We built an air-gapped Jira alternative for regulated industries
191 comments
·July 22, 2025viharkurama
isatty
> The interesting part: our air-gapped deployment actually runs faster than our SaaS version.
This is the least surprising thing I’ve read all day.
chrisandchris
If they also realize that having less dependencies makes deployment easier we have gone full circle.
andy_ppp
I can't believe how many devs think dependancies are completely cost free...
red-iron-pine
instead of CI/CD pipelines and a million dependances, why don't we just put all of the containers, like, on one single VM? and just make it a linux box or whatever?
(presumably read in Adam Something's voice)
jagged-chisel
Indeed. For multiple reasons:
- it is not at all surprising that when you remove cruft, code performs batter
- it is not at all surprising that this is not common enough amongst software engineers to even consider these things (competing business interests probably cause this often)
graealex
Not being connected to the work VPN already slows down my Windows to a near halt since a few unreachable network drives is all it takes to make Explorer go unresponsive.
Seems like engineers forget to test these things nowadays.
vanschelven
HN negativity strikes again.
Can't we just read this as "there are 2 wins here: security and performance"?
Which is not surprising, but still a GoodThing(TM) right?
illiac786
Totally agree. Why pick the one negative thing to say instead of saying “this should be done more often” for example. Just aggravating, as a behaviour.
chooma
All year maybe?
Cthulhu_
Once again going full-circle with the industry reinventing self-hosted software. Excuse my cynicism, I'm going back to minding my own business (reinventing design systems / component libraries, lol)
spacecadet
Yeah lol no shit.
magicalhippo
> Turns out when you eliminate all network latency, things get snappy.
Same experience with JIRA. I read all these negative comments here and elsewhere about how slow and clunky JIRA was, and I couldn't relate at all.
Then I realized all those who complained was using JIRA Cloud and we were using on-prem, and it all made sense.
We've since moved to JIRA Cloud ourselves, and I understand now.
We moved and none of the new places had any viable computer room, so literally had to put the rack in a closet And well, that ain't cutting it for physical access control these days. Thankfully we have very simple flows without any BS, so not too many 1-5 second clicks to get things done.
time0ut
Just open the network tab and refresh a page in Jira and you will understand. It isn’t too noticeable on a LAN. Stick the internet in there and it is painful. The worst I have seen is self hosted and accessed over Netskope ZTNA. Truly an abomination.
potato3732842
It's not the refresh that screws you. It's the four goddamn dozen asyncrhonous calls it has to make after that refresh has completed to actually fill out the content of the page and let you click through stuff.
I have to load half a dozen tabs of new tickets and then cycle through them triaging and defining fields in a collated manner to make it so my time isn't hugely dominated by waiting.
We used to have on-prem and it was probably about an order of magnitude better, but still nowhere near "XP in a VM accessing a site on localhost" level snappy.
GoblinSlayer
LAN? What about WFH?
_fat_santa
I contracted with a company that used an on-prem version of Jira. Their instance was painfully slow over VPN and I often wondered why they didn't add more resources thinking that this was the experience for everyone. Then I went on-site for a few days and the performance was night and day. On-prem, their Jira instance was the fastest I've ever seen, faster than the cloud version and felt snappier than Trello.
On-prem is great if everyone is coming into the office, but I think orgs should pay more attention to the "remote experience" of their on-prem tools.
uxp100
I have had the opposite experience with Jira at a relatively large corporation (years ago). Our local Jira was probably just configured weird or on underpowered hardware though.
tikkabhuna
Having adopted a number of development tools, including Jira and Confluence, it’s amazing people let them sit there chugging away on underpowered machines with hundreds of users quietly complaining about the speed. Throwing some extra CPU cores and memory is so cheap for the quality of life improvement, let alone the productivity gain.
zelphirkalt
Also that Jira is one of these mutants, between SPA and pages, doing neither well.
IshKebab
> Then I realized all those who complained was using JIRA Cloud and we were using on-prem, and it all made sense.
Even Atlassian doesn't use Jira cloud. Btw it's not "JIRA".
magicalhippo
> Even Atlassian doesn't use Jira cloud.
That would explain a lot.
> Btw it's not "JIRA".
When did they change this? I'm fairly certain[1] it used to be JIRA.
mikestaas
Atlassian very much do use Jira cloud. Source: I worked there for 10 years. Not apologising for it's performance however.
hadrien01
Case in point: https://jira.atlassian.com/projects/ Look how snappy it is!
tomrod
What a weird time to enforce British rules for acronyms.
