With Dfns, you can deploy key management infrastructure on your own premises. This gives you direct control over your cryptographic operations while still benefiting from the Dfns API and platform capabilities.
On-premise deployments require your team to manage the underlying infrastructure. This includes operating the signers or HSM, networking, software updates, backups, and disaster recovery. Ensure you have the operational capacity before choosing this model.
Deployment options
Hybrid MPC
In the Hybrid model, Dfns manages some MPC signers in our cloud while you operate one or more signers in your own infrastructure. This makes you a required participant in every signing ceremony.
You can choose your preferred MPC threshold scheme (we recommend 3-out-of-5, but any configuration can be implemented) as well as how many signers are operated by Dfns versus your organization.
On-premise MPC
In the fully on-premise MPC model, you manage all MPC signers within your own data centers or private cloud. The Dfns API coordinates the signing ceremonies, but all key shares remain under your control.
You can choose your preferred MPC threshold scheme. We recommend 3-out-of-5, but any configuration can be implemented to match your security requirements.
HSM integration
As an alternative to MPC, you can use a Hardware Security Module (HSM) to secure your wallet keys. The HSM Driver polls the Dfns API and interfaces with your HSM via PKCS#11.
For detailed information about HSM integration, see Using Hardware Security Modules (HSMs).
Getting started
Interested in deploying Dfns infrastructure on your premises? Please contact the Dfns support team at https://support.dfns.co. 
