Billing and Capacity
AegisWire uses a hybrid commerce model that combines user entitlements with capacity-based pricing. This page explains how capacity is calculated, what each plan includes, and how billing works for managed deployments.
Capacity Model
AegisWire plan eligibility is derived from the stricter of four capacity dimensions:
- Bandwidth capacity: Licensed encrypted throughput
- CPU capacity: Gateway compute resources
- Memory/session capacity: Concurrent session density
- Licence cap: Contractual user or device limit
The effective maximum users per cluster is:
U_max = min(U_bandwidth, U_cpu, U_memory, U_licence)
This means your actual capacity is limited by whichever dimension is tightest.
Bandwidth Capacity
U_bandwidth = T_reserved_mbps / (C_ratio * BW_active_mbps * OH_bw)
Where:
| Variable | Description | Default |
|---|---|---|
| T_reserved_mbps | Licensed aggregate encrypted throughput | Per plan |
| C_ratio | Concurrency ratio (fraction of users active simultaneously) | 0.15 |
| BW_active_mbps | Average Mbps per active user | 0.75 |
| OH_bw | Protocol/encryption/padding overhead factor | 1.15 |
User Traffic Profiles
Different workloads have different bandwidth characteristics:
| Profile | Concurrency | Avg Mbps/User | Typical Use |
|---|---|---|---|
| Office Light | 10% | 0.30 | Admin, finance, ticketing |
| Office Mixed | 15% | 0.75 | Standard knowledge work |
| Power User | 25% | 1.50 | Engineering, cloud consoles |
| Media Heavy | 40% | 3.00 | Video, design — poor fit for small plans |
Commercial Capacity Packs
Plans are sold with reserved throughput packs that simplify the capacity math:
| Pack | Reserved Throughput | Typical Users (Office Mixed) |
|---|---|---|
| S | 250 Mbps | Up to ~1,930 |
| M | 1 Gbps | Up to ~7,729 |
| L | 2.5 Gbps | Up to ~19,323 |
| XL | 5 Gbps | Up to ~38,647 |
These are planning envelopes, not guarantees. Your actual capacity depends on your users' traffic profiles.
Plan Tiers
Self-Hosted Plans
Self-hosted plans are priced on licence entitlement. You provide your own infrastructure.
| Feature | Starter | Professional | Business |
|---|---|---|---|
| Users | Up to 25 | Up to 250 | Up to 2,500 |
| Devices | Up to 50 | Up to 500 | Up to 5,000 |
| Regions | 1 | 3 | Unlimited |
| Support | Basic | Standard | Premium |
| Identity Providers | Built-in only | Built-in + 1 external | Built-in + unlimited |
Managed Plans
Managed plans include all infrastructure operated by AegisWire.
| Feature | Starter | Professional | Business |
|---|---|---|---|
| Users | Up to 25 | Up to 250 | Up to 2,500 |
| Devices | Up to 50 | Up to 500 | Up to 5,000 |
| Regions | 1 | 3 | 5 |
| Included Traffic | 100 GB/mo | 1 TB/mo | 10 TB/mo |
| Support | Basic | Standard | Premium |
| SLA | 99.9% CP | 99.9% CP, 99.95% GW | 99.9% CP, 99.95% GW |
Enterprise and GOV
Enterprise and GOV plans are quote-based with contact sales:
- Annual contract minimum
- Dedicated gateway infrastructure
- Custom identity integration
- SIEM/SOC integration
- Architecture review
- Compliance documentation
Hardware Appliance
Hardware plans combine a one-time hardware purchase with an annual software licence. See Hardware Appliance for details.
Billing Mechanics (Managed Tier)
Base Components
Managed tier billing includes:
- Base tenant fee: Monthly fee for your dedicated control plane and database
- Included traffic: Bandwidth included in your plan
- Overage: Per-GB charge for traffic exceeding the included amount
- Support tier: Included in plan or available as add-on
Traffic Metering
Traffic is metered at the gateway level:
- Bytes in (client to gateway) and bytes out (gateway to client) are tracked per tenant
- Metering is reported from the gateway fleet to the business platform
- Usage is aggregated daily and reported in your customer portal
- Overage is calculated monthly and added to your invoice
Payment
- Payment is processed via Stripe
- Monthly billing with automatic charge
- Annual prepayment available with discount
- Enterprise and GOV plans use invoice-based payment
Node Classes (Self-Hosted and Enterprise)
For organisations sizing their own gateway infrastructure:
| Node Class | vCPU | RAM | Licensed Throughput |
|---|---|---|---|
| N1 | 4-8 | 16-32 GiB | 125 Mbps |
| N2 | 8-16 | 32-64 GiB | 500 Mbps |
| N3 | 16-32 | 64-128 GiB | 1.25 Gbps |
| N4 | 32-64 | 128-256 GiB | 2.5 Gbps |
Cluster Sizing
For high availability, deploy nodes in clusters:
| Cluster Class | Topology | Total Throughput |
|---|---|---|
| C1 | 2-node HA | 250 Mbps |
| C2 | 4-node HA mesh | 1 Gbps |
| C3 | 8-node HA mesh | 2.5 Gbps |
| C4 | 16-node HA mesh | 5 Gbps |
Entitlement Enforcement
Plan limits are enforced technically, not just commercially:
- User cap: The control plane rejects new user creation once the cap is reached
- Device cap: Enrollment is rejected when the device limit is reached
- Throughput cap: Gateway traffic metering enforces bandwidth limits per tenant
- Region cap: Gateway pools cannot be created in regions beyond the plan limit
Exceeding soft limits (like traffic) triggers overage billing. Exceeding hard limits (like user count) is blocked at the API level with a 409 Entitlement Exceeded response.
Support Tiers
| Tier | Hours | Channels | P1 Response | P2 Response |
|---|---|---|---|---|
| Basic | Mon-Fri 09:00-17:00 UTC | < 8 hours | < 24 hours | |
| Standard | Mon-Fri 07:00-22:00 UTC | Email + Chat | < 4 hours | < 12 hours |
| Premium | 24x7 | Email + Chat + Phone | < 1 hour | < 4 hours |
| Dedicated | 24x7 | Named TAM | < 30 minutes | < 2 hours |