Main section

Cloud or On-Premises?

Find the right CLM deployment

Answer a few quick questions and we'll point you to the deployment model that fits your environment - and then connect you with the right next step.

SwissSign CLM Deployment Selector

CLM Deployment Selector

Answer a few quick questions

Question 1
Does your organisation already have a deployment strategy for security services?
We require on-premises deployment
Cloud, or no fixed preference
Question 2
Can your internal systems reach an external cloud service?
A CLM in the cloud needs your internal systems to reach it via agent or REST API. Fully air-gapped networks cannot.
Yes, outbound connectivity is possible
No, our network is air-gapped / isolated
Question 3
Do you need the CLM to integrate with internal systems, and does your network policy allow that access?
Integrations (LDAP/AD, ITSM, CMDB) let the CLM trigger workflows in your internal systems, which needs the CLM to reach them.
No integration with internal systems needed
Yes, and our policy permits the required access
Yes, but our policy forbids that access
Question 4
Does your environment require certain certifications or audit standards for cloud services?
Some sectors need specific certifications for the systems that handle their data.
Yes
No / not sure
Recommended: On-Premises
  • Deployed inside your own infrastructure; credentials never leave your perimeter
  • Direct in-perimeter reach to LDAP/AD, F5 and ITSM/CMDB systems
  • Suited to air-gapped networks and strict integration policies
  • Operated by you, inside your own infrastructure; private PKI supported
Recommended: Cloud (SwissSign-hosted)
  • Application-as-a-Service on Evertrust Horizon, hosted in Switzerland by SwissSign
  • Fastest to start: nothing to deploy, maintenance handled by SwissSign
  • Reaches internal systems via agents/connectors where needed
  • Sensitive data protected by HSM-backed KMS at SwissSign
SwissSign CLM — Cloud vs On-Premises
Cloud (SwissSign-hosted) On-Premises
Recommended for No fixed on-premises requirement; internal systems can reach the cloud; no integration blocked by network policy; no certification constraint on cloud services On-premises mandated by strategy; air-gapped network; internal integration your policy won't permit from outside; or certification requirements for cloud services
Who operates it SwissSign (Application-as-a-Service) You, inside your infrastructure
Where credentials live Customer-side agents/connectors; sensitive data protected by HSM-backed KMS at SwissSign Never leave your infrastructure
Internal-system reach Best for cloud / internet-facing; internal reach needs agents/relays Direct LDAP/AD, F5, ITSM – in-perimeter
Setup effort Fastest; nothing to deploy Project with possible SwissSign support
Maintenance Handled by SwissSign Your responsibility
Private PKI Integrate self-operated private PKIs, or add a new dedicated private PKI instance operated by SwissSign when needed for replacement or new use cases Integrated as part of your deployment when needed
Explore Cloud Explore On-Premises