This documentation outlines Midaz deployment strategies and platform requirements. Prepare your environment, meet the prerequisites, and follow best practices to ensure a secure, reliable, and scalable deployment.

👍

Get to know the architecture first

Before proceeding with the deployment, we recommend reading about Midaz's architecture to better understand its components and how they interact. This will help you make informed decisions about your deployment strategy.

Deployment Strategies

---

Both Community and Enterprise editions require users to set up and manage their infrastructure. We strongly recommend deploying Midaz with Kubernetes using our Helm Charts, especially for Enterprise users who benefit from dedicated support and microservices architecture. However, you’re free to choose other deployment methods that best fit your needs.

Using Kubernetes

We highly recommend deploy Midaz using our Helm Charts, that provides a quick and easy installation process within Kubernetes environments.

When using this approach, you can either integrate Midaz with your existing database and services or deploy the default components we provide out of the box. The Helm chart allows flexibility to fit your infrastructure needs.

To learn how to deploy and configure it, please read the dedicated Deploying using Helm documentation

Self Deployment

If you prefer full control over your deployment, you can set up Midaz manually. The project is already configured to run with Docker, making it easy to get started. However, you're free to deploy it however you see fit—whether using your custom container orchestration, or bare metal servers.

For more details, refer to the Installing Midaz page.

Platform Requirements

---

When deploying with our default Helm chart settings, you are already using the required versions to ensure Midaz meets its high performance and stability requirements.

If you choose to use your own infrastructure (e.g., custom PostgreSQL databases, self-managed RabbitMQ), please note the following minimum supported versions necessary for its proper functionality:

Best Practices

---

Infrastructure Access Management

• Apply least privilege policies for database connections.
• Restrict direct database access, allowing only exception-based interventions with prior authorization.
• Use secure tools like HashiCorp Vault to protect credentials and sensitive data.
• Use specialized tools for secure data visualization.

Redundancy & High Availability

• Configure replication and automatic backups for Midaz and database services.
• Implement load balancers to distribute traffic efficiently between Midaz and Console services.

Network Security

• Deploy VPCs (Virtual Private Clouds) to isolate critical components.
• Use NAT Gateways or proxies for controlled outbound internet access.
• Configure Security Groups to restrict access to necessary ports and IPs only.

Data Persistence & Storage

• Enable database replication across multiple nodes for improved availability and disaster recovery.
• Choose storage solutions with real-time scalability aligned with transaction volume.
• Utilize in-memory databases (Redis) for caching critical queries and managing background messaging flows efficiently.

Observability (O11y)

• Implement observability tools to proactively detect failures in Midaz and the Console.
• Midaz offers native support for logs, traces, and metrics via OpenTelemetry, simplifying troubleshooting and performance monitoring.

Shared Responsibilities

Security and compliance are shared responsibilities between Lerian and the customer. This model lightens the customer’s operational burden while ensuring reliability, security, and performance at every level.

Lerian's Responsibility

• Release Management – Delivers platform updates via Helm Charts, including the Midaz core and Console modules.
• Change Communication – Publishes detailed changelogs with impact assessments.
• Authentication & Authorization – Ensures that only authorized users and applications access services through robust identity management. Exclusive for Entreprise accounts.
• Account Center Administration – Manages the external Account Center, handling entities and permissions across the platform. Exclusive for Entreprise accounts.

Client's Responsibility

• Infrastructure Availability – Maintains the uptime of servers and local infrastructure components.
• Security & Network Management – Configures firewalls and network security measures to protect the environment.
• Data Security – Ensures encryption at rest and prevents unauthorized data exposure.
• Version Updates – Implements Midaz updates as released by Lerian.
• Access Control – Administers user and application access through the Account Center.
• Backup & Recovery – Establishes regular backup processes to ensure data integrity and disaster recovery capabilities.