Dedicated machines from Iceland and Switzerland

A dedicated machine is the right answer when the workload is large enough that virtualisation overhead becomes audible, or when the project's threat model requires that no other tenant share the hardware. The four tiers below cover the range from a six-core Xeon entry machine to a sixty-four-core dual-Xeon production host.

Provisioning a dedicated machine is not instant. The operator racks the hardware, provisions the network, and confirms the delivery by email; the lead time is typically a few business days and is stated honestly here rather than implied to be shorter than it is. Hardware specifications are listed below in the same register as the virtual private servers — facts in mono, prose in sans.

The dedicated tier list is a smaller catalogue than the virtual-private-server list because the use cases are narrower: a project upgrades from VPS to dedicated when the upgrade is driven by threat model rather than by capacity, or when the workload genuinely needs deterministic single-thread or sustained-multi-thread CPU performance. The journal entry Threat models for activist archives covers the threat-model framing that motivates most upgrades to bare metal.

The offering

DS Lite $89/mo: Intel Xeon E-2236 (6c / 12t @ 3.4 GHz), 32 GB DDR4 ECC, 2× 480 GB NVMe (RAID-1), 30 TB / month bandwidth
DS Mid $149/mo: AMD Ryzen 9 5950X (16c / 32t @ 3.4 GHz), 64 GB DDR4 ECC, 2× 1 TB NVMe (RAID-1), 50 TB / month bandwidth
DS Pro $249/mo: AMD EPYC 7443P (24c / 48t @ 2.85 GHz), 128 GB DDR4 ECC, 2× 2 TB NVMe (RAID-1), 100 TB / month bandwidth
DS Beast $449/mo: 2× Intel Xeon Gold 6338 (32c / 64t each), 256 GB DDR4 ECC, 4× 4 TB NVMe (RAID-10), Unmetered bandwidth

Who this offering serves

The dedicated tier list serves projects where the shared hypervisor itself is part of the threat model — leak archives whose threat picture includes side-channel attacks from a hostile co-tenant, source-protection workloads where deniability about co-tenancy matters, regional press-freedom organisations whose member-outlet infrastructure consolidates onto consortium-controlled hardware. It also serves projects whose CPU profile is a poor fit for virtualisation: video transcoding for archival ingest, sustained scraping of public-record databases, full-text indexing pipelines over large corpora.

Projects whose workload fits cleanly in a virtualised environment — where co-tenancy is acceptable and the spec-tier is more about capacity than threat-model isolation — should look at the VPS tier list at substantially lower price points. OffshorePress would rather move a customer down to a smaller machine that fits than carry them on a tier they do not need; the migration runbook for moving an archive between tiers sits at Migrating an investigative archive to offshore hosting.

Where the dedicated tier list operates

Bare-metal machines are racked in Iceland or Switzerland. Iceland's geothermally-cooled facilities favour the steady-state power draw of dual-socket platforms; Switzerland's hydro-baseline environments favour mixed-load deployments. Both jurisdictions sustain ten-gigabit and twenty-five-gigabit uplink workloads on transit lanes that route around the typical bottleneck points where a single Tier-1 incident would otherwise turn into a deliverability problem.

The legal-frame question dominates the jurisdiction choice for production-grade dedicated workloads. For a workload whose adversary is an EU domestic prosecutor with bilateral cooperation channels, Iceland's geographical and treaty distance is the more conservative answer; for a workload whose adversary is more diffuse — civil-procedure attacks, disclosure orders from various jurisdictions — Switzerland's revFADP and the courtroom culture established by ProtonMail v UVEK A-550/2019 may produce comparable outcomes through a shorter operational pipeline. The per-jurisdiction dossiers carry the detail.

The machines are operated from Iceland and Switzerland. The choice of jurisdiction is made at the order step; the relevant statute summaries are at /jurisdictions.