> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Deployment strategies

> Choose the right deployment strategy for Midaz under BYOC — Kubernetes with Helm, Terraform foundations, and infrastructure prerequisites.

This section covers deployment strategies for running Midaz in your own infrastructure under the **BYOC (Bring Your Own Cloud)** model. If you're using the **SaaS** model, Lerian manages deployment for you — skip ahead to [Getting started](/en/getting-started) to begin configuring your platform.

<Note>
  Not sure which model fits? See [Deployment models](/en/deployment-models) for a full comparison of SaaS and BYOC.
</Note>

Set up your environment, meet the prerequisites, and follow our best practices to ensure a secure, scalable, and reliable setup.

<Tip>
  Before you deploy, check out the [Midaz Architecture Overview](/en/midaz/architecture). Understanding how the components work together will help you make informed decisions during setup.
</Tip>

### Content

In this section, you will find:

* [Midaz Terraform Foundation](/en/midaz/midaz-terraform-foundation): Ready-made Terraform examples for provisioning the cloud infrastructure Midaz runs on — AWS, GCP, or Azure.

For Kubernetes deployment, configuration, and lifecycle management via Helm, see the dedicated [Helm documentation](/en/platform/helm/helm-overview) in the Platform section.

## Deployment strategies

***

You manage the infrastructure in both Midaz modules, Community and Enterprise. We strongly recommend using Kubernetes with our Helm Charts. This approach simplifies deployment and scaling, especially if using the Enterprise edition, which includes support and modular microservices.

That said, you can choose the deployment strategy that fits your needs.

### Deploying with Kubernetes

Our official Helm Charts are the recommended method. They offer a fast and flexible way to install Midaz in a Kubernetes environment.

You can either plug Midaz into your existing databases and services or use the default components provided in the Helm chart. This setup adapts to different infrastructure needs and supports production-grade deployments.

For a step-by-step guide, check the [Deploying using Helm](/en/platform/helm/midaz/midaz-installation) documentation.

### Self-managed deployment

If you prefer full control, you can deploy Midaz manually. The project is already configured to run with Docker, which makes local or small-scale setups straightforward.

You can also adapt it to your own infrastructure, whether you're using a different orchestrator or running directly on virtual machines or bare metal.

For instructions, check the [Installing Midaz](/en/midaz/midaz-setup) page.

## Platform requirements

***

You're already aligned with the required versions using our default Helm configuration. If you're bringing your own infrastructure components, make sure you meet the minimum supported versions:

| Service        | Minimum Supported Version | Notes                                                  |
| :------------- | :------------------------ | :----------------------------------------------------- |
| Kubernetes     | 1.20+                     | 1.30+ recommended                                      |
| Helm CLI       | 3.8+                      | Required for OCI registry                              |
| PostgreSQL     | 16.3                      | Primary database                                       |
| MongoDB        | 8.x                       | Document storage (Helm chart: bitnami/mongodb 16.4.0+) |
| RabbitMQ       | 2.1.11                    | Message broker                                         |
| Valkey         | 2.4.7                     | In-memory cache (Redis fork)                           |
| OTEL Collector | 2.2.1                     | Optional, for observability                            |

These versions are required to guarantee platform stability and performance. For the complete compatibility matrix, see [Version compatibility](/en/platform/helm/helm-version-compatibility).

## Best practices

***

### Access to the infrastructure

* Use **least privilege** policies when connecting to databases.
* Block direct access to databases by default. Only allow it in exceptional cases with approval.
* Store secrets securely using tools like **HashiCorp Vault**.
* Use dedicated tools for safe access to production data.

### Redundancy and high availability

* Enable **replication and backups** for both Midaz and your databases.
* Use **load balancers** to route traffic across services evenly.

### Network security

* Run your services inside **VPCs** to isolate critical components.
* Use **NAT gateways or proxies** for outbound connections.
* Apply **security groups or firewall rules** to restrict access to required ports and IPs.

### Data persistence and storage

* Use **replicated databases** to support high availability and recovery.
* Choose **scalable storage solutions** that match your data growth.
* Use **Valkey** (Redis fork) for caching and background message management.

### Observability

* Integrate tools that monitor logs, traces, and metrics.
* Midaz supports observability through **OpenTelemetry**, making detecting and resolving issues easier.

## Shared responsibilities

***

Running Midaz under the BYOC model is a shared responsibility between Lerian and your team. For a detailed breakdown of who secures what — including how responsibilities differ between BYOC and SaaS — see the [Security](/en/midaz/security) page.

<Tip>
  For actionable guidance on securing your environment before deployment, check the [Security Recommendations](/en/midaz/security-recommendations) documentation.
</Tip>