Healthcare AI Edge Computing Infrastructure
Healthcare AI needs edge computing. The cloud is the wrong place for clinical data.
The dominant paradigm for AI training — upload data to cloud GPUs, experiment, iterate — is structurally incompatible with healthcare. Clinical data is regulated, sensitive, and belongs inside the institution that collected it. The cloud training paradigm asks hospitals to export their most protected asset to infrastructure they do not control.
Edge computing inverts this: bring the compute to the data. Install a GPU-accelerated edge appliance inside the hospital's network. Let AI companies submit training jobs that execute locally. The data never travels. The model trains where the data lives.
Rapha Edge Appliance specifications
Hardware profile
- Form factor: 1U rack-mount server appliance for hospital data centre deployment.
- CPU: Intel Xeon with SGX/TDX support — hardware-enforced trusted execution environment for confidential computing.
- GPU: Nvidia L4-class GPU with 24GB VRAM — supports full model training including QLoRA fine-tuning of LLMs.
- Memory: ECC RAM with SGX-protected enclave page cache (EPC) for encrypted computation.
- Storage: NVMe SSD for training datasets and model artifacts. All data at rest is encrypted.
- TPM: TPM 2.0 for measured boot, platform integrity, and remote attestation.
- Network: Dual NIC (eth0 = LAN for PACS/EHR access, eth1 = WAN for proof submission — severed during training).
Edge Core OS: three-layer security daemon
The edge appliance runs Rapha Edge Core OS — a purpose-built operating system layer with three integrated security components:
- Rust network gate (network_gate.rs): Kernel-level firewall controller using nftables/iptables. Severs the WAN interface (eth1) during training. Restores it for proof submission and settlement. LAN interface (eth0) for clinical data access is never blocked. The firewall configuration is validated against shell injection patterns before execution.
- Go OPA compliance guard (compliance_engine.go): HTTP middleware that evaluates every training request against OPA policy before model code executes. Static analysis scans model containers for network-capable dependencies (socket, requests, urllib, http.client, aiohttp, websocket, gRPC) and Docker privilege escalation. Returns allow/deny with detailed findings.
- C SGX enclave launcher (enclave_launcher.c): Production-grade enclave lifecycle management. Creates SGX enclave, verifies MRENCLAVE with constant-time hex comparison, obtains DCAP quote via sgx_qe_get_quote. Non-SGX builds return ENOTSUP — no dev fallback, no synthetic quote, no demo path to production.
Deployment model
- Physical deployment: Rapha Protocol ships a pre-configured edge appliance to the hospital. Hospital IT provides rack space, power, and network connectivity (two Ethernet ports). No software installation required — the appliance arrives ready for integration.
- Network integration: The appliance connects to the hospital's internal network (eth0) for PACS/EHR access and to the internet (eth1) for proof submission. The Rust network gate ensures these interfaces are never simultaneously active during training.
- Data source integration: DICOMweb client for PACS integration. FHIR R4 client for EHR integration. Custom SQL views for hospital data warehouses. All data access is read-only and policy-controlled.
- Ongoing operations: Rapha Protocol manages appliance updates, attestation certificate rotation, OPA policy updates, and hardware health monitoring remotely. The hospital does not need dedicated AI infrastructure staff.
Private-alpha. Edge appliance specifications are representative of the target hardware profile. Actual hardware configurations may vary based on deployment requirements and supply chain availability. Production deployment requires hospital IT security review and network integration approval.