Patterns

Most Alien use cases follow one of three patterns. The pattern determines how work is split between your environment and the customer's environment.

Remote Worker

A lightweight, stateless worker runs in the customer's environment. Your control plane sends commands, the worker executes them, and returns results.

┌─────────────────────────┐         ┌─────────────────────────┐
│   Your Cloud            │         │   Customer Environment  │
│                         │         │                         │
│  ┌─────────────────┐    │         │    ┌─────────────┐      │
│  │  Control Plane  │────┼─command─┼───▶│   Worker    │      │
│  │                 │◀───┼─result──┼────│             │      │
│  └─────────────────┘    │         │    └──────┬──────┘      │
│           │             │         │           │             │
│  ┌────────▼────────┐    │         │    ┌──────▼──────┐      │
│  │   Dashboard     │    │         │    │   Private   │      │
│  │   Processing    │    │         │    │   Resources │      │
│  └─────────────────┘    │         │    └─────────────┘      │
└─────────────────────────┘         └─────────────────────────┘

Most logic lives in your cloud. The worker provides access to private resources the outside world can't reach — databases behind VPCs, Active Directory, internal APIs, local AI models.

Use cases: AI workers (tool calls in customer's VPC), data connectors, security scanners, browser automation for internal apps (Jira Data Center, SAP, GitLab), cloud remediation agents.

Typical implementation: a single Alien Function with command() handlers. Stateless, scales to zero when idle.

import { command, storage } from "@alienplatform/sdk"

const ws = storage("workspace")

command("get-active-users", async ({ limit }) => {
  const pool = new Pool(await getCustomerCredentials())
  const { rows } = await pool.query(
    "SELECT id, name FROM users WHERE active = true LIMIT $1",
    [limit ?? 100]
  )
  return { rows, count: rows.length }
})

command("read-file", async ({ path }) => {
  return ws.get(path)
})

Control Plane / Data Plane

You run the control plane. A stateful data plane runs in the customer's environment with persistent storage and compute.

┌─────────────────────────┐         ┌─────────────────────────┐
│   Your Cloud            │         │   Customer Environment  │
│                         │         │                         │
│  ┌─────────────────┐    │         │    ┌─────────────┐      │
│  │  Control Plane  │────┼─updates─┼───▶│  Data Plane │      │
│  │  - Lifecycle    │    │         │    │  - Storage  │      │
│  │  - Updates      │◀───┼telemetry┼────│  - Compute  │      │
│  │  - Monitoring   │    │         │    │  - Database │      │
│  └─────────────────┘    │         │    └─────────────┘      │
└─────────────────────────┘         └─────────────────────────┘

The data plane is the product. It handles the actual workload and stores data. Your control plane manages the lifecycle — ships updates, monitors health, handles incidents.

Use cases: managed databases (BYOC), AI gateways, observability platforms, any product where the compute/storage component runs in the customer's cloud.

Typical implementation: Alien Container resources with persistent storage, autoscaling, and internal networking.

Full App

A complete application runs in the customer's environment. You ship updates and monitor, but all data and logic stays remote.

┌─────────────────────────┐         ┌─────────────────────────┐
│   Your Cloud            │         │   Customer Environment  │
│                         │         │                         │
│  ┌─────────────────┐    │         │    ┌─────────────┐      │
│  │  Ship Updates   │────┼─────────┼───▶│     App     │      │
│  └─────────────────┘    │         │    │  - API      │      │
│                         │         │    │  - Workers  │      │
│  ┌─────────────────┐    │         │    │  - Queue    │      │
│  │   Monitor       │◀───┼─────────┼────└──────┬──────┘      │
│  │  (logs/metrics) │    │         │           │             │
│  └─────────────────┘    │         │    ┌──────▼──────┐      │
│                         │         │    │   Storage   │      │
│                         │         │    │   Database  │      │
│                         │         │    └─────────────┘      │
└─────────────────────────┘         └─────────────────────────┘

The app is self-contained. Multiple functions, storage, queues, databases — all inside the customer's environment. You ship updates and have full visibility, but no data leaves.

Use cases: enterprise SaaS with self-hosted requirements, AI agents that need extensive private data access, internal tools deployed across many customer environments, cloud action platforms with HTTP APIs and event triggers.

Typical implementation: multiple Alien resources — Function, Container, Storage, Kv, Queue — working together.

Choosing a pattern

	Remote Worker	Control / Data Plane	Full App
Where is most logic?	Your cloud	Split	Customer's environment
Is the remote component stateful?	No	Yes	Yes
Primary purpose?	Execute commands	Run infrastructure	Run application
Typical Alien resources	1 Function	Multiple Containers	Multiple of any type

Decision:

Need persistent storage or heavy compute in the customer's environment? → Control Plane / Data Plane
Running a full application (API, workers, storage)? → Full App
Just need access to private resources? → Remote Worker

Outbound-only communication — remote components poll for updates. No inbound firewall rules, no VPN.
Automatic updates — alien release deploys everywhere. No customer involvement.
Full telemetry — logs, metrics, traces from every deployment. No sensitive data leaves.
Multi-cloud — same stack deploys to AWS, GCP, and Azure.

Remote Worker

Control Plane / Data Plane

Full App

Choosing a pattern

What all patterns share

On this page