From cloud to on-prem — we've got you covered
Run in the cloud, deploy on-prem, or operate fully air-gapped. Every deployment secures services, AI workloads, inference systems, and MCP servers using the same cryptographic identity controls. Contact our team to discuss options and pricing.
Flexible deployment options
Smallstep has three common deployment styles: SaaS, Hybrid, and Run Anywhere. Your style will depend on your organization’s resources, compliance requirements, threat model, and need for customization. And no matter how you deploy Smallstep, we can offer standard or Enterprise-grade customer support.
| SaaS | Hybrid (Step CA Pro) | Run Anywhere | |
|---|---|---|---|
Cost | $ | $$ | $$$+ |
Installation | No installation required | You install the CA on your hardware or cloud (single binary) | You install the full platform on your bespoke infrastructure (Kubernetes or VM) |
Customer-managed infrastructure | None | CA only | Full device identity platform |
Updates | Automatic, rolling updates by Smallstep | Periodic updates of the single binary, requiring manual intervention | Periodic updates of Kubernetes pods or VM appliance, requiring manual intervention |
Scalability | Our infrastructure scales with you | Additional scaling costs and effort | Additional scaling costs and effort |
Data residency | Data is stored with Smallstep | Your CA can be standalone or linked to Smallstep’s cloud | Complete ownership and control of all sensitive data simplifies compliance story |
Key protection | FIPS 140-2 HSM with hardware protection | Customer KMS | Customer KMS |
Key residency | Smallstep-managed (optional: customer-owned keys with HSM attestation verification) | Customer-managed | Customer-managed |
Integrations | API, webhooks, certificate templates, and other configuration options | API, webhooks, certificate templates, and other configuration options | Tailored configuration and design to integrate deeply with existing infrastructure, or to meet specific organizational needs |
Operational overhead | Fully managed by Smallstep | Requires dedicated IT resources for setup, maintenance, and day-to-day management | Requires dedicated IT resources for setup, maintenance, and day-to-day management |
High availability | Highly available (99.9%) from day one | Can be deployed in a HA setup | Can be deployed in a HA setup |
Compliance | SOC2 | SOC2 | Optional FedRamp |
Scroll to the right to see more →
Leading the industry in Zero Trust for devices
Empower your teams to work at the pace and scale of modern engineering.