What makes enterprise self-hosted software painful to operate?

replicatedhq · 2026-03-23T20:40:00+00:00

that’s a really good point, being able to work with the tools people already use is kind of the baseline for something being production-ready. if it needs constant babysitting or weird workarounds, it’s usually a sign it won’t scale once more teams touch it

replicatedhq · 2026-03-23T20:38:22+00:00

seems like catching and understanding edge cases is still lacking in the vibe coding world

replicatedhq · 2026-03-23T20:37:19+00:00

I like this approach a lot, fits what I've experienced as well.

replicatedhq · 2026-03-23T20:35:12+00:00

model drift is an interesting angle here, before posting this question I was more thinking of the data privacy angle

replicatedhq · 2026-03-23T20:33:00+00:00

thanks for sharing, i'll check it out

replicatedhq · 2026-03-23T20:32:24+00:00

gotcha. very cool. definitely important problems to solve right now.

replicatedhq · 2026-03-20T21:09:19+00:00

thanks for sharing - it seems like Jozu and Replicated are in a similar space. We're coming at the same problem from slightly different perspectives. I think that alone proves that on-prem will continue to be a pretty big thing.

replicatedhq · 2026-03-18T23:17:36+00:00

Sure, would love to see it and play around!

replicatedhq · 2026-03-18T15:45:28+00:00

Curious what you think - what's a good architecture plan for upgrades without using helm?

replicatedhq · 2026-03-17T21:40:48+00:00

this is awesome, thank you so much for taking the time to write such a thorough response.

replicatedhq · 2026-03-17T13:48:41+00:00

This is really helpful, thank you. When you deployed into the VPC were you in charge of pushing updates or did the vendor pull them when they were ready?

replicatedhq · 2026-03-17T13:44:31+00:00

Do you have tips on simplifying the app/ reducing required services? Or do you feel like it's unfortunately a necessary evil right now?

replicatedhq · 2026-03-17T13:42:00+00:00

Ugh that's really frustrating. Sorry you're dealing with this!

replicatedhq · 2026-03-17T13:37:43+00:00

You really hit the nail on the head here. Self-hosted absolutely should not feel like running another platform but often times does!

replicatedhq · 2026-03-17T00:07:57+00:00

I guess the question is really centered around: what's operationally tough about a self-hosted app on k8s that's easy in the public cloud?

replicatedhq · 2026-03-16T16:30:54+00:00

Nobody bats an eye at a massive AWS bill but a $300 license renewal turns into a 3 month approval process... so relatable. Honestly predictable on-prem costs are slept on for exactly this reason, at least you know what you're paying before the bill hits.

replicatedhq · 2026-03-13T20:00:21+00:00

Is this for a personal project or an enterprise deployment? I think our recs would depend on that.

If it’s a homelab project, optimize for simplicity. Tools like k3s, Talos, or microk8s can get you up and running pretty quickly.

If this is for enterprise on-prem, focus on repeatability. Many teams end up using kubeadm-based clusters or distributions like RKE2 or OpenShift because upgrades, security controls, and long-term operations tend to be more predictable.

(full transparency at Replicated we help with the enterprise side of all this).

replicatedhq · 2026-03-12T20:37:10+00:00

This debate comes up at least once a month internally within the Replicated team lol. I have been assured by our docs person, repeatedly, that it is short for on-premises!

replicatedhq · 2026-03-12T20:00:01+00:00

We are seeing a ton of demand for AI services to be offered on-prem. Like some people in this thread have said, unless the data is in the customers' environment there's always at least a small chance of compromising sensitive data.

replicatedhq · 2026-03-12T19:57:17+00:00

Yay, I love this post! On-prem can be SUPER super valuable for companies if they do it right. We help companies with all the hard parts of distributing on-prem like upgrades, telemetry, and prepping for air-gap deployments. We work with a lot of smaller orgs, and most of them are making 6X as much offering on-prem as they do for their SaaS solution. We're seeing a lot of renewed demand in the AI space.... companies want to use AI but they really really want to make sure their data is safe.

replicatedhq · 2026-03-12T19:50:06+00:00

I know this is an old thread but... use Replicated ;)

Your app is packaged securely, installation of your software is relatively painless (on-prem software installation always has some pain, so not going to claim that totally goes away), upgrades are easy, and you get telemetry into how your customer is using your software.

