Skip to main content

Enterprise Deployment

For organizations that need MCP gateway enforcement within their own network boundary, Permit offers two enterprise deployment models — from running the gateway and PDP locally while using Permit.io as the cloud control plane, to a fully on-premises deployment where the entire stack — including the control plane — runs in your environment with no external dependencies.

Getting Started

Enterprise deployment is available on Enterprise plans. The hosted gateway is the recommended starting point for evaluation — you can migrate to customer-controlled deployment at any time without losing policies, users, or audit history.

Why Deploy On-Premises

Data Residency and Compliance

In the hosted deployment, MCP traffic — including tool call parameters and upstream server responses — flows through Permit's managed infrastructure. For many organizations this is acceptable, but some requirements demand more:

  • Regulated industries — healthcare (HIPAA), financial services (SOX, PCI-DSS), and government (FedRAMP) environments where data must not leave approved network boundaries
  • Data residency laws — GDPR, data sovereignty regulations, or contractual obligations that restrict where data can be processed
  • Internal policy — organizations with blanket requirements that production traffic stays within corporate infrastructure

With customer-controlled deployment, MCP traffic never leaves your network. The gateway runs inside your VPC or on-premises data center, and tool calls are proxied directly to upstream MCP servers without traversing external infrastructure.

Network-Level Control

Running the gateway in your own environment gives you full control over the network layer:

  • Private MCP servers — proxy to internal MCP servers that are not exposed to the internet, without opening firewall rules
  • Network segmentation — place the gateway in a dedicated security zone with controlled ingress/egress
  • VPC peering — connect directly to upstream services over private links, eliminating public internet hops
  • Custom TLS — use your own certificates and PKI infrastructure
  • IP allow-listing — control which networks can reach the gateway, beyond application-layer authentication

Low-Latency Authorization

The hosted gateway evaluates authorization decisions against Permit's cloud PDP. In customer-controlled deployments, you can run a local PDP alongside the gateway:

  • Low-latency authorization — policy decisions evaluated locally, eliminating network round-trips to the cloud
  • Resilience — authorization continues even if internet connectivity to Permit.io is temporarily interrupted
  • Predictable latency — no variability from cross-region PDP calls; performance is bounded by local compute

In the customer-controlled model, Permit.io still serves as the cloud control plane — policy changes propagate to your local PDP automatically via OPAL, with no manual sync required. For fully on-premises deployments, the control plane also runs locally — see Fully On-Premises Deployment below.

Deployment Models

Permit MCP Gateway supports three deployment models. Choose based on your compliance, network, and operational requirements:

AspectHosted (SaaS)Customer-ControlledFully On-Premises
Gateway locationManaged by Permit at *.agent.securityRuns in your VPC, on-prem, or private cloudRuns in your environment
MCP traffic pathThrough Permit's managed infrastructureStays entirely within your networkStays entirely within your network
Authorization decisionsPermit.io cloud PDPLocal PDP in your environmentLocal PDP in your environment
Policy management (control plane)Permit.io cloudPermit.io cloudOn-premises control plane — runs in your environment
Audit logsPermit.io cloud storageYour infrastructure + Permit.io (configurable)Fully local — no data leaves your network
TLS certificatesManaged by PermitYour certificates, your PKIYour certificates, your PKI
Private MCP serversMust be internet-accessibleAccessible over private networkAccessible over private network
Internet connectivity requiredYesYes (for control plane sync)No — supports air-gapped environments
Uptime dependencyPermit infrastructureYour infrastructure + Permit.io for policy updatesFully self-contained — no external dependencies
Best forFast adoption, SaaS workloads, evaluationData residency, private MCP servers, local PDPAir-gapped, classified, and zero-trust environments

What Stays the Same Across All Models

All deployment models use the same gateway codebase, same policy model, and same authorization logic. The differences are purely about where components run and where traffic flows:

  • Same ReBAC policy model with trust levels, consent, and the min() ceiling logic
  • Same MCP client configuration — users just point to your internal gateway URL instead of *.agent.security
  • Same admin dashboard experience for gateway management
  • Same policy inspection and audit log capabilities
  • Policies, users, and audit history can be migrated seamlessly between deployment models

Fully On-Premises Deployment

For organizations with the strictest security requirements, Permit offers a fully on-premises deployment where the entire stack runs within your environment — including the control plane. No component communicates with external services, and no data leaves your network.

