Blog

CanvasFoundry and the AI Last Mile
by Kevin Caldwell, CanvasFoundry CTO

TL;DR: CanvasFoundry delivers the AI Last Mile: a full datacenter you can drag, drop, and run in production—on demand.

While some people lump CanvasFoundry into “neocloud” buckets, that misses what we’re actually building. CanvasFoundry is the AI Last Mile: the layer that turns raw compute in a lights-out facility into a customer-owned, production-ready datacenter experience with real L2 networking, real topology control, cabling/wiring, and real isolation. Without needing an army of platform engineers.

Beyond “GPU hosting”: Most GPU clouds sell you a slice of silicon and call it a day. CanvasFoundry sells you the whole environment: a drag-and-drop Virtual Datacenter Canvas where compute, network, storage, and security snap together as composable building blocks. Customers don’t just “rent GPUs.” They stand up a full, isolated datacenter; routers, L2 switching, VLANs, firewalls, servers, and workloads, then run it at scale.

The Structural Gap: The hard part of AI infrastructure isn’t getting GPUs into a rack. It’s making them usable for real systems, multi-tenant, repeatable, network-faithful, and automatable, without the friction of legacy “click-ops virtualization” and the constraints of one-size-fits-all cloud networking. CanvasFoundry closes that gap by virtualizing the datacenter the way customers actually need it: port-to-port L2 behavior, topology realism, and orchestrated virtualization with GPU hardware passthrough, so environments can be spun up, metered, reserved, and scaled across the cluster.

The Unbundling of Cloud (for real): CanvasFoundry isn’t trying to replace popular hyperscalars for every app. We’re carving out the slice that matters when performance, control, and repeatability beat “generic cloud convenience”: AI workloads that need a real network, real isolation, and production-grade orchestration, not just a VM list. Hyperscalers bundle everything; CanvasFoundry lets customers compose exactly what they need, like building a datacenter out of Lego bricks then run it like a factory.

DETAILS
In the broader narrative of the AI boom, a lot of “neocloud” providers look the same from the outside: buy GPUs, rent space, expose a Kubernetes endpoint, and sell hours. The economic logic is simple arbitrage, and the bear case is equally simple: it’s a GPU landlord model where the product is a commodity and the margin compresses the moment supply normalizes.

CanvasFoundry is not playing that game.
CanvasFoundry is the AI Last Mile for companies that already have real systems: CRMs, databases, sovereign data, legacy apps, and compliance constraints, and want to bring those systems to AI compute without retooling their entire stack to fit a Kubernetes-only worldview.

The category mistake: “Kubernetes-only GPU cloud” vs Virtual Datacenter Cloud
Most neocloud platforms implicitly tell enterprises:
“Rewrite your world into containers, adopt our opinionated stack, and then you can use the GPUs.”

CanvasFoundry flips that:
“Bring your world as-is. We’ll give you a full virtual datacenter; network, security, compute, storage, and then attach bare-metal-class AI acceleration to it.”

That distinction matters because for most real businesses, the blocker isn’t GPU availability, it’s integration:
•How do you connect AI to sovereign data without copying it everywhere?
•How do you run “old” workloads (VM-based apps, thick databases, proprietary appliances) next to “new” AI workloads?
•How do you keep the same security model, audit trail, and operational ownership?

CanvasFoundry is designed for that exact problem set.

Beyond “GPU hosting”: the product is the environment
The standard neocloud pattern is minimum viable infrastructure: instances and a thin control plane. You get compute, and everything else is “bring your own platform engineering.”

CanvasFoundry treats the virtual datacenter as the atomic unit:
•Real L2 networking and topology control (not just “a VPC and good luck”)
•Composable building blocks for routers, L2 switching, VLANs, firewalls, servers, and storage
•A Virtual Datacenter Canvas that mirrors how customers actually think about production environments

This is the “AI Last Mile” in practice: not “a GPU,” but a place where production systems can live, safely, repeatably, and at scale.

VM-first, not container-only (and that’s the point)
A lot of AI-native platforms are Kubernetes-first and VM-hostile. They’ll happily give you pods, but the moment you say “I need VMs,” the conversation gets awkward.
CanvasFoundry brings virtualization back into the fold:
•VMs, and your own hypervisors, orchestrated at scale (with metering/reservations so it behaves like cloud)
•Containers can exist where they make sense, but VMs are a first-class citizen
•You can lift-and-shift the systems that actually run companies: CRMs, ERPs, databases, appliance-style workloads, without rewriting everything


The result is “AI infrastructure” that doesn’t require enterprises to amputate their existing stack.

Bare-metal speed GPUs, with multi-tenant guardrails
This is the other false choice the market forces on customers:
•Bare metal is fast but operationally painful and risky in multi-tenant environments
•VMs are manageable but can introduce overhead or limit hardware access

CanvasFoundry is built to combine both:
•GPU passthrough for direct performance (so the customer isn’t trapped behind a slow abstraction layer)
•Multi-tenant security guardrails so you can have performance without turning the datacenter into the Wild West
•VM-based isolation so customers keep the security and administrative boundaries they understand

In other words: you can have “bare-metal-class” AI acceleration and the governance model of virtualization.