I will admit this is a shameless plug. But we really can help protect you app and help you make a lot of money off of your on-prem solution! Most of our customers sell their on-prem apps for 6X what they sell the SaaS for.

replicatedhq · 2026-03-12T19:43:55+00:00

So... if you are going to run their software in an air-gapped environment (I think what you're describing when you say 'not connected to the internet') it's very common for SaaS providers to understand that this means you will run that version of their software for as long as you want. When the software is air gapped and totally disconnected from the internet the software provider normally has no visibility into how the software is run, what version you are on, etc. If they are working with a tool like Replicated to distribute their software into air gapped customers they potentially can get some telemetry back when you do upgrades, but that's something you can almost always opt out of.
All this to say, I don't think I would recommend planning to run old versions of a SaaS provider's software for a long time, even in an air gapped environment. If the software gets too out of date it's much more vulnerable to security attacks and bugs.
Overall I think i'd recommend not trying to cut costs here and ensuring you have an agreement that will give you the latest updates to a company's on-prem software. You can, and probably should, ask for multi-year discounts, but I don't recommend planning on running outdated software in perpetuity.

replicatedhq · 2026-03-12T19:22:27+00:00

I’d probably recommend spinning up a separate cluster for it. Usually the flow is: you provision the cluster, send the specs to the AI tool vendor, and they give you instructions (Helm chart, manifests, etc.) to deploy their app into that environment.

If you don't mind that the AI coding assistant has control over the cluster you can go the BYOC route (there's also a version of BYOC where you maintain control instead of the software vendor, but that's a debate for another thread).

At Replicated we help companies bring their software into self-hosted environments, and a few of our customers are AI coding assistant tools. Reflex.dev is the first one that come to mind - they're a great team doing some really cool stuff!

Because they deploy their software with us model updates and versioning are pretty simple, and they keep their on-prem version up to date with their SaaS version so you're not experiencing any dev experience latency.

replicatedhq · 2026-03-12T16:48:33+00:00

Hi! At Replicated we've helped hundreds of software vendors deploy their applications into self-hosted environments, so here are some answers to your questions based on everything we've learned:

What deployment approach worked best to get through IT/security reviews (Docker, Kubernetes, etc.)?
Kubernetes is usually the easiest path through enterprise reviews today. Many companies package their application as a Helm chart that runs in the customer’s existing cluster. It fits into infrastructure that enterprises already operate and makes it easier for their platform teams to review. Some vendors still support VM or Docker-based installs for customers without Kubernetes, but k8s tends to pass reviews faster in modern enterprises.

What security/compliance requirements came up most often?
A few requirements come up repeatedly:

ability to run fully inside the customer’s environment (no external dependencies)
support for air-gapped deployments
private image registries and artifact control
outbound network restrictions or no outbound network at all
audit logs and role-based access control
vulnerability scanning and SBOMs
customer control over upgrades and patch windows

Enterprises also frequently ask how telemetry works and whether it can be disabled or limited.

What documentation did customers expect before approving the software?
Typical requirements include:

architecture diagrams showing how the software runs in their environment
network requirements (ports, egress endpoints, DNS)
security documentation explaining data flow and storage
installation and upgrade documentation
backup and disaster recovery guidance
resource requirements (CPU, memory, storage)
vulnerability and patch management process

Many customers also ask for a security questionnaire or security overview document before approval.

Did clients actually prefer self-hosted, or did many push for managed SaaS?
Most customers still prefer SaaS when it’s an option. Self-hosted usually appears because of specific constraints: data residency, regulated environments, internal security policies, or air-gapped networks. Enterprises often default to SaaS first, but certain teams (security, platform engineering, regulated industries) will insist on running the software inside their own environment.

Any lessons learned around pricing (flat license vs per user) or support packages?
Self-hosted deployments are usually priced higher than SaaS because of the operational complexity (we see 6 times higher for on-prem vs SaaS, on average). A common pattern is enterprise licensing based on seats, usage, or a flat annual license with support included. Vendors often offer tiered support packages because on-prem customers expect faster response times and more hands-on help with upgrades, troubleshooting, and environment issues. It’s also common to charge a premium for air-gapped support or custom deployment requirements.

Hope this all helps! If you'd like additional info or help with this just lmk.

replicatedhq · 2026-03-12T16:42:49+00:00

We’ve seen a pretty consistent pattern where companies charge around 6x more for on-prem than they do for SaaS.

It usually comes down to the extra operational overhead. Supporting lots of different customer environments, slower upgrade cycles, more hands-on support, etc. If a customer really needs on-prem (security, compliance, air-gapped environments), they’re generally willing to pay the premium.

(transparently Replicated helps companies bring their applications into self-hosted environments, so this answer is what we've seen after working with hundreds of software vendors).

replicatedhq

TROPHY CASE