What's Included

The fully on-premises package includes everything needed to run the complete Permit MCP Gateway stack independently:

  • Gateway — the MCP proxy with authentication and authorization enforcement
  • Consent Service — user-facing OAuth 2.1 authorization server and consent UI
  • Policy Decision Point (PDP) — local authorization engine for real-time permit.check() evaluations
  • Control Plane — policy management, resource schemas, role assignments, and audit log storage — all running locally
  • Admin Dashboard — the same gateway management UI, hosted within your infrastructure
  • Policy Dashboard — full policy inspection, audit log analysis, and configuration — running on-premises

Air-Gapped Environments

The fully on-premises deployment is designed to operate in air-gapped environments with no internet connectivity:

  • No outbound connections — the gateway, PDP, control plane, and all supporting services run entirely within your network boundary. The system is designed to operate without outbound connections — there are no required phone-home, telemetry, or license check mechanisms.
  • Offline policy management — policies are created, modified, and evaluated locally. Changes propagate from the on-premises control plane to the local PDP without any external dependency.
  • Self-contained updates — software updates are delivered as versioned artifacts (container images, binaries) that can be transferred into the air-gapped environment via your existing secure media processes.
  • Local audit storage — all audit logs, consent records, and session data are stored within your infrastructure. No data is transmitted externally.

When to Choose Fully On-Premises

This deployment model is designed for environments where external connectivity is not an option:

  • Defense and intelligence — classified environments where systems must operate within secure enclaves with no internet access
  • Critical infrastructure — energy, utilities, and industrial control environments with strict network isolation requirements
  • Government and public sector — agencies subject to FedRAMP High, ITAR, or similar frameworks with strict infrastructure control requirements
  • Healthcare with strict data isolation — environments where even policy metadata must remain within the compliance boundary
  • Financial institutions with zero-trust mandates — organizations that require every component — including policy management — to run within their security perimeter

Enterprise Security Controls

Enterprise deployment unlocks additional security capabilities beyond the core gateway features available on all plans. Some features below may be in early access — see the feature maturity table for current status.

Agent Interrogation

An agentic-native identity mechanism that engages connecting agents directly through the MCP protocol — verifying their identity, purpose, and behavioral fingerprint before any tools are unlocked. Agent Interrogation provides:

  • Composite agent identity — binds the delegating human, workflow context, and agent fingerprint into a single identity used for all policy and audit decisions
  • Drift detection — detects changes in agent behavior across sessions, surfacing potential prompt injection or configuration drift
  • Per-workflow policy — define different trust levels for the same MCP client operating in different contexts

See Advanced Features: Agent Interrogation for the full technical details.

Human-in-the-Loop Approvals

Pause agent execution for sensitive operations and route approval requests to designated reviewers. Routine operations continue uninterrupted — only high-risk actions require human confirmation.

Set custom consent windows that automatically expire. Grant a contractor's agent two-week access, a vendor integration 90-day access, or a production debugging session 4-hour access — when the window closes, access is revoked automatically.

Additional Enterprise Controls

  • Agent Verification — behavioral profiling and identity baseline tracking across sessions
  • Session Monitoring — compare declared intent vs. actual tool call patterns, with anomaly surfacing
  • Permission Receipts — auditable records of every permission grant for compliance reporting
  • Intent-Based Access Control — evaluate agent purpose against policy before execution begins

See Advanced Features for the full list and maturity status of each capability.

Get Started

Enterprise deployment is designed and scoped in collaboration with your team to ensure it meets your specific compliance, network, and operational requirements.

  • Schedule a demo — see the enterprise deployment in action and discuss your architecture
  • Contact us — reach out with specific compliance or deployment questions
  • Join our Slack — talk with the team and other enterprise users

Ready to evaluate? Start with the Quick Start to set up a hosted gateway in under 5 minutes.

Contents