Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 13 additions & 4 deletions app/en/guides/deployment-hosting/_meta.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,25 @@ const meta: MetaRecord = {
"arcade-cloud": {
title: "Arcade Cloud",
},
azure: {
title: "Azure Marketplace",
},
aws: {
title: "AWS Marketplace",
},
gcp: {
title: "GCP (coming soon)",
},
helm: {
title: "Self-host with Helm",
},
"on-prem": {
title: "On-premises MCP servers",
title: "Hybrid MCP servers",
},
"warp-pipes": {
title: "Warp Pipes",
display: "hidden",
},
"configure-engine": {
title: "Configure Arcade's engine",
},
"arcade-deploy": {
title: "Arcade Deploy",
},
Expand Down
4 changes: 2 additions & 2 deletions app/en/guides/deployment-hosting/arcade-cloud/page.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import { Callout } from "nextra/components";
Arcade Cloud is Arcade's fully-managed SaaS platform: Arcade handles hosting, scaling, and operations so you can focus on building. This page covers the infrastructure behind Arcade Cloud, including networking, data storage, data protection, and sovereignty options.

<Callout type="info">
This page applies to **Arcade Cloud** only. If you self-host Arcade, you control your own infrastructure and data residency. See [on-premises deployment](/guides/deployment-hosting#on-premise-deployments) for details.
This page applies to **Arcade Cloud** only. If you self-host Arcade, you control your own infrastructure and data residency. See [on-premises deployment](/guides/deployment-hosting/helm) for details.
</Callout>

## Sovereignty
Expand Down Expand Up @@ -122,7 +122,7 @@ Training data is retained for up to 5 years, which is sufficient for model devel

### Regulated Customers

If your organization has strict data residency requirements—for example, in financial services, healthcare, or government—or you operate within a legal regime that requires data storage in a specific country, you can deploy Arcade on-premises or in your preferred cloud region using a [self-hosted deployment](/guides/deployment-hosting#on-premise-deployments). This keeps all sensitive data within your own infrastructure.
If your organization has strict data residency requirements—for example, in financial services, healthcare, or government—or you operate within a legal regime that requires data storage in a specific country, you can deploy Arcade on-premises or in your preferred cloud region using a [self-hosted deployment](/guides/deployment-hosting/helm). This keeps all sensitive data within your own infrastructure.

## Questions

Expand Down
4 changes: 4 additions & 0 deletions app/en/guides/deployment-hosting/arcade-deploy/page.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ import { SignupLink } from "@/app/_components/analytics";

Running your MCP servers locally is very convenient during development and testing. Once your MCP server is mature, however, you may want to access it from any MCP client, or to facilitate multi-user support. Doing all that from your computer comes with the complexity of running and maintaining a server, handling auth and high availability for all your users and all the integrations you want to support. Arcade Deploy takes care of all that for you. Your MCP server will be registered to Arcade, adding all the tools you created to the larger tool catalog. From there, you can create MCP Gateways to pick and choose which tools you want to use in your MCP clients, which can be from any connected MCP server.

<Callout type="info">
Arcade Deploy hosts *your* MCP server on Arcade Cloud. It's a feature for serving tools — not a way to deploy the Arcade platform. For a full platform deployment, see the [marketplace guides](/guides/deployment-hosting) or [self-host with Helm](/guides/deployment-hosting/helm).
</Callout>

<GuideOverview>
<GuideOverview.Outcomes>

Expand Down
69 changes: 69 additions & 0 deletions app/en/guides/deployment-hosting/aws/page.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
---
title: "Deploy on AWS"
description: "Deploy Arcade into your own AWS account through a private offer"
---

import { Callout, Steps } from "nextra/components";

# Deploy Arcade on AWS

Arcade runs on AWS as a full platform deployment into **your own AWS account**. The AWS offering is currently available through a **private offer** rather than a public self-serve listing.

