Overview
Devin is designed for seamless integration into enterprise environments, with deployment options that balance speed, security, and compliance. Devin can be initiated through the web interface, Slack, or API, ensuring flexibility in how teams engage with the system. Upon activation, Devin operates within a dedicated workspace that includes:- A shell for executing commands.
- A browser for web-based interactions.
- A code editor for reading and writing code.
Devin’s Architecture
Devin’s architecture consists of two key components:- The Brain: A stateless, cloud-based service that powers Devin’s intelligence, always residing in Cognition’s Cloud (similar to GitHub Copilot’s architecture).
- The Devbox: A secure virtual environment where Devin executes code, connects to resources, and interacts with your systems.
Enterprise SaaS Architecture
Enterprise SaaS - Hosted by Cognition in multi-tenant cloud
Customer Dedicated SaaS Architecture
Customer Dedicated SaaS - Tenant-isolated environment with private link access
Customer Hosted VPC Architecture
Customer Hosted VPC - Deployed in your cloud environment
Deployment Options
Devin supports three primary deployment models to meet varying enterprise requirements:| Deployment Model | Brain Location | Devbox Location | Network Setup | Primary Advantage | Best For |
|---|---|---|---|---|---|
| Enterprise SaaS | Cognition Cloud | Cognition Cloud | Public / IP Whitelist | Fastest setup, managed infrastructure | Organizations with public or IP-whitelistable resources |
| Customer Dedicated SaaS | Cognition Cloud | Customer-dedicated single-tenant VPC | AWS/Azure Private Link or IPSec Tunnel | Tenant isolation with managed infrastructure | Strategic enterprises with private networks |
| Customer Hosted VPC | Cognition Cloud | Customer Cloud | Customer managed | Full data isolation and control | Enterprises requiring complete infrastructure control |
Choosing a Deployment Model
Enterprise SaaS Deployment is recommended for most organizations looking for a quick setup with minimal operational overhead. Deployment can be completed within minutes. This model works well when your source code management (GitHub.com, GitLab.com, Azure DevOps Cloud) and artifact stores are publicly accessible or can support IP whitelisting. Customer Dedicated SaaS is ideal for strategic enterprises whose resources are on private networks and cannot support IP whitelisting. In this model, Cognition hosts Devin in an auto-scaling, customer-isolated environment within a single-tenant VPC. Your VPC connects to Cognition’s infrastructure via a secure AWS or Azure Private Link (or IPSec tunnel), allowing Devin to access your privately networked resources while maintaining tenant isolation. This deployment model supports MFA VPN access to your internal resources. Additionally, Customer Dedicated SaaS is typically 20-25% more cost-effective than Customer Hosted VPC deployments. Customer Hosted VPC Deployment provides the highest level of control for enterprises with strict security, compliance, or data isolation requirements. While deployment takes longer, it ensures full network and infrastructure control with zero data retention outside your environment. All customer data is stored in encrypted S3 buckets within your cloud infrastructure.Important Networking Considerations:
- Devin’s Devbox must be able to reach your source code management systems (GitHub, GitLab, Bitbucket, Azure DevOps), artifact stores (Artifactory, CodeArtifact), and other development tools.
- MFA VPNs are not compatible with Enterprise SaaS deployments. If your resources require MFA VPN access, consider Customer Dedicated SaaS or Customer Hosted VPC options.
- For self-hosted tools (GitHub Enterprise Server, GitLab self-hosted, Artifactory), you’ll need either IP whitelisting (for SaaS) or a dedicated deployment model.
Deployment Specifications
Customer Dedicated SaaS Requirements
For Customer Dedicated SaaS deployments, Cognition manages the infrastructure on your behalf. Requirements include:-
Network Connectivity:
- AWS Private Link or Azure Private Link (preferred)
- IPSec tunnel (alternative option)
- Ability to establish secure tunnel between your VPC and Cognition’s single-tenant VPC
-
Access Configuration:
- DNS resolution for your internal resources
- Network routing configured to allow Devin’s Devbox to reach your SCM, artifact stores, and other development tools
Customer Hosted VPC Requirements
Deploying Devin in a Customer Hosted VPC requires a dedicated server that meets the following requirements:-
Hardware Requirements:
- Must support virtualization (Devin does not run in containers).
- Sufficient compute and memory resources based on usage.
- AWS: i3.metal instances recommended
- Azure: Standard_L80as_v3 instances recommended
-
Software Requirements:
- Cognition Agent Service installed on the provisioned server.
- Secure network connectivity to Cognition’s Cloud.
-
Cloud Provider Support:
- AWS and Azure are fully supported
- GCP is not currently supported (contact sales for updates)
- Deploy Devin in a dedicated VPC separate from your main production environment
- Ensure network access to required endpoints:
api.devin.ai,*.devin.ai - Configure DNS to use AWS or Azure DNS resolvers (avoid custom DNS resolvers for easier Private Link setup)
- Use Terraform for infrastructure provisioning (setup scripts are not idempotent)
Cross-Tenant Communication
Devin’s architecture ensures secure communication between your environment and Cognition’s Cloud.
Cognition's Tenant is Hosted on Azure
| Feature | Requirement |
|---|---|
| Networking | Egress access required |
| Ports | HTTPS/443 |
| Connection | On startup, Devin establishes a secure WebSocket connection to an isolated container in Cognition’s tenant |
| Communication | All subsequent operations occur over this secure channel |
| Isolation | Backend session isolation for enhanced security |
Deployment Guides
Use the following platform-specific guides to deploy Devin in your VPC environment:AWS Deployment
Step-by-step guide for deploying Devin in AWS.
Azure Deployment
Instructions for setting up Devin in Azure.
SSO via Okta
Configure authentication using SAML & OpenID 2.0 with Okta.
SSO via Azure
Enable seamless authentication with Azure AD.
FAQs & Additional Information
Can we use our own LLM API keys?
Can we use our own LLM API keys?
Devin is a compound AI system and does not currently support third-party LLM API keys.
Do you support GCP?
Do you support GCP?
Please contact our sales team for information on Google Cloud Platform support.
Do you support OpenShift?
Do you support OpenShift?
OpenShift support is available upon request. Please reach out to our sales team for details.
Next Steps
- For Enterprise SaaS Deployment: Start using Devin immediately by logging in to the web app.
- For Customer Dedicated SaaS: Contact our Enterprise Sales Team to discuss your networking requirements and begin the setup process.
- For Customer Hosted VPC Deployment: Follow the AWS or Azure guides to configure your environment.
- Need Assistance? Contact our Enterprise Sales Team.