Sovereign data stays sovereign
Enterprises don’t just want GPUs. They want GPUs where the data is, or at least where the data can remain controlled.
CanvasFoundry’s posture is: keep the customer’s CRM, databases, and sensitive datasets inside their isolated virtual datacenter boundary, then bring AI compute to that boundary, rather than forcing a massive re-platforming or data migration just to participate in the AI wave.

This is what “AI Last Mile” means for the enterprise: AI attaches to your systems, not the other way around.

Encryption and “trust minimization” as a feature, not a checkbox
CanvasFoundry’s key differentiator: customers should be able to reduce trust in the provider, even while using shared infrastructure. Trust minimization,” not “trust removal.” In a strong multi-tenant platform, customers shouldn’t have to fully trust the provider’s admins, hypervisor layer, or storage operators to keep their data private. They should have options that reduce how much trust is required. Examples of reducing trust: customer-managed encryption keys that cant be decrypted by the provider (CanvasFoundry), end-to-end encryption in transit (CanvasFoundry routes packets but can’t read them, Confidential VM/memory encryption, disk encryption + sealed secrets + attestation patterns. Basically, even on shared infrastructure, the customer is able to run in a way that’s closer to “zero trust”, where the provider (CanvasFoundry)’s role is reduced to supplying power/cooling/hardware scheduling without automatically having visibility into customer data. You can only do this if you have full control of a datacenter, such as our virtual datacenter capability. None of our competitors offer this.

CanvasFoundry is built for trust minimization: customers can keep control of keys and encryption so shared infrastructure doesn’t require blind trust in the provider.

CanvasFoundry is oriented around customer-controlled security, including patterns like:
•customer-managed encryption for storage
•strong tenant isolation boundaries
•and an advanced posture where the customer can run a VM in a way that’s designed to minimize provider visibility (e.g., confidential-VM style runtime memory protections + encrypted disks, depending on hardware/platform capabilities)

Rather than overselling “magic privacy,” the point is clear: CanvasFoundry is built so the customer can choose how much they trust the platform.

What CanvasFoundry is actually competing against
CanvasFoundry isn’t trying to out-hyperscale hyperscalers. It’s not trying to be the next AWS or Coreweave.
CanvasFoundry is competing against the hidden tax that stalls AI adoption in real companies:
•retooling costs
•platform engineering burden
•network and security mismatches
•data gravity and sovereignty constraints
•“Kubernetes-only” rigidity

Neoclouds optimize for GPU utilization. Hyperscalers optimize for breadth and SKU scale.
CanvasFoundry optimizes for enterprise fit: getting AI into production without forcing enterprises to become AI-native infrastructure companies first.

The punchline
Neoclouds rent you chips.
CanvasFoundry gives you a datacenter, then bolts AI acceleration onto it, so your real systems can use AI without being rewritten.

Proprietary control plane for CanvasFoundry Virtual Datacenter Canvases
by Kevin Caldwell, CanvasFoundry CTO

CanvasFoundry isn’t a VM dashboard or a Kubernetes wrapper. It’s a control plane for entire datacenters; drag, drop, wire, run.

CanvasFoundry’s virtual datacenter ‘canvas’ is our proprietary control plane for building and operating full virtual datacenters on demand. Where most “cloud panels” stop at provisioning VMs, CanvasFoundry goes a layer deeper: it lets customers compose the actual datacenter: switching, routing, VLANs, firewalls, servers, storage, and GPU acceleration, as a drag-and-drop canvas that behaves like a real environment.

CanvasFoundry’s origin story matters here. Under the hood, it draws from the battle-tested mechanics of network-emulation platforms and the Linux kernel, systems built to model realistic multi-vendor networks and complex topologies. CanvasFoundry takes that foundation and elevates it into a production-grade control plane: not a lab toy, not a screenshot demo, but an API-driven runtime that can instantiate, meter, isolate, and operate tenant datacenters and AI infrastructure across a physical cluster.

The “datacenter as an object model”
Most infrastructure platforms think in terms of instances and clusters.
CanvasFoundry thinks in terms of datacenter primitives:
•Nodes: routers, L2 switches, firewalls, servers, load balancers, appliances
•Links: explicit port-to-port connections (not “implicit networking”)
•Segments: VLANs, subnets, security zones, management networks
•Templates: golden environments, reference architectures, repeatable deployments
•Tenancy boundaries: isolated “private datacenters” per customer
The Canvas UI is just the visible expression of that model. The real product is the control plane that turns those objects into a running system with lifecycle, policy, and guardrails.

CanvasFoundry’s control plane: “a computer in front of your datacenter”
CanvasFoundry operates like an orchestration brain sitting between the customer’s intent and the underlying compute fabric, essentially a datacenter control plane in front of the datacenter.

