Ferrum — GA4GH infrastructure that actually runs.
Built because GA4GH compliance is usually sold as a promise, not a verifiable reality. On-premise, in Rust, with signed audit trails and a test suite you can run yourself.
Evidence you can inspect
Core code and demos are public; HelixTest runs in CI against Ferrum. Apache-2.0 components where stated; BUSL-1.1 covers the integrated stack with a clear research allowance and four-year conversion to Apache-2.0 (see LICENSE).
Why Ferrum exists
Most GA4GH implementations are cloud-first, hard to verify, or simply not finished. Ferrum is built for teams that know their data must stay on-premise — while still needing to interoperate with GA4GH-compatible networks. The GA4GH APIs are good. There should be a system that implements them consistently. So we built it.
What we need to say honestly
Ferrum is tested — HelixTest runs in CI, the GA4GH demo is reproducible, the architecture is written to scale. What we do not yet have: a deployment with truly large clinical datasets. That is not an architecture limitation — it is because we have not had the resources for that yet. That is something we want to do with the first real partner.
We are looking for a first partner
If you are a research team or clinic that wants to build GA4GH-compliant infrastructure — on-premise, verifiable, without cloud lock-in — then you are exactly the person Ferrum was built for. We offer a pilot with a clear scope: you bring the data and the environment, we bring the software and the commitment to make it a real productive system together.
GA4GH Services
TRS · DRS · WES · TES · htsget · Beacon v2 · Passports — all under one gateway, with shared authentication.
GA4GH implementation on GitHub →Deployment options
Demo, single node, HPC cluster, Kubernetes — all options are documented.
Deployment docs on GitHub →Installation
Quickstart on GitHub →Licence & collaboration
Ferrum is licensed under BUSL-1.1 — free for research and non-commercial use, with a commercial licence for production deployments. After four years the licence converts to Apache-2.0. You can licence it, request features, or use it as a starting point for your own infrastructure. No vendor lock-in.
Designed for regulated environments (GDPR, EHDS, NIS2, HIPAA as orientation). Includes technical compliance tools (MII profile checks, CI reports). No certification promise — technical evidence, not legal advice.
Read the Ferrum & GA4GH white paper — HelixTest conformance checks, GA4GH demo benchmarks, architecture, and how we work.
Regulatory context: EHDS · NIS2 · GDPR & health data
We typically reply within two business days. Repository and licence details are available on request.