Can MCP servers run remotely?

Yes. While stdio is the default for local tools, MCP also supports Server-Sent Events and HTTP-based transports that let clients connect to remote servers.

Should I use stdio in production?

Stdio is best for local-only tools where the client launches the server on the same machine. For team-wide or SaaS integrations, use SSE or HTTP transports.

How do I secure an MCP server?

Use authentication tokens, scoped permissions, TLS for remote transports, input validation, and sandboxing. Never let a server run unrestricted shell commands.

Can I host an MCP server on Cloudflare or Vercel?

Yes, as long as the runtime can maintain the transport and respond to MCP messages. For stateless edge functions, an HTTP transport is usually easier than SSE.

Hosting and Deploying MCP Servers in Production

Bottom line: A local MCP server is only the beginning. Production deployments need the right transport, access controls, and observability.

Choosing a transport

MCP supports multiple transports. The one you choose determines where the server can run and how clients connect.

stdio

Client launches the server as a subprocess. Best for local CLI tools.

SSE

Server-Sent Events over HTTP. Good for remote team servers and SaaS.

HTTP

Plain HTTP endpoints. Easiest for stateless and edge deployments.

Local deployment with stdio

Stdio is the simplest pattern. The client starts your server binary and communicates over standard input and output. Because the server runs on the user's machine, it can access local files and environment variables without network hops.

The downside is that every user must install the server and its dependencies. Distribute it through npm, Homebrew, or a single binary to reduce friction.

Remote deployment with SSE

SSE lets clients connect to a running server over the network. This is ideal when the server needs shared infrastructure, such as a database or an internal API.

import { SSEServerTransport } from '@modelcontextprotocol/sdk/server/sse.js';

app.get('/sse', (req, res) => {
  const transport = new SSEServerTransport('/messages', res);
  server.connect(transport);
});

app.post('/messages', (req, res) => {
  // route message to the active transport session
});

Containerizing with Docker

Docker makes stdio servers reproducible across machines. Build a small image, expose the command, and let the client run it.

FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY dist ./dist
CMD ["node", "dist/index.js"]

Authentication patterns

API keys: pass a token in an environment variable for stdio servers.
OAuth2: use for SSE servers where users authenticate through a web flow.
mTLS: issue client certificates for internal enterprise deployments.
Scoped tokens: give each client only the permissions it needs.

Sandboxing and least privilege

Treat MCP servers as privileged code. Run them in sandboxed processes, deny network access when it is not needed, and never expose unrestricted shell execution. Validate every input with Zod or a similar library before acting on it.

Monitoring and scaling

Log tool calls, errors, and latency to stderr or a structured logger. For SSE servers, track active sessions and set connection limits. Scale horizontally by keeping sessions stateless or storing session state in Redis.

Published 2026-06-12

Related Resources

Docker Containerization Expert

Skill

Create optimized Docker images and compose configurations for development and production environments with security best practices and multi-stage builds.

Mcp

MCP Server

Catalog of official Microsoft MCP (Model Context Protocol) server implementations for AI-powered data access and tool integration

Prompt Injection Defender

Prompt

Design robust defense mechanisms against prompt injection attacks, jailbreaks, and adversarial inputs. Implement multi-layered security for AI systems handling untrusted user input.

MCP

Glossary

MCP stands for Model Context Protocol. It is an open standard that lets AI clients connect to external tools, data sources, and prompts through a single, consistent interface. Anthropic introduced MCP in late 2024, and it has since been adopted by Claude Desktop, Cursor, Cline, VS Code, Windsurf, and a growing list of community clients. An MCP server is a small program that exposes three things: tools the model can call, resources the client can read, and prompts that help users accomplish common tasks. An MCP client discovers those capabilities and decides when to invoke them. Transport is usually stdio for local servers or Server-Sent Events for remote ones. For developers, MCP removes the need to build a custom integration for every API. You write one server, and any compatible client can use it. For users, it means AI assistants can securely access files, databases, SaaS tools, and web services without each client reinventing the wheel.

Docker

MCP Server

MCP server for Docker