Skip to main content
InfraGap.com Logo
Home
Getting Started
Core Concept What is a CDE? How It Works Benefits CDE Assessment Getting Started Guide CDEs for Startups
AI & Automation
AI Coding Assistants Agentic AI AI-Native IDEs Agentic Engineering AI Agent Orchestration AI Governance AI-Assisted Architecture Shift-Left AI LLMOps Autonomous Development AI/ML Workloads GPU Computing
Implementation
Architecture Patterns DevContainers Advanced DevContainers Language Quickstarts IDE Integration CI/CD Integration Platform Engineering Developer Portals Container Registry Multi-CDE Strategies Remote Dev Protocols Nix Environments
Operations
Performance Optimization High Availability & DR Disaster Recovery Monitoring Capacity Planning Multi-Cluster Development Troubleshooting Runbooks Ephemeral Environments
Security
Security Deep Dive Zero Trust Architecture Secrets Management Vulnerability Management Network Security IAM Guide Supply Chain Security Air-Gapped Environments AI Agent Security MicroVM Isolation Compliance Guide Governance
Planning
Pilot Program Design Stakeholder Communication Risk Management Migration Guide Cost Analysis FinOps GreenOps Vendor Evaluation Training Resources Developer Onboarding Team Structure DevEx Metrics Industry Guides
Resources
Tools Comparison CDE vs Alternatives Case Studies Lessons Learned Glossary FAQ
About InfraGap.com Contact Us Search

What is a Cloud Development Environment (CDE)?

Complete guide to remote workspaces, DevContainers, and cloud-based developer environments for enterprise teams

Definition

A Cloud Development Environment (CDE) is a remote workspace that provides developers - and increasingly, autonomous AI agents - with a fully configured environment accessible via VS Code Remote SSH, JetBrains Gateway, or web browsers. Instead of running Docker containers, Kubernetes workloads, and AI/ML models on local laptops, developers connect to cloud-hosted environments with pre-configured tools, dependencies, and compute resources powered by AWS, Azure, GCP, or on-premises Kubernetes clusters.

In 2026, CDEs have expanded beyond human developer workspaces to serve as the primary infrastructure for AI coding agents. Platforms like Coder, Ona (formerly Gitpod), GitHub Codespaces, DevPod, and Daytona now provision isolated, ephemeral environments where autonomous agents can clone repositories, run builds, execute tests, and submit pull requests - all within sandboxed workspaces that enforce security boundaries and provide full audit trails.

Key Characteristics

Cloud-Hosted

Compute resources run in the cloud - AWS, Azure, GCP, or your own data center. Workspaces leverage cloud-grade hardware including GPUs for AI/ML workloads.

Pre-Configured

Environments come with all tools, SDKs, and dependencies pre-installed. Nix-based configurations and DevContainers ensure hermetic, reproducible setups.

Reproducible

Environments are defined as code using devcontainer.json, Nix flakes, or Terraform templates, ensuring consistency across developers and AI agents alike.

Remotely Accessible

Access via local IDE (VS Code Remote SSH, JetBrains Gateway), web browser, or programmatic API. AI agents connect via headless protocols and MCP interfaces.

Isolated

Workspaces run in isolated containers, microVMs (Firecracker, Cloud Hypervisor), or full VMs. MicroVM isolation provides hardware-level security for multi-tenant and AI agent workloads.

Agent-Ready

Modern CDEs serve as infrastructure for autonomous AI agents - providing sandboxed execution, scoped credentials, resource limits, and audit trails for every action.

CDE vs Traditional Development

Traditional (Local)

  • Code cloned to local machine
  • Dependencies installed locally
  • Each dev manages their own setup
  • Works offline
  • Limited by laptop hardware
  • AI agents run on developer machines

Cloud Development Environment

  • Code stays in cloud infrastructure
  • Dependencies pre-installed in template
  • Platform team manages standardization
  • Requires internet connection
  • Scalable cloud resources on demand
  • AI agents run in isolated, auditable sandboxes

Types of CDEs

Container-Based

Workspaces run as Docker containers or Kubernetes pods. Lightweight, fast to spin up, and well-suited for standard development workflows. Most CDEs default to this model.

Examples: Ona, GitHub Codespaces, most Coder templates, DevPod, Daytona

VM-Based

Full virtual machines with complete OS flexibility. More resource-intensive but supports any workload, including GUI applications and Windows development.

Examples: Microsoft Dev Box, some Coder configurations, Google Cloud Workstations

MicroVM-Based

Lightweight virtual machines using Firecracker or Cloud Hypervisor that boot in milliseconds while providing hardware-level isolation. The best of both worlds: container-like speed with VM-level security. Increasingly used for AI agent sandboxing where strong isolation is critical.

Examples: Hocus (Firecracker-based prebuilds), Fly.io Machines, Lambda Cloud

Hybrid

Some platforms let you choose - containers for quick tasks, VMs for specialized needs, microVMs for isolated agent workloads. Terraform-based platforms like Coder excel here by supporting any compute backend.

