Pricing Models: Security

Many security services of the Open Telekom Cloud are free of charge. Identity and Access Management (IAM), Anti-DDoS, and standard encryption* for services such as EVS, SFS, RDS are among them.

For the use of the Key Management Service (KMS) of customer-generated encryption keys (Customer Master Key, CMK) and for the execution of API calls, fees are charged according to usage. Default encryption keys (Default Master Key, DMK) are free of charge. Usage of generated keys is billed on an hourly basis. The free volume for KMS comprises 20,000 API calls (free tier). API calls beyond this are subject to a charge: 1,000 calls generate costs of 0.3 cents

The Web Application Firewall protects web domains. Its special feature is that the hours are split into tiers on a scale.

Cost of WAF, conversion to monthly WAFs that are used full-time (approximate values)

As with the other scales, the scales are quantity-based, i.e., in the case of ten commissioned WAFs, the first scale is used for the first three WAFs, the second for the following four and the third for the last three. Additional costs for requests occur: one million requests will be charged with 60 cents. Apart from requests and WAF instances, there are no other costs. You can create as many rules/policies as you want without incurring any additional costs.

*Web Application Firewall (WAF) (Classic) is deprecated and will be put end of live soon. Customers are advised to use the new more advanced Web Application Firewall (WAF) (Cloud Mode)

The new WAF in Cloud Mode, also called Cloud WAF, is the advances successor of the WAF (Classic). It combines the benefits of cloud-native billing from the WAF (Classic) and the cloud-native architecture and advanced features from the WAF (Dedicated).

In addition to the Web Application Firewall (WAF), there is also the Web Application Firewall (DWAF) (Dedicated) for protecting web servers. The DWAF requires the Elastic Load Balancer (ELB) in front of the WAF as internet-facing ELB and optionally behind the WAF for multiple web servers. There are dedicated virtual systems with 2 variants (100Mbit/s and 500Mbit/s bandwidth and a maximum of 2000 queries per second (QPS), respectively 10000 QPS for the larger variant) as well as exclusive dedicated resources/instances for customers. Billing is per instance/hour.

Database Security Service (DBSS) is an intelligent security service for databases. Based on machine learning and big data analysis technologies, the service checks databases for SQL injection attacks and identifies high-risk processes. Billing is per instance/hour.

The Host Security Service (HSS) helps to monitor and manage assets on servers, eliminate risks and defend against intrusion attempts (intrusion detection) and website manipulation. In addition, advanced protection and security functions are available that help to easily identify and manage threats. Billing is per asset (container node / ECS) with activated agent per hour.

The Cloud Firewall (CFW) is a next-generation cloud-native firewall. It protects Internet and VPC boundaries in the cloud through real-time intrusion detection and prevention, access control and traffic analysis. Billing is per instance/hour and analyzed traffic/GB.

* Fees for the use of the Key Management Service (KMS) are charged according to usage. The usage of the generated keys is on an hourly basis. The free volume for KMS includes 20,000 API calls. API calls beyond this are subject to a charge: 1,000 calls generate costs of 0.3 cents.