/

Managed SaaS Deployment

The Managed tier is AegisWire's fully operated deployment model. AegisWire provisions, monitors, and maintains all infrastructure on your behalf. You focus on configuring policies and managing users — we handle everything else.

What You Get

When you sign up for the Managed tier, AegisWire provisions the following dedicated infrastructure for your organisation:

  • Dedicated Go Control Plane: Your own isolated control plane instance running on AWS ECS Fargate. No other customer shares your control plane, your configuration, or your admin interface.
  • Dedicated PostgreSQL Database: Your own isolated database instance (AWS RDS) storing your users, devices, policies, and audit logs. No data is shared with other tenants.
  • Shared Regional Gateway Fleet: Your VPN traffic routes through AegisWire's shared regional gateway pools. Tenant isolation is enforced at the protocol level — per-tenant AEAD encryption keys, per-tenant session tables, and per-tenant traffic metering ensure no cross-tenant data leakage.

Architecture Overview

Your Users / Devices
      |
      v
AegisWire Regional Gateway Fleet (shared, protocol-isolated)
      |
      v
Your Dedicated Go Control Plane (ECS Fargate)
      |
      v
Your Dedicated PostgreSQL (RDS)

The shared gateway fleet model is the same architecture used by Cloudflare Zero Trust, Tailscale, and other major commercial VPN providers. Every packet carries your tenant ID, and cryptographic isolation ensures that one tenant cannot observe, inject, or interfere with another tenant's traffic.

Signing Up

  1. Visit aegiswire.com and select a Managed plan
  2. Complete the multi-step signup process with your organisation details
  3. Choose your primary region from AegisWire's supported regions
  4. Complete payment via Stripe
  5. AegisWire provisions your dedicated control plane (typically within minutes)
  6. You receive an email with your admin portal credentials

Accessing Your Account

After provisioning, manage your account via the customer portal at app.aegiswire.com. Your dedicated control plane is accessible at a unique URL assigned to your organisation. The admin interface provides full management capabilities:

  • User and group management (built-in, no external IdP required)
  • Device enrollment and lifecycle management
  • Policy creation and distribution
  • Gateway pool status and health monitoring
  • Session management and real-time monitoring
  • Audit log viewer with filtering and export
  • Identity provider configuration (optional — for SSO federation)

Region Selection

At signup, you select your primary region. Your plan determines how many regions you can activate:

Plan Included Regions
Starter 1
Professional 3
Business 5

Additional regions can be added as part of a plan upgrade. Each region hosts gateway endpoints that your client devices connect to — users are routed to the nearest healthy gateway.

Tenant Isolation Guarantees

Even though the gateway fleet is shared, your data is fully isolated:

  • Cryptographic isolation: Each tenant has unique AEAD encryption keys derived from tenant-specific key material. Traffic from one tenant is unreadable by another.
  • Session isolation: Per-tenant session tables prevent cross-tenant session confusion.
  • Traffic metering: Per-tenant bandwidth tracking enforces your plan's throughput caps independently of other tenants.
  • Control plane isolation: Your Go control plane instance runs in its own container with its own credentials and its own database. No shared state with other tenants.

Monitoring and Billing

The AegisWire business platform monitors your managed deployment:

  • Usage metering: Bandwidth, active users, and device counts are tracked and reported in your customer portal at app.aegiswire.com
  • Overage enforcement: If you exceed your plan's included traffic or user cap, overage billing applies automatically
  • Health monitoring: AegisWire operations monitors your control plane and the gateway fleet 24/7

Limitations of Managed Tier

The managed tier does not include:

  • Dedicated gateway nodes (use Enterprise tier for dedicated gateways)
  • Custom gateway configuration
  • Direct access to infrastructure (containers, databases, or network)
  • Visibility into gateway fleet topology

If you need dedicated gateway infrastructure, a private deployment, or compliance with requirements that mandate dedicated hardware, consider the Enterprise tier or the Hardware Appliance.

Support

Managed tier plans include support based on your plan level:

  • Starter: Basic support (Mon-Fri 09:00-17:00 UTC, email only)
  • Professional: Standard support (Mon-Fri 07:00-22:00 UTC, email and chat)
  • Business: Premium support (24x7, email, chat, and phone)

SLA commitments for the managed tier:

  • Control plane availability: 99.9% monthly
  • Gateway availability: 99.95% monthly per region
  • SLA credit: 10% of monthly fee per 0.1% below target, capped at 30%