Skip to content

Appcircle Hosting Options

This page explains Appcircle hosting models and how they differ in responsibility, identity and directory integration (SSO/LDAP/AD), and deployment / release cadence.

Summary

  • SaaS (Appcircle Cloud – Multi-Tenant): Appcircle-operated shared platform with logical tenant isolation.
  • Single Tenant (Dedicated GCP): Customer-dedicated environment in Appcircle’s Google Cloud, operated by Appcircle, with an independent release cadence.
  • Self-Hosted (On-Prem / Private Cloud): Installed in the customer’s environment; operations and upgrades are primarily customer-owned.

Terminology

  • Soft tenancy: Tenants share underlying infrastructure (for example, a shared cluster). Isolation is primarily enforced at the application and configuration layer (logical isolation).
  • Hard tenancy: Tenant isolation is enforced with dedicated or strongly isolated boundaries, aiming to minimize cross-tenant impact at the infrastructure layer.
  • SaaS: Appcircle-operated cloud service. Multiple organizations share the platform (typically soft tenancy). Platform operations, upgrades, and observability are handled by Appcircle.
  • Single Tenant: A customer-dedicated tenant running in Appcircle’s Google Cloud (GCP) environment. Appcircle operates and maintains the platform. Key difference: deployment and release cadence is independent from SaaS.
  • Self-Hosted: Appcircle runs in the customer’s environment (on-premises or customer cloud account). The customer is primarily responsible for infrastructure, operations, upgrades, observability, backup/DR, and network controls.
  • Private Cloud: A Self-Hosted deployment in the customer’s own cloud account (for example, AWS or Azure). “Private cloud” here means customer-owned cloud account, not SaaS.

Important

“Private Cloud” is not a separate hosting model. It is a Self-Hosted deployment where the infrastructure is in the customer’s cloud account.


SaaS (Appcircle Cloud – Multi-Tenant)

Overview

The default Appcircle cloud service. Multiple organizations are served on a shared platform (multi-tenant / soft tenancy).

Release and upgrades

  • Cadence: Shared SaaS cycle (Appcircle-managed)
  • Version level: Kept on the latest GA (generally available) version
  • Security fixes: Delivered by Appcircle as part of the SaaS release process

Identity

  • SSO: Supported
  • Local accounts (username/password): Supported (can be restricted by policy)
  • LDAP / AD: Unsupported

Responsibilities

  • Operate the platform: Appcircle
  • Apply upgrades: Appcircle
  • Logging & monitoring: Appcircle-managed

When to choose

  • Fastest time-to-value with the lowest operational effort
  • Standardized, Appcircle-managed release cadence

Single Tenant (Dedicated GCP)

Overview

A customer-dedicated tenant (typically hard tenancy) running in Appcircle’s own GCP. Appcircle operates the environment.

Deployment variants

Single Tenant can be delivered in two deployment variants depending on cost, scalability, and operational requirements.

Variant A: All-in-one VM (single VM stack)

  • Appcircle application components and dependencies (including PostgreSQL and MongoDB) run inside the same VM.
  • Logs and operational data are stored on the VM unless additionally forwarded.
  • Typically simpler to provision; scaling is often vertical (bigger VM) and resiliency depends on the VM design.

Variant B: GCP-managed services (hybrid managed stack)

  • Appcircle application components run on compute, while core dependencies are provided using managed cloud services.

  • Common examples:

  • PostgreSQL: managed database service

  • Object storage / CDN: managed storage and delivery services
  • MongoDB: customer-approved approach (for example, managed offering or customer-managed deployment)

  • Improves resilience and scaling options; operational responsibilities for those components shift toward managed services.

  • Logs can integrate with centralized cloud logging/monitoring and optionally be forwarded to the customer’s SIEM.

Note

Both variants remain Single Tenant (Dedicated GCP):

- Appcircle operates the tenant.
- The **release cadence remains independent from SaaS**.

