Appcircle Hosting Options¶
This page explains Appcircle hosting models and how they differ in responsibility, identity and directory integration (SSO/LDAP/AD), and deployment / release cadence.
Summary¶
- SaaS (Appcircle Cloud – Multi-Tenant): Appcircle-operated shared platform with logical tenant isolation.
- Single Tenant (Dedicated GCP): Customer-dedicated environment in Appcircle’s Google Cloud, operated by Appcircle, with an independent release cadence.
- Self-Hosted (On-Prem / Private Cloud): Installed in the customer’s environment; operations and upgrades are primarily customer-owned.
Terminology¶
- Soft tenancy: Tenants share underlying infrastructure (for example, a shared cluster). Isolation is primarily enforced at the application and configuration layer (logical isolation).
- Hard tenancy: Tenant isolation is enforced with dedicated or strongly isolated boundaries, aiming to minimize cross-tenant impact at the infrastructure layer.
- SaaS: Appcircle-operated cloud service. Multiple organizations share the platform (typically soft tenancy). Platform operations, upgrades, and observability are handled by Appcircle.
- Single Tenant: A customer-dedicated tenant running in Appcircle’s Google Cloud (GCP) environment. Appcircle operates and maintains the platform. Key difference: deployment and release cadence is independent from SaaS.
- Self-Hosted: Appcircle runs in the customer’s environment (on-premises or customer cloud account). The customer is primarily responsible for infrastructure, operations, upgrades, observability, backup/DR, and network controls.
- Private Cloud: A Self-Hosted deployment in the customer’s own cloud account (for example, AWS or Azure). “Private cloud” here means customer-owned cloud account, not SaaS.
Important
“Private Cloud” is not a separate hosting model. It is a Self-Hosted deployment where the infrastructure is in the customer’s cloud account.
SaaS (Appcircle Cloud – Multi-Tenant)¶
Overview¶
The default Appcircle cloud service. Multiple organizations are served on a shared platform (multi-tenant / soft tenancy).
Release and upgrades¶
- Cadence: Shared SaaS cycle (Appcircle-managed)
- Version level: Kept on the latest GA (generally available) version
- Security fixes: Delivered by Appcircle as part of the SaaS release process
Identity¶
- SSO: Supported
- Local accounts (username/password): Supported (can be restricted by policy)
- LDAP / AD: Unsupported
Responsibilities¶
- Operate the platform: Appcircle
- Apply upgrades: Appcircle
- Logging & monitoring: Appcircle-managed
When to choose¶
- Fastest time-to-value with the lowest operational effort
- Standardized, Appcircle-managed release cadence
Single Tenant (Dedicated GCP)¶
Overview¶
A customer-dedicated tenant (typically hard tenancy) running in Appcircle’s own GCP. Appcircle operates the environment.
Deployment variants¶
Single Tenant can be delivered in two deployment variants depending on cost, scalability, and operational requirements.
Variant A: All-in-one VM (single VM stack)¶
- Appcircle application components and dependencies (including PostgreSQL and MongoDB) run inside the same VM.
- Logs and operational data are stored on the VM unless additionally forwarded.
- Typically simpler to provision; scaling is often vertical (bigger VM) and resiliency depends on the VM design.
Variant B: GCP-managed services (hybrid managed stack)¶
-
Appcircle application components run on compute, while core dependencies are provided using managed cloud services.
-
Common examples:
-
PostgreSQL: managed database service
- Object storage / CDN: managed storage and delivery services
-
MongoDB: customer-approved approach (for example, managed offering or customer-managed deployment)
-
Improves resilience and scaling options; operational responsibilities for those components shift toward managed services.
-
Logs can integrate with centralized cloud logging/monitoring and optionally be forwarded to the customer’s SIEM.
Note
Both variants remain Single Tenant (Dedicated GCP):
- Appcircle operates the tenant.
- The **release cadence remains independent from SaaS**.
Release and upgrades¶
- Cadence: Tenant-specific and can be scheduled on-demand (including out-of-band security patches when required)
- Version level: Customer-coordinated (not tied to SaaS timing)
- Security fixes: Delivered by Appcircle as part of the tenant-specific release plan (and out-of-band when needed)
Identity¶
- SSO: Supported
- Local accounts (username/password): Optional (can be restricted/disabled by policy)
- LDAP / AD: Supported depending on the chosen identity architecture (commonly via IdP/SSO or directory integration)
Responsibilities¶
- Operate the platform: Appcircle
- Apply upgrades: Appcircle (tenant-specific schedule)
- Logging & monitoring: Appcircle-managed + optional forwarding to customer systems (for example, SIEM)
When to choose¶
- Dedicated tenant isolation while keeping operations with Appcircle
- Compliance/regulatory needs requiring separation from other customers
- Upgrade windows and release cadence must be independent from SaaS
Self-Hosted (Customer-Managed)¶
Self-Hosted runs Appcircle in the customer’s environment (on-premises or customer cloud account).
