GitHub Server vs GitHub Cloud vs GitHub EMU
I sometimes have calls when customers ask about the differences between different GitHub deployments so I’ll keep the comparison on this page.
To be clear from the start, GitHub Enterprise Managed Users (EMU) is a different way of managing users on github.com, or to be more exact a different ownership of user accounts and I explain it in more details in another post. EMUs use the same github.com platform and other than some limitations, everything else mostly works the same as on standard GitHub Enterprise Cloud.
| GitHub Enterprise Cloud (GHEC) | GitHub Enterprise Server (GHES) | |
|---|---|---|
| Data residency | The data hosted at GitHub’s datacentre in the US | On your infrastructure (either your AWS/Azure/GCP or in your instance of Hyper-V/OpenStack/VMWare) |
| User authentication | SAML: - Active Directory Federation Services (ADFS) - Azure Active Directory (Azure AD) - Okta - OneLogin - PingOne - Shibboleth SAML SSO can be configured either on organisation or on enterprise account level. | Central Authentication Service (CAS) LDAP: - Active Directory - FreeIPA - Oracle Directory Server Enterprise Edition - OpenLDAP - Open Directory - 389-ds SAML: - Active Directory Federation Services (AD FS) - Azure Active Directory (Azure AD) - Okta - OneLogin - PingOne - Shibboleth |
| User provisioning | SCIM user provisioning/deprovisioning: - Azure AD - Okta - OneLogin SCIM user provisioning requires SAML to be configured on organisation level. SCIM user provisioning with SAML configured on Enterprise Account level is only available in Enterprise Managed Users option. | As of 25 Sept 2023 SCIM user provisioning is in private beta |
| GitHub Team sync | Team sync is available with: - Azure AD - Okta | Depends on SCIM, so also as of 25 Sept 2023 it’s in beta |
| Domain name | The customer can’t choose the domain name. It will always be github.com | The customer can either access the instance by IP address or use your custom domain name. |
| Who owns user accounts? | Individual GitHub users in case of standard/classic GitHub; in case of EMU - the company | The company |
| Licensing (GitHub only, excl. add-on products like GitHub Advanced Security) | Per unique user in Enterprise Account | Per unique user on the server The license allows for unlimited instances (backup/HA/staging/another production) for the same unique users |
| Support | Enterprise support is included in the monthly/annually subscription. Premium and Premium Plus support options are available. | ← Same |
| Reliability | 99.9% monthly uptime SLA. The status is published on GitHub Status | Reliability is the responsibility of the customer |
| Security | Shared responsibility | Customer’s responsibility |
| Application Upgrade and Bug/Security Fixes | The platform receives frequent automated updates | The customer is responsible for upgrading the application |
| Email/SMTP server | Not required | Required for sending email notifications |
| GitHub Actions | Can be used without extra configuration. | Requires additional hardware resources and storage (Azure Blob storage, Amazon S3 or S3-compatible MinIO Gateway). |
| GitHub PAckages | Can be used without extra configuration. | Requires additional storage (Azure Blob storage, Amazon S3 or S3-compatible MinIO Gateway). |
| Dependabot updates | Other than turning it on - no additional requirements | Requires GitHub Actions |
This post is licensed under CC BY 4.0 by the author.