Release and upgrades

  • Cadence: Tenant-specific and can be scheduled on-demand (including out-of-band security patches when required)
  • Version level: Customer-coordinated (not tied to SaaS timing)
  • Security fixes: Delivered by Appcircle as part of the tenant-specific release plan (and out-of-band when needed)

Identity

  • SSO: Supported
  • Local accounts (username/password): Optional (can be restricted/disabled by policy)
  • LDAP / AD: Supported depending on the chosen identity architecture (commonly via IdP/SSO or directory integration)

Responsibilities

  • Operate the platform: Appcircle
  • Apply upgrades: Appcircle (tenant-specific schedule)
  • Logging & monitoring: Appcircle-managed + optional forwarding to customer systems (for example, SIEM)

When to choose

  • Dedicated tenant isolation while keeping operations with Appcircle
  • Compliance/regulatory needs requiring separation from other customers
  • Upgrade windows and release cadence must be independent from SaaS

Self-Hosted (Customer-Managed)

Self-Hosted runs Appcircle in the customer’s environment (on-premises or customer cloud account).

Release and upgrades

  • Cadence: Customer-controlled
  • Version level: Customer-selected (aligned with Appcircle guidance and supported versions)
  • Security fixes: Provided by Appcircle; applied by the customer based on their change management process

Identity

  • SSO: Supported with the customer’s IdP
  • Local accounts (username/password): Optional (defined by customer policy)
  • LDAP / AD: Typically integrated through the customer’s IdP/SSO or directory services

Installation methods

Linux Package (Docker / Podman, single-node)

  • Model: Container-based deployment on a single Linux server (Docker or Podman).
  • Use case: Quick setup/PoC or smaller deployments; production resilience depends on customer design.

Helm Chart (Kubernetes / OpenShift)

  • Model: Helm-based installation on Kubernetes/OpenShift.
  • Use case: Enterprise scale, standardized operations, scaling/HA patterns.

Private Cloud (AWS / Azure) — Self-Hosted variant

“Private Cloud” here refers to Self-Hosted installed in the customer’s own cloud account.

Operations and responsibilities (baseline)

  • Infrastructure owner: Customer (on-premises or customer cloud account)
  • Platform operations: Customer (with Appcircle guidance)
  • Network / DNS / TLS: Customer
  • Upgrades: Customer
  • Observability: Customer (logging/monitoring/SIEM)
  • Backup / DR: Customer (policy and tooling)

When to choose

  • Full data sovereignty and infrastructure control
  • Deep integration with corporate network/security standards
  • Regulatory requirements for running in the customer environment

Deployment models comparison

Category SaaS (Appcircle Cloud) Single Tenant (Dedicated GCP) Self-Hosted / Private Cloud
Where it runs Appcircle-operated cloud platform Appcircle’s GCP (customer-dedicated tenant) Customer environment (on-prem or customer cloud account)
Tenancy / isolation Soft tenancy (multi-tenant) Typically hard tenancy (dedicated tenant) Dedicated to the customer by definition
Release and upgrades Cadence: Shared SaaS cycle (Appcircle-managed)
Version level: Latest GA
Security fixes: Delivered by Appcircle
Cadence: Tenant-specific, can be scheduled on-demand
Version level: Customer-coordinated (not tied to SaaS timing)
Security fixes: Out-of-band when required
Cadence: Customer-controlled
Version level: Customer-selected (within supported versions)
Security fixes: Provided by Appcircle, applied by customer
Identity SSO: Supported
Local accounts: Supported (policy-driven)
LDAP/AD: Unsupported
SSO: Supported
Local accounts: Optional (policy-driven)
LDAP/AD: Supported
SSO: Supported (customer IdP)
Local accounts: Optional (policy-driven)
LDAP/AD: Supported
Responsibilities Operate the platform: Appcircle
Apply upgrades: Appcircle
Logging & monitoring: Appcircle-managed
Operate the platform: Appcircle
Apply upgrades: Appcircle (tenant-specific schedule)
Logging & monitoring: Appcircle-managed + optional forwarding
Operate the platform: Customer
Apply upgrades: Customer
Logging & monitoring: Customer-managed
Infrastructure owner Appcircle Appcircle Customer
Network controls Appcircle-managed baseline controls Tenant-specific policies possible Customer-managed network/security policies
Data residency / sovereignty Appcircle cloud Dedicated tenant in Appcircle GCP Full customer control (customer environment)
Scalability Appcircle-managed Dedicated scaling (VM-only or managed services) Depends on customer design (K8s/HA patterns optional)
Backup / DR Appcircle-managed Appcircle-managed (tenant-specific) Customer-managed
Best fit Fastest start, lowest ops effort Dedicated isolation + Appcircle operations Maximum control, regulatory/on-prem requirements

References