SaaS — Fully managed by Lerian
In the SaaS model, Lerian hosts and operates the entire platform for you. Your team focuses on building financial products. We handle everything underneath. What Lerian manages:
- Cloud infrastructure (compute, storage, networking)
- Database provisioning, backups, and scaling
- Security patches and OS-level updates
- Application upgrades and version management
- Monitoring, alerting, and incident response
- High availability and disaster recovery
- Business configuration (organizations, ledgers, accounts, rules)
- API integrations with your systems
- User access and permissions within the platform
- Compliance obligations specific to your institution
BYOC — Bring Your Own Cloud
In the BYOC model, you deploy and operate Lerian in your own infrastructure — whether that’s a public cloud (AWS, GCP, Azure), a private cloud, or on-premises. You have full control over the environment. Lerian provides the software, , , and tooling to make deployment and lifecycle management straightforward. What Lerian provides:
- Application software (container images, Helm Charts)
- Terraform templates for infrastructure provisioning
- Lifecycle Management for deployment orchestration and version tracking
- Security patches and application updates (delivered by Lerian, applied by you)
- Technical support (Enterprise)
- Cloud infrastructure and clusters
- Database administration, backups, and scaling
- Network security (firewall rules, network isolation, and traffic routing)
- OS and container-level patching
- Monitoring and observability pipelines
- Encryption, secrets management, and access control
Why Helm for BYOC deployments
Lerian publishes official for every product. Helm is the recommended way to deploy, configure, and manage the platform in your infrastructure. Here’s why it matters:- Reproducibility — Every deployment from the same chart version produces the same result. No “it works on my cluster” surprises across staging, production, or disaster recovery environments.
- Rollback — Helm keeps a history of every release. Rolling back to a previous version is a single command — no need to reconstruct the previous state manually.
- Reduced operational risk — Charts encode all configuration details (environment variables, ports, dependencies), so your team doesn’t have to remember them. Manual deployments are error-prone; Helm deployments are not.
- Faster time to production — Instead of writing Kubernetes manifests from scratch, start with Lerian’s official charts and adjust a single values file. Days of YAML editing become an afternoon of parameter tuning.
- GitOps-ready — Charts integrate naturally with GitOps workflows (ArgoCD, Flux). Deployment configuration lives in version control, changes go through pull requests, and every deployment is traceable to a specific commit.
| Product | What it deploys | Helm documentation |
|---|---|---|
| Midaz | Core ledger engine (Onboarding + Transaction services) | Midaz Helm guide |
| Plugins | Fees Engine, Pix, Pix Indirect, Bank Transfer, CRM | Plugins Helm guide |
| Reporter | Report generation service | Reporter Helm guide |
| Access Manager | Authentication and identity | Access Manager Helm guide |
| Console | Web UI for managing the platform | Console Helm guide |
| Infrastructure | OTEL Collector, Fetcher, Flowker, Tracer, Underwriter | Infrastructure Helm guide |
BYOC variations
Depending on your architecture, BYOC supports two configurations:| Configuration | Description | Best for |
|---|---|---|
| Single-Tenant | One dedicated environment per institution | Large institutions with strict isolation requirements |
| Multi-Tenant | One environment serving multiple subsidiaries or clients | Institutions operating as a platform or managing subsidiaries |
SaaS is operated as a multi-tenant environment managed by Lerian. If you need dedicated, isolated infrastructure, choose BYOC Single-Tenant.
How your deployment model affects API integration
The API surface is identical across all deployment models — same endpoints, same payloads, same responses. The difference is in how authentication and tenant scoping work. SaaS and BYOC Multi-Tenant Your tenant context is established automatically through your authentication token. There is no tenant header to pass and no tenant ID to manage manually.
- You authenticate via Access Manager and receive a JWT.
- That token includes your tenant context.
- Every API call is automatically scoped to your tenant — organizations, ledgers, accounts, and transactions are all isolated.
- You never interact with data from other tenants, and they never interact with yours.
PLUGIN_AUTH_ENABLED environment variable). When disabled, API calls work without a token — this is the default experience in local development and the Getting Started guide.
At a glance
| SaaS | BYOC | |
|---|---|---|
| Who manages infrastructure? | Lerian | Your team |
| Where does data live? | Lerian-managed cloud | Your cloud or on-premises |
| Time to production | Weeks | Depends on your provisioning timeline |
| Operational effort | Low — Lerian handles operations | Higher — your team operates the platform |
| Best for | Teams that want to focus on product, not infrastructure | Organizations with strict data residency or compliance requirements |
Comparing the models
| SaaS | BYOC | |
|---|---|---|
| Infrastructure | Managed by Lerian | Managed by you |
| Data location | Lerian-managed cloud | Your cloud or on-premises |
| Data sovereignty | Data hosted in Lerian-managed cloud infrastructure | Full control — data never leaves your environment |
| Security responsibility | Shared (Lerian manages infra + app) | Shared (you manage infra, Lerian manages app) |
| Time to production | Fast — no infrastructure setup required | Depends on your team’s provisioning timeline |
| Operational overhead | Low — Lerian handles operations | Higher — your team operates the platform |
| Customization | Standard configuration | Full control over infrastructure and networking |
| Compliance | Lerian’s environment meets security standards | You ensure your environment meets your regulatory requirements |
| Updates | Applied by Lerian | Applied by you via Lifecycle Management or Helm |
| Scalability | Managed by Lerian | Managed by you |
Which model is right for you?
Choose SaaS if:
- You want to go live quickly without provisioning infrastructure
- Your team prefers to focus on product and integration, not operations
- You don’t have strict requirements for data to remain in your own environment
- Regulatory or compliance rules require data to stay in your infrastructure
- You need full control over networking, encryption, and access policies
- Your organization has a platform or DevOps team ready to operate Kubernetes workloads
- You want to integrate Lerian into an existing cloud environment with specific architectural constraints
Deployment model and licensing
Lerian’s deployment models (SaaS and BYOC) are independent from the licensing models (Community and Enterprise).
| Community | Enterprise | |
|---|---|---|
| SaaS | Not available | Available |
| BYOC | Available (self-managed) | Available (with Lifecycle Management and support) |
SaaS requires Lerian to manage infrastructure, operations, and lifecycle on your behalf — capabilities that are part of the Enterprise offering. That’s why SaaS is not available under the Community model.
- Community + BYOC: You deploy and manage everything yourself using the source-available Helm Charts and documentation. Community support via GitHub and Discord.
- Enterprise + BYOC: Full BYOC with Lifecycle Management, dedicated support, SLA, onboarding, and access to plugins.
- Enterprise + SaaS: Lerian manages everything. You get the full platform without infrastructure responsibilities.
What’s next
Community and Enterprise
Understand the licensing differences and what’s included in each model.
Getting started
Follow the step-by-step guide to set up your first Ledger and run transactions.
Security
Learn how the shared responsibility model works for each deployment option.
Deployment strategies
Explore Kubernetes, Helm, and Terraform options for BYOC deployments.