Core Principles

Big Picture is built on six core principles that shape every architectural and operational decision.

1. Control Plane, Not Installer

Big Picture decides what is allowed, not what happens.

The system never executes installers, never escalates privileges, and never bypasses enterprise controls. It produces signed decisions that clients and IT systems can verify and act upon according to their own policies.

This separation enables:

Enterprise IT to maintain control over software deployment
Regulated environments to enforce their own security policies
Vendors to provide update guidance without requiring privileged access

2. Signed Metadata Everywhere

Zero trust of networks, CDNs, or mirrors.

Every update decision, every license lease, and every catalog snapshot is cryptographically signed. Clients verify signatures before trusting any guidance. This ensures that even if networks are compromised, CDNs are tampered with, or mirrors are malicious, clients can detect and reject invalid data.

The trust anchor is the vendor’s signing key, not the delivery mechanism.

3. Vendor-Controlled Mirrors

Downstream customers may fully self-host artifacts while maintaining trust in vendor-signed metadata.

For regulated environments that cannot accept outbound connections or must operate air-gapped, Big Picture enables vendor-controlled mirrors. These mirrors pull signed snapshot bundles outbound-only, verify signatures, and serve artifacts locally. Clients operate entirely from local infrastructure while still trusting vendor-signed decisions.

This model satisfies regulatory requirements without breaking the trust chain.

4. Outbound-Only for Regulated Environments

No inbound firewall requirements.

Mirrors and license servers pull updates outbound-only. This means regulated customers can deploy Big Picture components without opening inbound ports or accepting unsolicited connections. The system adapts to network security policies rather than requiring policy changes.

5. No Offline License Keys

Licensing always involves a server—either cloud-hosted or locally deployed.

Big Picture uses lease-based licensing with short-lived, signed tokens. This eliminates the brittleness and security risks of offline license keys while supporting both cloud and air-gapped deployments through local license servers.

Leases can be revoked, usage can be tracked, and entitlements can be updated without requiring software reinstallation.

6. Few Moving Parts (V1)

Modular monolith with optional sidecars only when needed.

Big Picture prioritizes operational simplicity. The core system is a single, statically-linked binary per role. Optional components (like artifact storage or mirrors) are separate services that can be deployed only when required.

This reduces deployment complexity, operational overhead, and attack surface while maintaining flexibility for future extensibility.

How These Principles Interact

These principles reinforce each other:

Control plane separation enables vendor-controlled mirrors because clients don’t need direct vendor connectivity
Signed metadata enables outbound-only operation because trust doesn’t depend on network security
Lease-based licensing enables regulatory compliance because usage can be audited and controlled
Operational simplicity enables enterprise adoption because fewer components mean fewer failure modes

Together, they create a system that is simultaneously powerful for vendors, acceptable to enterprises, and compliant with regulations.

Release Management Philosophy explains how these principles apply to release workflows
Security and Trust Model details how signing and verification work
Licensing Model Overview describes the lease-based licensing system