<Callout type="info">
AWS is available through a private offer. View the [Arcade listing on AWS Marketplace](https://aws.amazon.com/marketplace/seller-profile?id=seller-qbstsdnxkltx6) and [contact us](https://www.arcade.dev/contact) to receive a private offer for your account. If you'd rather manage the platform yourself, see [Self-host with Helm](/guides/deployment-hosting/helm).
</Callout>

## What gets deployed

The AWS deployment stands up the complete Arcade platform — Engine, Coordinator, Worker, Dashboard, and Experience API — in your account, using managed AWS services:

| AWS service | Role |
| --- | --- |
| **Amazon EKS** | Runs the Arcade services |
| **Amazon RDS for PostgreSQL** | Primary datastore |
| **Amazon ElastiCache** | Cache and streams |
| **VPC + private subnets** | Private networking |

## Before you begin

- **AWS account** with permission to accept a Marketplace private offer and deploy the stack.
- **Region.** Confirm the offer targets your preferred region.
- **DNS.** Arcade assigns a managed hostname at deploy time, in the form `<id>.aws.myarcade.dev`.
- **Identity provider.** Have an [OIDC identity provider](/references/auth-providers) ready — see below.

## Set up your identity provider

Arcade signs users in through your OpenID Connect (OIDC) identity provider. The provider authenticates dashboard users and backs the tokens that MCP gateways validate, so set it up before you deploy.

1. Register an application with your identity provider. Arcade works with [Microsoft Entra ID, Okta, Auth0, or Keycloak](/references/auth-providers), or any standards-compliant OIDC provider.
2. Copy the application's client ID, generate a client secret, and note the issuer URL. For Microsoft Entra ID, use the v2.0 issuer `https://login.microsoftonline.com/<tenant-id>/v2.0`.
3. Provide the client ID, client secret, and issuer in the deployment parameters.
4. After you deploy, register the redirect URIs shown in the deployment outputs on the application, then sign in to the dashboard.

## Deploy

<Steps>

### Accept the private offer

Follow the private-offer link we share to subscribe to the Arcade listing in AWS Marketplace.

### Launch the deployment

Launch the deployment and provide your parameters, including your identity provider's **client ID**, **client secret**, and **issuer**.

### Register the redirect URIs

Once the deployment finishes, register the redirect URIs shown in the deployment outputs on your identity provider application, as described in [Set up your identity provider](#set-up-your-identity-provider).

### Verify your deployment

Open the dashboard URL from the deployment output and sign in with your identity provider.

</Steps>

## Next steps

- [Create an MCP Gateway](/guides/mcp-gateways) to scope tools and auth for each client
- [Connect an MCP client](/get-started/mcp-clients) to a gateway URL
- [Set up a User Source](/guides/user-sources) to authenticate end users with your own identity provider
104 changes: 104 additions & 0 deletions app/en/guides/deployment-hosting/azure/page.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
---
title: "Deploy on Azure"
description: "Deploy Arcade into your own Azure subscription from the Azure Marketplace"
---

import { Callout, Steps } from "nextra/components";

# Deploy Arcade on Azure

Arcade is available on the Azure Marketplace as a managed application. You deploy it into **your own Azure subscription**, where it's managed by Arcade: your data and the services that run Arcade stay in your subscription, while Arcade handles upgrades and day-to-day operations.

<Callout type="info">
The Azure Marketplace deployment is a **full platform deployment** — it stands up the complete Arcade platform in your cloud. If you'd rather manage the platform yourself on an existing Kubernetes cluster, see [Self-host with Helm](/guides/deployment-hosting/helm).
</Callout>

<GuideOverview>
<GuideOverview.Outcomes>

A production Arcade platform running in your own Azure subscription, deployed from the Azure Marketplace and operated by Arcade.

