MSP PlaybookAgent DeploymentsSovereign Infrastructure
Build a Managed AI Agent Practice with Sovereign Infrastructure
Most MSPs selling AI services are reselling SaaS subscriptions — CoPilot seats, ChatGPT Enterprise licences, or third-party AI tools. A sovereign agent deployment practice is different: you deploy and operate AI agent infrastructure inside the client's own environment, with certified practitioners, production-grade governance, and recurring managed service revenue. This playbook explains how to build it.
Why sovereign infrastructure is the MSP opportunityRegulated clients — financial services firms, healthcare organisations, law firms, government agencies — cannot use cloud-hosted AI agent platforms. Their data governance obligations require them to know exactly where data goes and who can access it. Cloud-hosted platforms cannot answer that question satisfactorily. Sovereign self-hosted infrastructure can. This is a market segment that SaaS AI vendors structurally cannot serve, and that MSPs with the right certifications and architecture knowledge can own.
The reference stack
Agent runtime
Trinity (Ability.AI)
Self-hosted, open-source, security-audited
Infrastructure
Docker / Kubernetes
Isolation, reproducibility, resource limits
Agent state
Client GitHub
Version-controlled, client-owned
Task queue
Redis Streams
Durable agent task queueing
LLM provider
OpenAI / Anthropic / Ollama
Client-provisioned API credentials
Observability
OpenTelemetry + client stack
Traces, costs, alerting
Human oversight
Trinity approval queue
Built-in, configurable per action
Audit log
Trinity (hash-chained)
Tamper-evident, exportable
This is a reference stack, not a mandate. Clients with existing Kubernetes infrastructure, GitLab instead of GitHub, or on-premise LLMs (via Ollama or vLLM) can substitute accordingly. The sovereignty principle holds as long as the runtime and data stay within the client's perimeter.
The deployment playbook
Six phases from certification to managed service. Each phase has defined deliverables, owners, and time estimates. The full cycle from certification to first production agent runs 6–8 weeks.
Before you deploy anything for a client, your team needs the credentials that prove you understand what you are doing. In the agent deployment practice, two certifications are essential and one is strongly recommended.
Owner: The person who will operate the deployed agent environment day-to-day.
CAOP covers the eight PSF domains as they apply to running production agent systems: input governance, output validation, data protection, observability, deployment safety, human oversight, security, and vendor resilience. It is the credential that clients in regulated sectors will ask for.
⏱ 10–12 hours study + 90-min exam
Owner: The engineer who will connect agents to client systems.
CAIG covers safe API integration, credential management, webhook security, and the data-flow considerations that arise when an AI agent has write access to a client's CRM, ERP, or ticketing system. Every integration you build for a client creates a security and compliance surface — this certification covers how to design it safely.
⏱ 8–10 hours study + 75-min exam
Owner: The team member who produces governance reports for regulated clients.
Clients in financial services, healthcare, and government need periodic audit reports confirming that their AI agent deployments remain compliant with their regulatory obligations. CAIA certifies the ability to conduct and document these audits using the Trinity audit log and PSF framework. This creates a recurring revenue stream beyond initial deployment.
⏱ 8–10 hours study + 75-min exam
02
Understand the sovereign architecture
Week 2
The MSP agent deployment model is fundamentally different from reselling SaaS AI tools. You are deploying infrastructure inside the client's environment (or a dedicated environment you manage on their behalf). Understanding this distinction is essential for the client conversation, the scope-of-work, and the ongoing managed service.
Owner: Everyone in the practice.
In a sovereign agent deployment, the runtime (Trinity) runs inside Docker on the client's infrastructure — their on-premise servers, their private cloud, or a dedicated managed environment you provision for them. All data processed by agents stays within that perimeter. Agent state is stored in the client's GitHub repository. No operational data is transmitted to Ability.AI or any other third party. This is the answer to 'where does our data go?' — and for regulated clients, it is the only acceptable answer.
⏱ Read Trinity PSF assessment + architecture docs
Infrastructure prerequisites
TechnicalOwner: Lead engineer.