When a customer drags a router onto the canvas and wires it to a switch, CanvasFoundry doesn’t just render an icon. It creates a concrete runtime plan:
•allocates CPU/RAM/disk reservations
•assigns network interfaces and port mappings
•wires virtual links to the correct underlying connectivity primitives
•applies tenant isolation rules
•boots and supervises the workload
•tracks lifecycle state and billing/metering
This is where CanvasFoundry departs from “Kubernetes-only GPU clouds.” Those platforms focus on scheduling containers. CanvasFoundry schedules complete infrastructure topologies, including VMs and network devices, while still being able to attach bare-metal-class GPU acceleration via passthrough.

The hidden power: wiring realism (Layer 2 matters)
A “virtual datacenter” is only real if the network behaves like one.
CanvasFoundry treats networking as port-to-port, not abstracted away behind a generic overlay. Explicit interfaces, explicit links, and explicit topology.
That realism unlocks things typical neocloud stacks struggle with:
•complex multi-tier security zoning
•appliance-style deployments that assume L2 adjacency
•overlapping IP spaces across tenants
•deterministic architectures that can be replicated exactly
•environments that mirror production, because they are production
In practice, customers can run the same kinds of designs they’d run in a physical datacenter, without rewriting their world into “Kubernetes patterns.”

Control plane + runtime: how CanvasFoundry actually runs a datacenter
CanvasFoundry is built as a dual-layer system:
1) The CanvasFoundry Controller (control plane)
This is the system of record and orchestration brain. It:
•stores the datacenter graph (nodes, links, configs, templates)
•enforces policy and tenancy boundaries
•resolves intent into an executable runtime plan
•exposes APIs for automation, provisioning, and lifecycle actions
•integrates metering for billing and reservations
2) The CanvasFoundry Runtime (data plane)
This is what executes the plan across the cluster. It:
•boots and supervises VMs and network appliances
•binds links and interfaces
•manages storage attachments
•provides the sandboxing and isolation boundaries
•attaches accelerators (including GPU passthrough where permitted)
This separation is intentional: the controller can be stable and deterministic, while the runtime can scale horizontally and recover from failures without losing the source-of-truth.

Virtualization is not a tax here, it’s a feature
A common neocloud claim is: “VMs are legacy, just use Kubernetes.”
That’s not how real businesses operate.
CanvasFoundry treats VMs as first-class because enterprises bring:
•CRMs
•databases
•proprietary software stacks
•appliance-like workloads
•regulated data environments
CanvasFoundry can run VM-based workloads alongside modern containerized AI services without forcing an all-or-nothing migration. Maximum performance is maintained through bare metal GPU access with multi-tenant guardrails, so you can access the hardware directly without sacrificing operational safety.

Templates and golden datacenters: repeatability at scale
The drag-and-drop canvas isn’t just a UI convenience, it’s a mechanism for repeatable infrastructure.
CanvasFoundry supports:
•reference architectures (your “known good” datacenter)
•reusable topologies and blueprints
•customer-provided images and appliances
•versioned changes and reproducible deployments

This means a customer can build an environment once and then stamp it out:
•per team
•per project
•per customer
•per mission
•per region

In a world where AI infrastructure is becoming more specialized, repeatability becomes the real moat.

Operational lifecycle: the part people forget
In complex environments, failures aren’t edge cases, they’re guaranteed.
CanvasFoundry treats operations as part of the product:
•node health monitoring
•restart/recovery workflows
•topology-aware placement (keep related components close)
•audit-friendly lineage of changes
•deterministic rebuilds from templates
Instead of “here’s a box and a login,” CanvasFoundry is designed to keep customer datacenters running as systems.

Why this matters: the AI Last Mile in control-plane form
The AI boom didn’t just create demand for GPUs. It created demand for usable AI infrastructure.
Enterprises don’t want to:
•rewrite their stack into Kubernetes-only patterns
•break their security models
•migrate sovereign data into foreign ecosystems
•lose L2 realism and appliance compatibility

CanvasFoundry’s proprietary control plane is built for the last mile:
•full virtual datacenter composition
•VM-native compatibility
•port-to-port topology realism
•bare-metal-class acceleration when needed
•repeatability, isolation, and lifecycle control
The point isn’t to be a hyperscaler.
The point is to let customers bring their real world: data, applications, networks, into modern AI compute without conforming to someone else’s platform religion.

CanvasFoundry as an extension of your physical datacenter
by Kevin Caldwell, CanvasFoundry CTO

A lot of “cloud” platforms assume you’re starting from scratch.

CanvasFoundry doesn’t.

Yes, CanvasFoundry makes it easy to spin up brand-new datacenters on demand, but the more powerful use case is this: CanvasFoundry can become an extension of your existing physical datacenter, not a separate universe with its own rules, not a “cloud island” that forces you into new tooling and new patterns.

CanvasFoundry turns hybrid cloud into something simple: Your virtual datacenter plugs into your physical datacenter like a new room with more racks.