Deployment Options#
Lens Agents supports three deployment models. All provide the same platform capabilities, governance, and audit trail. The difference is who manages the infrastructure and where data resides.
SaaS (Lens-hosted)#
Lens manages the infrastructure. You sign up, connect your systems, and start running agents.
| Aspect | Detail |
|---|---|
| Infrastructure | Managed by Lens |
| Data residency | Lens-hosted regions |
| Updates | Automatic, continuous delivery |
| Certifications | Operated under Mirantis's SOC 2 Type 1 (Lens K8S IDE) and ISO 27001 control framework; Lens Agents-specific attestation scope shared under NDA during evaluation |
| Best for | Teams that want to start fast without infrastructure overhead |
What's included: platform hosting, database, sandbox execution, LLM proxy, audit storage, monitoring, backups, and upgrades.
What you provide: your infrastructure connections (Kubernetes clusters, AWS accounts, GitHub), your policies, your agents.
Self-hosted#
You deploy Lens Agents on your own infrastructure. Full control over compute, storage, networking, and data residency.
| Aspect | Detail |
|---|---|
| Infrastructure | Managed by you |
| Data residency | Your cloud, your region, your premises |
| Updates | You control the upgrade schedule |
| Certifications | You inherit the platform's security architecture; certification is your responsibility |
| Best for | Regulated industries, air-gapped environments, strict data residency requirements |
Self-hosted deployments run the same platform code as SaaS. No features are removed or degraded.
Cloud marketplace#
Deploy Lens Agents through AWS Marketplace or Azure Marketplace. Billing flows through your existing cloud agreement.
| Aspect | Detail |
|---|---|
| Infrastructure | Your cloud account, marketplace-managed deployment |
| Data residency | Your cloud account and region |
| Updates | Marketplace release channel |
| Billing | Through your AWS or Azure agreement (EDP/MACC drawdown eligible) |
| Best for | Enterprises with committed cloud spend or procurement requirements |
Available marketplaces#
- AWS Marketplace -- deploy in your AWS account, use existing EDP commitments
- Azure Marketplace -- deploy in your Azure tenant, use existing MACC commitments
Capabilities across deployment models#
All three options provide identical platform capabilities:
| Capability | SaaS | Self-hosted | Marketplace |
|---|---|---|---|
| Sandbox isolation | Yes | Yes | Yes |
| Policy engine | Yes | Yes | Yes |
| Credential injection | Yes | Yes | Yes |
| Audit trail (7 surfaces) | Yes | Yes | Yes |
| Spending controls | Yes | Yes | Yes |
| Kubernetes connectivity | Yes | Yes | Yes |
| AWS connectivity | Yes | Yes | Yes |
| GitHub connectivity | Yes | Yes | Yes |
| MCP server registry | Yes | Yes | Yes |
| Desktop AI tool support | Yes | Yes | Yes |
| External agent support | Yes | Yes | Yes |
| Managed agents | Yes | Yes | Yes |
| SSO / OIDC | Yes | Yes | Yes |
| Slack integration | Yes | Yes | Yes |
Choosing a Deployment Model#
| Consideration | SaaS | Self-hosted | Marketplace |
|---|---|---|---|
| Time to first agent | Minutes | Days (infrastructure setup) | Hours |
| Infrastructure management | None | Full responsibility | Minimal |
| Data residency control | Limited to hosted regions | Complete | Your cloud region |
| Regulatory requirements | Inherits Mirantis SOC 2 / ISO 27001 control framework | Required for air-gapped or specific compliance | Cloud-native compliance |
| Procurement | Direct | Direct | Through cloud agreement |
| Cost model | Subscription | License + your infrastructure | Marketplace billing |
Data residency#
Your deployment choice determines where data lives:
- SaaS: data resides in Lens-hosted infrastructure. No data is sent to Lens beyond what the platform requires to operate.
- Self-hosted: all data stays on your infrastructure. Nothing leaves your environment.
- Marketplace: data resides in your cloud account in the region you select.
For all deployment models, agent connections to enterprise systems (Kubernetes, AWS, GitHub) go directly from the sandbox to your systems. The platform does not relay or store the data flowing through those connections beyond audit metadata.
See Data Sovereignty for details.
Self-Hosted Deployment Guide#
Self-hosted deployment documentation — including architecture requirements, infrastructure sizing, configuration, and operational procedures — is provided during Enterprise onboarding. The platform consists of:
- Web application — dashboard and API server
- Agent runtime — managed agent execution and heartbeat scheduling
- Database — PostgreSQL for platform state, agent data, and audit trail
- Sandbox infrastructure — container runtime for agent isolation
Contact your account team for the deployment guide, Helm charts, and infrastructure requirements for your scale.
Related#
- Data sovereignty -- data residency and GDPR
- Compliance -- certifications and security practices
- Security whitepaper -- full security architecture
- SSO -- identity provider configuration