Release and upgrades¶
- Cadence: Customer-controlled
- Version level: Customer-selected (aligned with Appcircle guidance and supported versions)
- Security fixes: Provided by Appcircle; applied by the customer based on their change management process
Identity¶
- SSO: Supported with the customer’s IdP
- Local accounts (username/password): Optional (defined by customer policy)
- LDAP / AD: Typically integrated through the customer’s IdP/SSO or directory services
Installation methods¶
Linux Package (Docker / Podman, single-node)¶
- Model: Container-based deployment on a single Linux server (Docker or Podman).
- Use case: Quick setup/PoC or smaller deployments; production resilience depends on customer design.
Helm Chart (Kubernetes / OpenShift)¶
- Model: Helm-based installation on Kubernetes/OpenShift.
- Use case: Enterprise scale, standardized operations, scaling/HA patterns.
Private Cloud (AWS / Azure) — Self-Hosted variant¶
“Private Cloud” here refers to Self-Hosted installed in the customer’s own cloud account.
-
AWS (EC2 via AMI): https://docs.appcircle.io/self-hosted-appcircle/install-server/linux-package/installation/cloud-providers/aws
-
Azure (VM Image / Marketplace): https://docs.appcircle.io/self-hosted-appcircle/install-server/linux-package/installation/cloud-providers/azure
Operations and responsibilities (baseline)¶
- Infrastructure owner: Customer (on-premises or customer cloud account)
- Platform operations: Customer (with Appcircle guidance)
- Network / DNS / TLS: Customer
- Upgrades: Customer
- Observability: Customer (logging/monitoring/SIEM)
- Backup / DR: Customer (policy and tooling)
When to choose¶
- Full data sovereignty and infrastructure control
- Deep integration with corporate network/security standards
- Regulatory requirements for running in the customer environment
Deployment models comparison¶
| Category | SaaS (Appcircle Cloud) | Single Tenant (Dedicated GCP) | Self-Hosted / Private Cloud |
|---|---|---|---|
| Where it runs | Appcircle-operated cloud platform | Appcircle’s GCP (customer-dedicated tenant) | Customer environment (on-prem or customer cloud account) |
| Tenancy / isolation | Soft tenancy (multi-tenant) | Typically hard tenancy (dedicated tenant) | Dedicated to the customer by definition |
| Release and upgrades | Cadence: Shared SaaS cycle (Appcircle-managed) Version level: Latest GA Security fixes: Delivered by Appcircle |
Cadence: Tenant-specific, can be scheduled on-demand Version level: Customer-coordinated (not tied to SaaS timing) Security fixes: Out-of-band when required |
Cadence: Customer-controlled Version level: Customer-selected (within supported versions) Security fixes: Provided by Appcircle, applied by customer |
| Identity | SSO: Supported Local accounts: Supported (policy-driven) LDAP/AD: Unsupported |
SSO: Supported Local accounts: Optional (policy-driven) LDAP/AD: Supported |
SSO: Supported (customer IdP) Local accounts: Optional (policy-driven) LDAP/AD: Supported |
| Responsibilities | Operate the platform: Appcircle Apply upgrades: Appcircle Logging & monitoring: Appcircle-managed |
Operate the platform: Appcircle Apply upgrades: Appcircle (tenant-specific schedule) Logging & monitoring: Appcircle-managed + optional forwarding |
Operate the platform: Customer Apply upgrades: Customer Logging & monitoring: Customer-managed |
| Infrastructure owner | Appcircle | Appcircle | Customer |
| Network controls | Appcircle-managed baseline controls | Tenant-specific policies possible | Customer-managed network/security policies |
| Data residency / sovereignty | Appcircle cloud | Dedicated tenant in Appcircle GCP | Full customer control (customer environment) |
| Scalability | Appcircle-managed | Dedicated scaling (VM-only or managed services) | Depends on customer design (K8s/HA patterns optional) |
| Backup / DR | Appcircle-managed | Appcircle-managed (tenant-specific) | Customer-managed |
| Best fit | Fastest start, lowest ops effort | Dedicated isolation + Appcircle operations | Maximum control, regulatory/on-prem requirements |
References¶
- Self-Hosted overview: https://docs.appcircle.io/self-hosted-appcircle
- Linux Package (Docker/Podman): https://docs.appcircle.io/self-hosted-appcircle/install-server/linux-package
- Helm Chart (Kubernetes/OpenShift): https://docs.appcircle.io/self-hosted-appcircle/install-server/helm-chart
- AWS (Self-Hosted Private Cloud): https://docs.appcircle.io/self-hosted-appcircle/install-server/linux-package/installation/cloud-providers/aws
- Azure (Self-Hosted Private Cloud): https://docs.appcircle.io/self-hosted-appcircle/install-server/linux-package/installation/cloud-providers/azure