JIRA stands for JIRA Isn't Really Awesome.
joeldo
That's no longer the case - a large portion of teams are now using cloud variants of Confluence/Jira.
latentsea
Everytime I'm using JIRA and I type JIRA and it automatically corrects it to Jira, I hit Ctrl+Z to undo the autocorrect.
john01dav
My company self hosts most things, which is bad for remote employees and employees in offices other than the primary because the VPN server (or possibly their network connection) is underpowered for the number of remote users. I sometimes need to wait 45 minutes for a like 1GB clone.
mschuster91
> We've since moved to JIRA Cloud ourselves, and I understand now.
Jira on-prem was dog slow, yes, especially if it didn't live on the same server as the database. But Jira Cloud? It isn't much faster than that! It's a piece of hot mess. Loading placeholders everywhere. Really I have absolutely zero idea what Atlassian is doing, but I know for sure optimizing for performance is not amongst the things they are doing.
mikestorrent
Yeah, this whole pattern of loading a million placeholders and then watching the page awkwardly snap into layout is just sad. Especially when you know that you could have shown just as much information in a "server side rendered" piece of PHP in 2005 with less latency.
bigmattystyles
The other thing, every pm wants a custom field just for their project, a field they’ll forget they asked for a day later. TLDR, put a governance board that’s fine saying no especially when someone inevitably pulls rank.
vosper
> cloud-only tools like Jira.
But Jira is not cloud-only?
magicalhippo
They've removed it from their pricing page now, but when they announced the discontinuation of the regular on-prem server the minimum for datacenter was like 500 licensed users or something along those lines.
In any case it was clear it's not for small shops like us.
That said, air-gapped is a hefty requirement, so perhaps those customers are predominantly large?
bigfatkitten
> That said, air-gapped is a hefty requirement, so perhaps those customers are predominantly large?
There are lots of very small classified networks out there with only a few dozen users.
There are a lot more user communities course that aren’t necessarily airgapped, but where they have special compliance requirements that pretty much mandate self hosting (or at least bring-your-own cloud.)
viharkurama
We took a different approach with Plane's air-gapped offering. No minimum user requirements at all. We evaluate based on your use case and domain requirements, not team size.
bpt3
It's still on this page: https://www.atlassian.com/enterprise/data-center/jira
$51k for the smallest license they offer.
I still run an old version on an air gapped network and will continue to do so until we're forced to change for some reason. It's not a hefty requirement; we run it for a team of < 10 developers on a small VM and it just works.
jasondc
$$$$ Very expensive
bowsamic
Atlassian actually threatened to sue our company if we didn't move from on-prem to cloud. I imagine they're doing the same to others
GabeIsko
There has historically been massive investor and shareholder pressure for companies to show "Cloud Recurring Revenue" and multiple wall street analysts will start issuing higher price points for your stock based on this, and eventually large institutional investor adjust their positions accordingly.
I like the cloud for a lot of reasons. But, making your software worse to make your stock price higher seems like a loser for everyone long term.
thaack
Sure if you commit to a 500 user minimum.
bpt3
It might as well be for the vast majority of companies, since I believe the smallest number of users you can buy support for is 500.
To be more specific, they killed off the legacy Jira Server and now only offer these enterprise versions of Jira and the rest of the suite if you won't move to the cloud.
yodon
How do you handle compliance in confirming that the product is only used for the license duration? (Or is it more of a one time purchase plus recurring fee for updates?)
Msurrow
At this level (govt, 6 figure+ deals) I would at least consider if this problem should have a non-tech solution, and instead have a legal/lawyer solution. In my experience (not US based though) the govt contracts are under compliance programmes as well so the govt agency’s legal/contract mgmt team would probably follow up internally on expiring contracts (ie licences) and require the owning stakeholder to either renew the contract or abandon the software. Meaning the customer would supervise itself regarding licence. But even if you don’t want to rely on self-supervision then having your lawyer spend 1 hour reaching out with a “do you need to renew your licence” at the end of a licence term would probably be much cheaper than building and maintaining an air-gapped licence solution.
bobmcnamara
Years back a friend of mine's startup failed when USAF pirated their software and the original customer org stopped paying for it.
Feds are DMCA immune, so no real recourse.
fc417fc802
Largely agree but I want to challenge this bit at the end.