Examples: Coder (with Terraform), Google Cloud Workstations, Daytona

Environment Configuration Approaches

CDEs rely on declarative configuration to ensure environments are reproducible. The two dominant approaches are DevContainers and Nix-based environments, each with distinct strengths.

DevContainers

The devcontainer.json spec defines containerized environments with IDE extensions, port forwarding, and lifecycle scripts. Supported by VS Code, JetBrains, Zed, GitHub Codespaces, and most CDE platforms.

Best for: Teams already using Docker, broad IDE compatibility

Nix Environments

Nix flakes, Devbox, and Devenv provide hermetic, reproducible environments without containers. Multiple tool versions coexist without conflicts, and environments are byte-for-byte reproducible across machines.

Best for: Reproducibility purists, polyglot projects, layering on top of containers

Terraform Templates

Coder uses Terraform (or OpenTofu) templates to define workspace infrastructure. This enables any compute backend - Kubernetes, Docker, AWS EC2, Azure VMs, GCP instances - with full IaC flexibility.

Best for: Platform teams needing multi-cloud or hybrid infrastructure

Combined Approach

Many teams layer these together - Terraform provisions the infrastructure, DevContainers configure the workspace, and Nix manages specific toolchain versions inside the container for maximum reproducibility.

Best for: Large orgs with diverse teams and strict reproducibility needs

How You Connect: Remote Development Protocols

CDEs rely on remote development protocols to bridge the gap between your local IDE and the cloud workspace where code actually executes.

SSH

The foundation protocol. VS Code Remote SSH and direct terminal access. Works with any CDE that exposes an SSH endpoint.

VS Code Tunnels

Microsoft's proprietary tunneling protocol. Enables browser-based access and NAT traversal without opening firewall ports.

JetBrains Gateway

Split-architecture protocol where the backend runs remotely and the thin client renders locally. Optimized for IntelliJ, PyCharm, GoLand, and other JetBrains IDEs.

Browser IDEs

WebSocket-based IDEs like code-server, OpenVSCode Server, and Eclipse Theia. Zero local install required - just a browser.

Headless / API

AI agents connect via REST APIs, CLI tools, or MCP (Model Context Protocol) interfaces - no IDE needed. The agent interacts with the workspace programmatically.

WireGuard / Tailscale

Encrypted mesh networking for zero-trust CDE access. Replaces traditional VPNs with peer-to-peer connections and identity-based access control.

CDEs as Infrastructure for AI Agents

The Defining CDE Use Case of 2026

Autonomous AI coding agents - like those powered by Claude, GPT, and open-source LLMs - need secure, isolated environments to write code, run builds, and execute tests. CDEs have become the natural infrastructure layer for these agents, providing the same sandboxing, resource governance, and audit capabilities that enterprises already use for human developers.

Sandboxed Execution

Each agent runs in an ephemeral workspace with its own filesystem, network namespace, and resource limits. If the agent goes off-script, blast radius is contained to a single disposable environment.

Scoped Credentials

Agents receive narrowly-scoped, time-limited tokens rather than broad developer credentials. Just-in-time credential injection ensures agents only access what they need for the current task.

Full Audit Trails

Every command executed, file modified, and API called by an agent is logged. CDE platforms provide the observability layer that compliance teams require for autonomous agent operations.

Resource Governance

CPU, memory, disk, and network limits prevent runaway agents from consuming unlimited resources. Auto-stop policies destroy idle agent workspaces, keeping costs under control.

CDE Platform Landscape (2026)

The CDE market has matured significantly. Here are the major platforms and what sets each apart.

Coder

Self-hosted, Terraform-based platform supporting any compute backend. The 2026 Premium tier adds AI agent workspace provisioning and unified governance. Best for enterprises needing full infrastructure control.

Self-Hosted Open Source Core

Ona

Pivoted to an agent-first platform in 2025, Ona provides automated, ephemeral environments optimized for AI agent workflows. Fast workspace prebuilds and a focus on autonomous development use cases.

Agent-First Managed

GitHub Codespaces

Deeply integrated with GitHub repositories. One-click workspace creation, prebuild support, and familiar VS Code experience in the browser. The easiest on-ramp for teams already on GitHub.

Managed GitHub-Native

DevPod

Fully open-source, client-side tool that provisions workspaces on any provider (Docker, Kubernetes, AWS, GCP, Azure). No server required - the developer's machine orchestrates the remote workspace.

Open Source Client-Only

Daytona

Open-source CDE manager with single-command workspace creation. Supports multiple providers and Git platforms. Growing ecosystem with a focus on developer simplicity.

Open Source Self-Hosted
See the full CDE tools comparison with pricing, features, and pros/cons

When Should You Consider a CDE?

Security/compliance requirements (HITRUST, SOC2, FedRAMP)
Complex onboarding taking days instead of hours
"Works on my machine" issues plaguing the team
Resource-intensive workloads (AI, ML, large builds, GPU)
Contractor/vendor access with data residency controls
Standardizing across a large engineering org
Deploying AI coding agents that need sandboxed environments
Running multi-agent orchestration at enterprise scale

Continue Learning

Compare CDE Tools Compliance Guide Agentic AI Guide MicroVM Isolation Nix Environments Assessment Checklist