> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.
# SaaS and BYOC
> Understand how Lerian can be deployed: fully managed (SaaS) or in your own infrastructure (BYOC).
export const GKubernetes = ({children}) =>
{children}
;
export const GTerraform = ({children}) =>
{children}
;
export const GHelmChart = ({children}) =>
{children}
;
Lerian supports two deployment models: **SaaS** and **BYOC** (Bring Your Own Cloud). Both give you access to the full product portfolio — the difference is who operates the infrastructure.
Choose the model that fits your operational maturity, compliance requirements, and team structure. You can also combine models across products if needed.
## SaaS — Fully managed by Lerian
***
In the SaaS model, Lerian hosts and operates the entire platform for you. Your team focuses on building financial products. We handle everything underneath.
**What Lerian manages:**
* Cloud infrastructure (compute, storage, networking)
* Database provisioning, backups, and scaling
* Security patches and OS-level updates
* Application upgrades and version management
* Monitoring, alerting, and incident response
* High availability and disaster recovery
**What you manage:**
* Business configuration (organizations, ledgers, accounts, rules)
* API integrations with your systems
* User access and permissions within the platform
* Compliance obligations specific to your institution
SaaS is ideal if you want the fastest path to production without building or maintaining infrastructure. You get the full platform with enterprise-grade operations from day one.
## BYOC — Bring Your Own Cloud
***
In the BYOC model, you deploy and operate Lerian in your own infrastructure — whether that's a public cloud (AWS, GCP, Azure), a private cloud, or on-premises.
You have full control over the environment. Lerian provides the software, Helm Charts, Terraform templates, and tooling to make deployment and lifecycle management straightforward.
**What Lerian provides:**
* Application software (container images, Helm Charts)
* [Terraform templates](/en/midaz/midaz-terraform-foundation) for infrastructure provisioning
* [Lifecycle Management](/en/platform/lifecycle-management) for deployment orchestration and version tracking
* Security patches and application updates (delivered by Lerian, applied by you)
* Technical support (Enterprise)
**What you manage:**
* Cloud infrastructure and Kubernetes clusters
* Database administration, backups, and scaling
* Network security (firewall rules, network isolation, and traffic routing)
* OS and container-level patching
* Monitoring and observability pipelines
* Encryption, secrets management, and access control
BYOC is ideal if your organization requires full data sovereignty, has strict regulatory constraints on where data lives, or has an established platform engineering team.
### Why Helm for BYOC deployments
Lerian publishes official Helm charts for every product. Helm is the recommended way to deploy, configure, and manage the platform in your infrastructure. Here's why it matters:
* **Reproducibility** — Every deployment from the same chart version produces the same result. No "it works on my cluster" surprises across staging, production, or disaster recovery environments.
* **Rollback** — Helm keeps a history of every release. Rolling back to a previous version is a single command — no need to reconstruct the previous state manually.
* **Reduced operational risk** — Charts encode all configuration details (environment variables, ports, dependencies), so your team doesn't have to remember them. Manual deployments are error-prone; Helm deployments are not.
* **Faster time to production** — Instead of writing Kubernetes manifests from scratch, start with Lerian's official charts and adjust a single values file. Days of YAML editing become an afternoon of parameter tuning.
* **GitOps-ready** — Charts integrate naturally with GitOps workflows (ArgoCD, Flux). Deployment configuration lives in version control, changes go through pull requests, and every deployment is traceable to a specific commit.
| Product | What it deploys | Helm documentation |
| :----------------- | :----------------------------------------------------- | :-------------------------------------------------------------------------------- |
| **Midaz** | Core ledger engine (Onboarding + Transaction services) | [Midaz Helm guide](/en/platform/helm/midaz/midaz-helm-overview) |
| **Plugins** | Fees Engine, Pix, Pix Indirect, Bank Transfer, CRM | [Plugins Helm guide](/en/platform/helm/plugins/plugins-helm-overview) |
| **Reporter** | Report generation service | [Reporter Helm guide](/en/platform/helm/reporter/reporter-helm) |
| **Access Manager** | Authentication and identity | [Access Manager Helm guide](/en/platform/helm/access-manager/access-manager-helm) |
| **Console** | Web UI for managing the platform | [Console Helm guide](/en/platform/helm/console/console-helm) |
| **Infrastructure** | OTEL Collector, Fetcher, Flowker, Tracer, Underwriter | [Infrastructure Helm guide](/en/platform/helm/infrastructure/infrastructure-helm) |
For the full version compatibility matrix, see [Version compatibility](/en/platform/helm/helm-version-compatibility). For step-by-step installation instructions, start with the [Helm overview](/en/platform/helm/helm-overview) in the Platform section.