> probably be much cheaper than building and maintaining an air-gapped licence solution
I think this is an unwise attitude to take. There's something to be said for a simple picket fence. Even though someone could easily hop it if they wanted to, they lose plausible deniability and in most cases that's all that really matters at the end of the day.
viharkurama
It's a subscription license. We offer air-gapped deployments under the Business plan. As part of compliance, we request customers to share license logs quarterly-no PII involved. Also, the license enforces seat limits, so you can't exceed the number of users you've purchased. https://plane.so/pricing
beardedwizard
But you didn't tell us how many orders of magnitude more expensive it is to operate :)
unixhero
Itar ruins all the fun
white_dragon88
[dead]
jeron
>our air-gapped deployment actually runs faster than our SaaS version. Turns out when you eliminate all network latency, things get snappy.
Notion, take notes
0points
"air-gapped" self hosted app.
It used to be the default that self hosted apps didn't telemetry and call home.
I feel there's more than one self hosted foss jira alternative around already, that of course wouldn't telemtry or call home.
Some I used in the past:
https://phacility.com/phabricator/ no longer maintained :-(
xorcist
Phrabricator lives on in Phorge, which is seeing active contributions.
I haven't used Phorge, but Phrabricator is easily my favourite tool among the source code portals. The code review system actually works and does not make me tear my hair out. I am completely at a loss why the commercial side of it seemingly failed after all those years, when products such as Bitbucket and Gitlab seem to do well.
Pi9h
I am also building https://docmost.com, a self-hostable Confluence alternative that can run fully air-gapped.
It has support for spaces, real-time collaboration, a rich-text editor, built-in diagrams support and more.
We launched on HN 1 year ago: https://news.ycombinator.com/item?id=40832146
mnholt
What does your enterprise pricing look like?
elric
I think we have different definitions of the term "air-gapped". Users still very much connect to it using a network. This just doesn't phone home (or elsewhere).
A truly airgapped Jira-alternative would be somewhat impractical.
hkchad
Why? I use to manage one on a classified air-gapped network, back before Atlassian was all Cloud Based or 'Data Center' license junk. We had Stash, Jira, Confluence, FishEye, HipChat, everything hosted on a non-internet connected network.
beng-nl
If the local network as a whole can do work, connect to the Kira-alternative for their work, but the network is isolated from the internet - then it counts as airgapped IMO.
Disposal8433
There is no price anywhere. I would be interested to use that for either my job or for private projects, but where and how much do I pay?
Edit: I looked again and even your pricing pages have no price. I understand that you may want to restrict yourself to rich companies, but I don't understand the point of posting on HN if that's the case.
viharkurama
If you want air-gapped it's on Business tier, please look at our pricing page.
That being said, we don't recommend the air-gapped version for personal use. Instead, you can use our open-source Community Edition here: https://github.com/makeplane/plane — you can self-host it and disable telemetry entirely.
pc86
Air-gapped probably adds a zero or two to the highest tier Enterprise price. You wouldn't buy an Enterprise license for a personal project, why would you buy an Enterprise++ license (which is essentially what AG is)?
jasondc
It's part of the Business tier on the pricing page here: https://plane.so/pricing
intexpress
A version of JIRA that nobody can access sounds pretty good
treve
I just learned air-gapped includes private networks. I was under the impression this strictly meant isolated non-networked computers. Was this always the case or has the term diluted over time?
RandallBrown
I think it just depends on the context you're talking about. Air gapped just means there's no connection between two things so it could be talking about networks or individual computers.
devanshuarora
Strictly speaking, air-gapped originally meant physically isolated, no network connections at all. But in practice, the definition has broadened a bit, especially in enterprise and defense settings.
Today, it may include closed private networks with no internet access, still isolated, but with internal connectivity for practical reasons (like backups, logging, or internal auth).
hgomersall
Pfft! Truly air-gapped would be each key on the keyboard physically unconnected to anything else. True security.
tasn
In my circles we include private networks going back at least 15 years. So maybe diluted, but if diluted, at least not new.
alexb_
I work on an air-gapped network. The most important thing that the words "air gap" communicate is that there is no connection, nothing at all, to anything outside the network. The only way to move anything on or off are using disc drives (no USB for security reasons). The word "private network" does not really communicate that there is a physical gap of no wires at all from the computers on the network and everything else on the internet.
duffpkg
This also makes it infinitely more useful for healthcare. Not healthcare software specifically. Lots of use cases in logistics, irl maintenance, etc. Patient data creates hipaa challenges and tends to overflow into any system.
mannyv
Nothing in HIPAA mandates air gaps. In the context of HIPAA that's really overkill.