Trinity requires: Docker (or Kubernetes for larger deployments), a GitHub account or self-hosted Gitea for agent state, Redis (for task queuing via Redis Streams), and the LLM API credentials the client will use (OpenAI, Anthropic, or a self-hosted model via Ollama). For most MSP client environments, this means confirming Docker is available and provisioning a small Redis instance — the additional infrastructure footprint is modest.
⏱ 2–4 hours environment assessment
03
Define the first agent use case
Week 2–3
The most common mistake in an agent deployment engagement is trying to automate everything at once. Start with one well-defined use case where the agent's scope is narrow, the data is relatively non-sensitive, and the value is demonstrable within 30 days. This builds client confidence and gives you a reference deployment.
Owner: Account manager + CAOP-certified operator.
Use the PAI discovery framework to identify workflows in the client's environment that are high-repetition, rules-based, and currently performed by people. Focus on tasks where the output is reviewable before it acts — this means you can deploy with an approval queue and give the client visibility into every agent action before it executes. Good first agents: support ticket triage, invoice routing, document classification, internal query answering.
⏱ 2–3 hour structured session
Use case scoping document
DeliverableOwner: CAOP operator + account manager.
Before configuring anything, produce a one-page use case scope document covering: the task the agent will perform, the data it will access (and what it will not access), the channels it will be reachable through, the approval rules (what requires human sign-off before the agent acts), the success metric (how you will know it is working), and the exit criteria (what causes the agent to be shut down or referred to a human). This document becomes the configuration specification and the governance reference.
⏱ Half day
04
Deploy and configure Trinity
Week 3–4
Trinity is deployed as a Docker container into the client's environment. Configuration is done through Trinity's agent definition files, which live in the client's GitHub repository. Every change to an agent's configuration is version-controlled and auditable.
Environment provisioning
TechnicalOwner: CAIG-certified engineer.
Provision the Docker host (or Kubernetes namespace), Redis instance, and GitHub repository. Configure network access: Trinity needs outbound access to the LLM API endpoint and to any client systems the agent will integrate with. It does not need inbound access from the internet unless you are exposing a public webhook for external triggers. Establish separate credential scopes for the development instance and the production instance.
⏱ 4–8 hours
Owner: CAOP operator.
Define the agent in Trinity's configuration: name, description, system prompt, permitted tools, channel bindings (which Slack channels or webhooks can trigger it), RBAC restrictions (which user roles can interact with it), and approval rules (which action types require human sign-off before execution). The guardrails are configured here — this is the PSF D1 and D5 work. Every tool the agent has access to should be the minimum required for the use case. Never grant an agent write access to a system it only needs read access to.
⏱ 4–8 hours per agent
Owner: CAOP operator.
Configure Trinity's OpenTelemetry exporter to send traces to your observability stack (or the client's). Set up dashboards for agent execution volume, error rate, approval queue depth, and LLM cost per agent. Configure alerting for anomalous execution patterns — an agent that executes 10× its expected daily volume should trigger a review before it consumes significant API spend. The tamper-evident audit log is on by default — confirm it is being written to durable storage.
⏱ 2–4 hours
Owner: CAOP operator + client nominated reviewer.
Configure the approval queue for every action type that is irreversible or customer-facing. Assign the client's nominated reviewer to these approval tasks. Walk the reviewer through the approval interface: how they receive notification, what information is presented, how to approve or reject, and what happens to rejected actions. This is the human oversight layer — get the client's reviewer comfortable with it before going live.
⏱ 2–3 hours including client walkthrough
05
Run a supervised pilot
Week 4–6
Before handing the deployment to the client for unsupervised use, run a two-week supervised pilot. Every agent action goes through the approval queue. You review alongside the client. You build the evidence that the agent is behaving as expected and that the client is comfortable with the oversight model.
Pilot period monitoring
ProcessOwner: CAOP operator.
During the pilot, review the observability dashboard daily. Check approval queue items together with the client's reviewer. Flag any agent outputs that are unexpected, off-topic, or incorrect. Document each instance in your incident log — not because they are necessarily serious, but because the client needs to see that you are tracking the agent's behaviour systematically. A clean incident log is evidence of a well-configured deployment; a few documented minor incidents with appropriate responses is evidence of a mature monitoring practice.
⏱ 30–60 mins/day during pilot
Pilot review and sign-off
DeliverableOwner: CAOP operator + client stakeholder.
