MCP Server Hosting: Self-Hosted vs Managed
Managed MCP hosting platforms like MCPWorks handle infrastructure, security, and scaling for Model Context Protocol servers, while self-hosted MCP servers give you full control at the cost of operational overhead. The right choice depends on your team size, security requirements, and how many MCP tools you need to run.
This comparison applies to MCP as adopted across the industry — the open standard now governed by the Linux Foundation and supported by Google, Microsoft, and others.
Comparison overview
| Dimension | Self-Hosted | Managed (MCPWorks) |
|---|---|---|
| Setup time | Hours to days | Minutes |
| Infrastructure | You provision and maintain | Handled by platform |
| Security isolation | You implement | nsjail sandboxes with namespaces, cgroups, seccomp |
| Scaling | Manual or custom auto-scaling | Built into platform |
| Token optimization | Standard tool loading | Code-mode execution (70-98% savings) |
| Multi-tenant isolation | You architect | Namespace isolation by default |
| Cost model | Server + maintenance costs | Per-namespace subscription |
| Control | Full | Platform-defined boundaries |
| Compliance | You certify | Platform provides baseline |
Infrastructure and setup
Self-hosted
Running your own MCP server means provisioning compute (VM, container, or serverless function), configuring networking, setting up TLS certificates, and deploying your MCP server code. A basic setup requires:
- A server or container orchestrator (Docker, Kubernetes)
- TLS certificate management (Let's Encrypt, cert-manager)
- Process management and restart policies
- Logging and monitoring
- Backup and disaster recovery
For a single developer running one MCP server locally, this is straightforward — most MCP servers can run on localhost with stdio transport. But for team or production use over the network, the infrastructure requirements multiply.
Managed
MCPWorks provides namespace-based endpoints out of the box. After account creation, each namespace gets two HTTPS endpoints:
{namespace}.create.mcpworks.iofor function management{namespace}.run.mcpworks.iofor execution
No server provisioning, no TLS configuration, no container management. Functions are created through the MCP interface itself — your AI assistant connects and creates functions directly.
Security
Self-hosted
Security for self-hosted MCP servers is entirely your responsibility. Key concerns include:
Code execution isolation. If your MCP server executes user-provided or AI-generated code, you need sandboxing. Without it, malicious or buggy code can access the host filesystem, network, and other processes. Implementing proper isolation requires Linux namespaces, cgroups, and seccomp filtering — expertise that most development teams don't have in-house.
Authentication and authorization. MCP's streamable HTTP transport supports standard HTTP auth, but you need to implement token validation, scope enforcement, and key rotation yourself.
Supply chain risks. Self-hosted MCP servers often pull dependencies from npm or PyPI. Each dependency is an attack surface. The MCP ecosystem is new, and supply chain attacks targeting AI tool ecosystems have already been documented.
Network exposure. Exposing an MCP server to the internet requires careful firewall configuration, rate limiting, and DDoS protection.
Managed
MCPWorks isolates every function execution in an nsjail sandbox with:
- Linux namespaces for process, network, mount, and user isolation
- cgroups for CPU, memory, and I/O limits
- seccomp for system call filtering (blocking dangerous syscalls)
- Network isolation with controlled egress
Each namespace is fully isolated from others. Authentication is handled via bearer tokens with the platform managing key rotation and scope enforcement.
This doesn't eliminate all security concerns — you still need to trust the platform — but it offloads the specialized work of building and maintaining a secure code execution environment.
Token costs and efficiency
Self-hosted
Standard self-hosted MCP servers use traditional tool loading: every connected tool's schema is injected into the AI's context window. As documented in "What is the MCP Tool Overload Problem?," this can consume 100,000+ tokens for large toolsets.
You can mitigate this with custom tool routing or schema compression, but these are additional systems you need to build and maintain.
Managed
MCPWorks uses code-mode execution, where the AI writes code that runs in a sandbox instead of loading tool schemas into context. According to Anthropic's Code Execution MCP research (January 2026), this achieves 70-98% token savings.
For teams making hundreds of AI requests daily, this token reduction can offset the subscription cost entirely through reduced API bills.
Cost comparison
Self-hosted
The total cost of self-hosting includes:
- Compute: $20-200/month for a VM or container cluster
- Engineering time: Setup, maintenance, security patches, incident response
- Monitoring: Log aggregation and alerting tools
- Hidden costs: On-call burden, dependency updates, security audits
For a single developer running a local MCP server, the direct cost is near zero (your existing machine). For a team running production MCP infrastructure, expect $500-2,000/month in total cost of ownership when engineering time is included.
Managed
MCPWorks pricing is subscription-based:
- Free: 5 functions, 1,000 executions/month, 1 namespace
- Builder: Unlimited functions, 25,000 executions/month, 3 namespaces
- Pro: Unlimited functions, 250,000 executions/month, unlimited namespaces
- Enterprise: 1M executions/month, dedicated infrastructure, SSO, Slack Connect support, 99.9% SLA
Hard caps prevent surprise bills. Functions pause at the limit rather than incurring overages.
When to self-host
Self-hosting makes sense when:
- You need full control over the execution environment, dependencies, and network configuration
- Regulatory requirements mandate that code runs on your own infrastructure
- You have a small, stable toolset (few servers, few tools) where setup overhead is a one-time cost
- You have DevOps expertise to maintain secure, production-grade infrastructure
- You're running locally only (localhost, no network exposure needed)
When to use managed hosting
Managed hosting makes sense when:
- You want to start quickly without provisioning infrastructure
- Security isolation is important but you lack sandbox implementation expertise
- You have many tools and tool overload is a concern
- Cost predictability matters — fixed subscription vs. variable infrastructure costs
- Your team is small and engineering time is better spent on product than infrastructure
- You need multi-tenant isolation for different projects or clients
Further reading
- What is Code-Mode Execution in MCP? — How code-mode execution reduces token costs
- What is the MCP Tool Overload Problem? — The scaling challenge with traditional MCP
- Model Context Protocol specification — The MCP standard
- MCPWorks — Managed MCP hosting with code-mode execution
MCPWorks is open source.
Self-host free forever, or try MCPWorks Cloud — 14-day Pro trial, no credit card.