</GuideOverview.Outcomes>

<GuideOverview.Prerequisites>

- An Azure subscription with the **Owner** role
- A Microsoft Entra tenant (personal Microsoft accounts aren't supported)
- An [OIDC identity provider](/references/auth-providers)

</GuideOverview.Prerequisites>

<GuideOverview.YouWillLearn>

- What the managed application deploys into your subscription
- How to set up your identity provider
- How to deploy the offer and verify it

</GuideOverview.YouWillLearn>
</GuideOverview>

## What gets deployed

The managed application provisions everything Arcade needs inside a managed resource group in your subscription:

| Azure service | Role |
| --- | --- |
| **Azure Kubernetes Service (AKS)** | Private cluster that runs the Arcade services (Engine, Coordinator, Worker, Dashboard, Experience API) |
| **Azure Key Vault** | Stores database, cache, identity-provider, and encryption secrets |
| **Azure Database for PostgreSQL Flexible Server** | Primary datastore |
| **Azure Managed Redis** | Cache and streams |
| **Virtual network + private endpoints** | Private networking with NAT-gateway egress |
| **Log Analytics, Container Insights, Microsoft Defender** | Monitoring and security |

## Before you begin

- **Subscription and role.** Deploy into a subscription where you hold the **Owner** role, with the spending limit turned off.
- **Microsoft Entra tenant.** The deployment federates sign-in to your Entra tenant. Personal Microsoft accounts aren't supported.
- **Region and quota.** Confirm the offer is available in your target region and that the subscription has enough vCPU quota to run an AKS cluster. If you're unsure, [contact us](/resources/contact-us).
- **DNS.** Arcade assigns a managed hostname at deploy time, in the form `<id>.az.myarcade.dev`.
- **Identity provider.** Have an [OIDC identity provider](/references/auth-providers) ready — see the next section.

## Set up your identity provider

Arcade signs users in through your OpenID Connect (OIDC) identity provider. The provider authenticates dashboard users and backs the tokens that MCP gateways validate, so set it up before you deploy.

1. Register an application with your identity provider. Arcade works with [Microsoft Entra ID, Okta, Auth0, or Keycloak](/references/auth-providers), or any standards-compliant OIDC provider.
2. Copy the application's client ID, generate a client secret, and note the issuer URL. For Microsoft Entra ID, use the v2.0 issuer `https://login.microsoftonline.com/<tenant-id>/v2.0`.
3. Provide the client ID, client secret, and issuer in the create form.
4. After you deploy, register the redirect URIs shown in the deployment outputs on the application, then sign in to the dashboard.

## Deploy from the Azure Marketplace

<Steps>

### Find the Arcade offer

Open the [Arcade offering in the Azure Marketplace](https://marketplace.microsoft.com/en-us/product/arcadeaiinc1779236563291.arcade_managed?tab=Overview) and select **Get it now**. Choose the standard plan for a production, single-tenant deployment.

### Complete the create form

Fill in the deployment form:

- **Region** and **resource group** for the deployment
- Your identity provider's **client ID**, **client secret**, and **issuer** from the previous section
- Optionally, a model provider API key (for example, Anthropic) to enable chat in the dashboard

### Deploy

Start the deployment. It takes roughly 30–45 minutes to provision the cluster and supporting services. When it finishes, the deployment outputs your **hostname**, **dashboard URL**, and the **redirect URIs** to register.

### Register the redirect URIs

Add the redirect URIs shown in the deployment outputs to your identity provider application, as described in [Set up your identity provider](#set-up-your-identity-provider).

</Steps>

## Verify your deployment

Open the dashboard URL from the deployment output and sign in with your identity provider. A successful sign-in confirms the platform is running and your identity provider is wired up correctly.

## Next steps

- [Create an MCP Gateway](/guides/mcp-gateways) to scope tools and auth for each client
- [Connect an MCP client](/get-started/mcp-clients) to a gateway URL
- [Set up a User Source](/guides/user-sources) to authenticate end users with your own identity provider
Loading
Loading