Workspace Alpha Workspace Bravo Workspace Charlie Core Capabilities
The Common Operational Data Layer — a decentralized service mesh that connects organizations into a unified data-sharing fabric without centralized infrastructure, without trusting the network, and with protection against both current and quantum-era threats.
Post-Quantum Encryption on Every Link
Every byte travels inside a QUIC tunnel encrypted with X25519MLKEM768 — a hybrid cipher combining classical X25519 with post-quantum ML-KEM-768. Always present, not optional. Applications that add mTLS get a second, independent encryption layer with different CAs and key material.
Zero Trust Without a Center
Each node generates its own Root CA on first boot. Trust is established through out-of-band certificate exchange — no central CA server needed. Certificate-bound tokens (RFC 8705), SPIFFE identity on every service, and 1-hour certificate lifetimes eliminate the need for revocation infrastructure.
BGP-Style Routing
Modeled after the protocol that routes the internet, Catalyst nodes discover each other through direct peering. Routes propagate organically. When connectivity is lost, each node continues operating with its last-known state.
Multi-Party Coordination by Design
When two organizations decide to share data, they exchange Root CA certificates out of band and mint tokens defining access. No shared infrastructure, no common identity provider, no VPN tunnel to a joint operations center. Each organization maintains full sovereignty.
Deployment Model
Catalyst's default deployment runs on Orbis-managed commercial cloud infrastructure - but its decentralized architecture means it can run on any infrastructure your mission requires.
Default: Managed Commercial Cloud
Out-of-the-box, Catalyst runs on Orbis-managed commercial cloud infrastructure - providing global reach, DDoS resilience, and zero-trust network controls with no client infrastructure required to get started.
On-Premises Deployment
Catalyst nodes can be deployed on client-managed hardware - bare metal, VM, or container - in any facility. No dependency on external services once deployed. Fully air-gappable for classified and sensitive compartmented environments.
Sovereign & Private Cloud
Deploy on AWS GovCloud, Azure Government, C2S, or any sovereign cloud of choice. Catalyst has no hard dependency on a specific cloud provider - it runs wherever Envoy and Linux run.
Tactical Edge & DDIL
Catalyst nodes operate autonomously without persistent connectivity - designed for denied, disrupted, intermittent, and limited (DDIL) environments at the tactical edge where centralized architectures fail.
Services That Deliver Catalyst
Products don't deliver outcomes. People do. Orbis engineers build the adapters, deploy the nodes, and design the architecture that makes Catalyst operational for your mission — not just installed.
Producer Adapter Development
Custom adapters that connect your existing sensors, systems, and data sources into Catalyst nodes — translating protocols and normalizing data so it flows into the CODL automatically.
Consumer Adapter Development
Purpose-built adapters that deliver CODL data to your mission applications, dashboards, and C2 systems — in the format and cadence your operators need.
Node Integration & Deployment
End-to-end deployment of Catalyst nodes into your environment — from architecture design through operational handoff, including cross-domain and coalition configurations.
Architecture & ICD Design
C2 architecture, CODL design, data strategies, and interface control documents — we design the environment your Catalyst deployment thrives in.
Post-quantum. Zero trust. Decentralized. Deployed today.
For organizations that operate where the network is hostile, the infrastructure is unreliable, and the adversary is already listening.