### BYOC variations
Depending on your architecture, BYOC supports two configurations:
| Configuration | Description | Best for |
| :---------------- | :------------------------------------------------------- | :------------------------------------------------------------ |
| **Single-Tenant** | One dedicated environment per institution | Large institutions with strict isolation requirements |
| **Multi-Tenant** | One environment serving multiple subsidiaries or clients | Institutions operating as a platform or managing subsidiaries |
SaaS is operated as a multi-tenant environment managed by Lerian. If you need dedicated, isolated infrastructure, choose BYOC Single-Tenant.
## How your deployment model affects API integration
***
The API surface is identical across all deployment models — same endpoints, same payloads, same responses. The difference is in how authentication and tenant scoping work.
**SaaS and BYOC Multi-Tenant**
Your tenant context is established automatically through your authentication token. There is no tenant header to pass and no tenant ID to manage manually.
* You authenticate via [Access Manager](/en/platform/access-manager/access-manager) and receive a JWT.
* That token includes your tenant context.
* Every API call is automatically scoped to your tenant — organizations, ledgers, accounts, and transactions are all isolated.
* You never interact with data from other tenants, and they never interact with yours.
**BYOC Single-Tenant**
Authentication is optional (controlled by the `PLUGIN_AUTH_ENABLED` environment variable). When disabled, API calls work without a token — this is the default experience in local development and the [Getting Started](/en/getting-started) guide.
For a deeper look at how tenant isolation works, see [Multi-tenancy](/en/multi-tenancy).
## At a glance
***
| | **SaaS** | **BYOC** |
| :------------------------------ | :------------------------------------------------------ | :------------------------------------------------------------------ |
| **Who manages infrastructure?** | Lerian | Your team |
| **Where does data live?** | Lerian-managed cloud | Your cloud or on-premises |
| **Time to production** | Weeks | Depends on your provisioning timeline |
| **Operational effort** | Low — Lerian handles operations | Higher — your team operates the platform |
| **Best for** | Teams that want to focus on product, not infrastructure | Organizations with strict data residency or compliance requirements |
Not sure which model fits? Jump to ["Which model is right for you?"](#which-model-is-right-for-you) below.
## Comparing the models
***
| | **SaaS** | **BYOC** |
| :-------------------------- | :------------------------------------------------- | :------------------------------------------------------------- |
| **Infrastructure** | Managed by Lerian | Managed by you |
| **Data location** | Lerian-managed cloud | Your cloud or on-premises |
| **Data sovereignty** | Data hosted in Lerian-managed cloud infrastructure | Full control — data never leaves your environment |
| **Security responsibility** | Shared (Lerian manages infra + app) | Shared (you manage infra, Lerian manages app) |
| **Time to production** | Fast — no infrastructure setup required | Depends on your team's provisioning timeline |
| **Operational overhead** | Low — Lerian handles operations | Higher — your team operates the platform |
| **Customization** | Standard configuration | Full control over infrastructure and networking |
| **Compliance** | Lerian's environment meets security standards | You ensure your environment meets your regulatory requirements |
| **Updates** | Applied by Lerian | Applied by you via Lifecycle Management or Helm |
| **Scalability** | Managed by Lerian | Managed by you |
## Which model is right for you?
***
**Choose SaaS if:**
* You want to go live quickly without provisioning infrastructure
* Your team prefers to focus on product and integration, not operations
* You don't have strict requirements for data to remain in your own environment
**Choose BYOC if:**
* Regulatory or compliance rules require data to stay in your infrastructure
* You need full control over networking, encryption, and access policies
* Your organization has a platform or DevOps team ready to operate Kubernetes workloads
* You want to integrate Lerian into an existing cloud environment with specific architectural constraints
## Deployment model and licensing
***
Lerian's deployment models (SaaS and BYOC) are independent from the licensing models ([Community and Enterprise](/en/midaz/midaz-models)).
| | **Community** | **Enterprise** |
| :------- | :----------------------- | :------------------------------------------------ |
| **SaaS** | Not available | Available |
| **BYOC** | Available (self-managed) | Available (with Lifecycle Management and support) |
SaaS requires Lerian to manage infrastructure, operations, and lifecycle on your behalf — capabilities that are part of the Enterprise offering. That's why SaaS is not available under the Community model.
* **Community + BYOC**: You deploy and manage everything yourself using the source-available Helm Charts and documentation. Community support via GitHub and Discord.
* **Enterprise + BYOC**: Full BYOC with Lifecycle Management, dedicated support, SLA, onboarding, and access to plugins.
* **Enterprise + SaaS**: Lerian manages everything. You get the full platform without infrastructure responsibilities.
## What's next
***
Understand the licensing differences and what's included in each model.
Follow the step-by-step guide to set up your first Ledger and run transactions.
Learn how the shared responsibility model works for each deployment option.
Explore Kubernetes, Helm, and Terraform options for BYOC deployments.