agentsinmotion.ca
Agents in Motion

Teleport by agentsinmotion.ca

Governed AI dev sandboxes, on your own infrastructure.

Teleport gives every member of your team a ready-to-use, governed Linux AI dev sandbox — joined to your Active Directory, loaded with command-line AI tooling — provisioned and managed from a single self-hosted appliance, on your VMware or Proxmox.

See how it works Get in touch

ssh you@your-vm — your AD login, your network, your data.

The problem

Teams want command-line AI coding tools. But sending source and secrets to a cloud dev environment is a non-starter for many organizations — regulated industries, on-prem-first shops, anyone with data that can't leave the network.

Teleport keeps it in-house. The sandboxes, the credentials, and the AI context all live on infrastructure you already run. Nothing phones home.

How it works

Import one appliance. Point it at your hypervisor and Active Directory. Provision per-user sandboxes — and manage the whole fleet from a browser.

  1. 1

    Import the appliance

    Bring in the Teleport appliance — an OVA on vSphere, a qcow2 on Proxmox — plus the sandbox template.

  2. 2

    Run the day-0 wizard

    Boot the appliance and log in to the full-screen web console. The wizard collects your hypervisor, Active Directory, and network details, then runs pre-flight checks.

  3. 3

    Provision a user

    Add a user and click Provision. Teleport clones the template, AD-joins it, configures the environment, and hands the user a ready sandbox.

  4. 4

    Manage the fleet

    For the life of the deployment — resize, update tooling, push context, deprovision — all from the console, CLI, or TUI.

Teleport architecture diagram A self-hosted Teleport appliance drives your hypervisor to create one isolated Linux sandbox VM per user, with each sandbox joined to your Active Directory. Teleport appliance Hypervisor vSphere / Proxmox alice-vm bob-vm carol-vm Active Directory
One appliance drives your hypervisor to create one isolated sandbox per user — each joined to your Active Directory.

What you get

Governed AI dev sandboxes — on your own infrastructure.

  • Self-hosted & sovereign

    Runs entirely inside your VMware or Proxmox. Code, credentials, and AI context never leave your network. Nothing phones home.

  • AD-native

    Users log in with existing Active Directory accounts over SSH. Access is governed by AD group membership; sudo is granted via an AD group. No new identity silo.

  • One appliance, whole fleet

    Import once, then provision and manage every per-user sandbox from one console. No per-VM hand-configuration.

  • Per-user isolation

    Each person gets their own real, isolated Linux VM cloned from a golden template — not a shared box — with an IP from a pool.

  • CLI AI tooling, ready

    Each sandbox ships with Claude Code, a Python environment, and database clients for MSSQL, Oracle, Postgres, and SQLite — ready to use.

  • Works with what you run

    First-class support for VMware vSphere / vCenter and Proxmox VE. Same console, either platform.

  • Day-2 fleet management

    Provision and deprovision users, resize CPU and RAM, grow disks, push per-user or group CLAUDE.md context, and update Claude Code across the fleet — over a built-in SSH control channel.

  • Home dir as SMB share

    Each user's home directory is also a Windows SMB share, so files are reachable from the desktop they already use.

  • Admin-first

    Pre-flight checks before anything is provisioned, a setup wizard, session-auth and TLS on the console, plus a CLI and a terminal TUI for people who live in the shell.

Works with your hypervisor

Same console, either platform.

VMware vSphere vCenter via govmomi
+
Proxmox VE native API

vSphere is the proven path; Proxmox VE is first-class supported.

Security & governance

Built for organizations that can't send source or secrets to a SaaS.

  • Self-hosted. The control plane and every sandbox run on your own VMware or Proxmox.
  • AD-governed access. Authentication and authorization ride on your existing Active Directory and group membership.
  • Secrets stay local. Code, credentials, and AI context never leave your network. Nothing phones home.
  • TLS + session auth on the console. The management console is authenticated and served over TLS.
  • Per-user isolation. Every person works in their own VM — not a shared environment.
  • Pre-flight checks. Teleport validates hypervisor, AD, and network before it provisions anything.

For admins

A control plane built for the people who run the fleet.

The console

Import one appliance image; it boots to a full-screen web console. A day-0 wizard points it at your hypervisor and Active Directory, with pre-flight checks before anything is provisioned. From then on you run the whole fleet from the browser.

Day-2 operations

Provision and deprovision users, resize CPU and RAM, grow disks, push per-user or group context, and update Claude Code across the fleet — all over a built-in SSH control channel.

CLI & TUI

For people who live in the shell, Teleport ships a command-line interface and a terminal TUI alongside the web console — same operations, no browser required.

Optional integrations

Read-only access to a central SQL Server per user, and a shared global context directory over NFS that seeds every sandbox's AI context.

Under the hood

A single Go orchestrator talks to vCenter (govmomi) or the Proxmox API directly, drives cloud-init for first-boot bootstrap, and reuses a battle-tested provisioning script for the AD join and tooling install. State — who has which VM and IP — lives on the appliance.

About agentsinmotion.ca

agentsinmotion.ca builds AI-automation infrastructure for organizations that want to run AI tooling on their own terms — self-hosted, governed, integrated with what they already operate.

Small, technical, pragmatic. Infrastructure people, talking to infrastructure people.

Get in touch

Want to see Teleport on your own hypervisor? Send a note — we'll keep it concrete.

Email [email protected]

We'll reply from a real person, not a funnel.