In fact, self-hosting might even do you wrong when things go bad, because AWS is probably better managed and more secure. And they have all their certs, which is legally important.
viharkurama
+1. We already work with a few healthcare teams, and self-hosted is almost always their go-to. Our air-gapped edition has been in beta for a bit, and we’re seeing more use cases pop up—especially in places where HIPAA and data isolation matter a lot.
tptacek
Why would a health care org care about air-gapped deployments? Most (really, almost all) health care data is stored on cloud SAAS databases already; for people who care, this vendor already had an on-prem version.
SMrF
What you say makes sense, but I think there can be reasons. For our military customers we offer an air-gapped version of our app early on because it was easier for customers than getting an ATO. Also as a bootstrapped company it was a lot cheaper than FedRAMP. I'm guessing I'd lean on a similar strategy if I had a health care startup.
tptacek
Most health care companies get along just fine in AWS, just for what it's worth.
rubidium
They make it seem like a big deal. It’s pretty much how all software used to ship :)
vanschelven
Both those things can be true at the same time: all software used to ship like that, and shipping like that in the current era _is a big deal_.
Spoken as someone who's core differentiator is "self hosted" [0]
devanshuarora
Yes, absolutely, in a way, we’re just bringing back the old-school model — full package, zero dependencies, runs on your own infra — but with modern tooling and UX.
esafak
I've heard they're planning to ship it with printed documentation some time soon!!
jasondc
Big fan of Plane since it's open-core.
Doesn't seem to be a lot of options for self-hosted/open-core project management software. The existing ones looks pretty bad, and don't come anywhere close to Jira level functionality.
IshKebab
> don't come anywhere close to Jira level functionality.
In my experience that's probably a good thing. I've moved from a company using Phabricator to one using Jira. Phabricator had exactly everything we needed and was very nicely designed and worked really nicely.
Jira has everything you need plus loads of other stuff that project managers feel like they need to add. Oh and they'll never clear anything up or fix any config bugs because they don't actually have to ever use the "report bug" form so who cares if there are 100 fields and half of the mandatory ones are hidden in "More fields"? 5 different states for "TODO"? Eh who cares. 3 different ways to say which team a bug is in? Better fill them all in for every bug.
It's better to be missing features than to have features that project managers can configure.
CamouflagedKiwi
I've used both as well, I found Phabricator fine for lightweight kanban-style team work tracking, but once we had PMs it was doomed because it would never do what they wanted (they didn't seem to be able to understand that it was not a Scrum system and would never match well).
These days I'd be using Github instead, issues there are also nice and simple. I imagine it would ultimately suffer the same fate in a similar situation though (not that I intend to get there ever again).
The problem with Jira is that it's so customisable and always ends up being customised by "process people" who think all problems can be solved by adding just one more field - but simultaneously it's never possible to customise your bit to work the way you want.
jay_kyburz
The first bug you should log is that the bug logging page has unnecessary fields.
majkinetor
Redmine is awesome
hardwaresofton
AGPL continues to be the future of F/OSS
https://vadosware.io/post/the-future-of-free-and-open-source...
Dread it, run from it, AGPL still arrives. Sustainable F/OSS is the most likely to-still-be-active-5-years-from-now kind of F/OSS.
willejs
Running software in an airgapped environment is difficult, but the hardest thing is the install, packaging and shipping updates. I have used https://zarf.dev/ to do this for a government client, and it was an amazing experience. I highly recommend it. K8s seems heavy, but if you want to run datastores with backups (k8s operators), or highly customised environments, and automate all of that, instead of loads of bash and custom code, it shines.
After a U.S. federal contractor told us they loved Plane but couldn't use it due to ITAR requirements, we spent 6 months building a truly air-gapped version. No external connections, no license pings, no telemetry, everything runs in complete isolation.
The interesting part: our air-gapped deployment actually runs faster than our SaaS version. Turns out when you eliminate all network latency, things get snappy.
This post covers the technical challenges we solved (supply chain trust, 2GB bundle size, offline licensing) and why regulated industries need alternatives to cloud-only tools like Jira.