At the end of the pilot, produce a pilot review document: number of tasks processed, number of approval queue decisions, number of incidents, cost vs. estimate, client reviewer feedback. Get written sign-off from the client stakeholder before moving to production operation. This sign-off is your evidence of informed consent for the production deployment — it matters if a regulator ever asks how you validated the deployment before going live.
⏱ Half day
06
Operate as a managed service
Ongoing
The deployment is not the product — the managed operation is the product. This is where the recurring revenue model lives. Your ongoing managed service covers monitoring, incident response, model updates, capability expansion, and periodic compliance reporting.
Monthly managed service deliverables
ServiceOwner: CAOP operator.
Each month: review observability dashboards for drift in agent behaviour (volume, error rate, cost per run), review any incidents and their resolutions, update agent configurations in response to client feedback or changing requirements, review LLM model versions and assess whether an update is appropriate, and produce a one-page operational summary for the client stakeholder. This summary is the evidence that the managed service is active and that the client is getting value.
⏱ 4–6 hrs/month per deployment
Owner: CAIA-certified auditor.
For regulated clients, produce a quarterly audit report covering: PSF domain compliance status for each deployed agent, review of the tamper-evident audit log for the period, assessment of any incidents and their root causes, confirmation that data protection controls remain effective, and recommendations for the next quarter. This is a billable deliverable that creates recurring audit revenue beyond the monthly managed service fee. The CAIA certification gives you the credential to produce audit reports that clients can present to their own regulators.
⏱ 1–2 days per client per quarter
Capability expansion
GrowthOwner: CAIG engineer + CAOP operator.
Once the first agent is established, identify the next use case in the client's environment. Use the same scoping-deploy-pilot cycle. Each additional agent increases the depth of the engagement, increases the monthly managed service fee, and increases the complexity of the relationship — which makes it harder for the client to switch to a different provider. Aim for 3–5 agents per client within the first year.
⏱ Scoped per use case
Pricing reference
These are reference ranges in GBP. Adjust for your market, client size, and the complexity of the client's environment. Setup fees reflect the one-time cost of deployment, configuration, and the supervised pilot. Monthly fees reflect ongoing managed operation, monitoring, and monthly reporting.
Starter Deployment
Setup: £4,500–£7,500
Monthly: £800–£1,500/mo
- ✓1–2 agents
- ✓CAOP operator certification on team
- ✓Docker + Redis provisioning
- ✓2-week supervised pilot
- ✓Monthly operational summary
- ✓Approval queue configuration
First agent deployment for SME clients. Good reference engagement for building the practice.
Most common
Regulated Client Package
Setup: £10,000–£18,000
Monthly: £2,000–£3,500/mo
- ✓3–5 agents
- ✓CAOP + CAIA certified team
- ✓Full PSF compliance configuration
- ✓Quarterly audit reports
- ✓OTel observability stack
- ✓Incident response SLA
- ✓Client reviewer training
Financial services, healthcare, legal, and government clients with compliance obligations.
Enterprise Sovereign Platform
Setup: £25,000–£50,000
Monthly: £5,000–£10,000/mo
- ✓Unlimited agents
- ✓Kubernetes deployment
- ✓Full team certification
- ✓Custom compliance reporting
- ✓Executive briefings
- ✓Priority incident response
- ✓Annual PSF gap assessment
Large enterprises requiring sovereign infrastructure across multiple departments or divisions.
Certifications for the practice
Three PAI certifications cover the agent deployment practice. At minimum, your team needs CAOP and CAIG before taking a client engagement. CAIA unlocks the compliance audit revenue stream.
CAOP
Certified Agent Operator
Operating production agent systems: PSF compliance, observability, approval queues, incident response, model updates.
Required for monthly managed service
CAIG
Certified Agent Integration
Connecting agents to client systems: API security, credential management, webhook design, data flow governance.
Required for integration setup fees
Producing compliance audit reports: PSF gap assessment, audit log review, regulatory evidence packages, board-level reporting.
Unlocks quarterly audit revenue
Join the PAI MSP Programme
The PAI MSP Programme supports managed service providers building an AI agent practice. Get access to the discovery framework, proposal templates, client briefing decks, the full certification curriculum, and listing in the PAI partner directory.