Self-Hosting Costs
Sombra is a simple web server hosted in a Docker container. It can be hosted in whatever framework you typically would use to run a Dockerfile. We recommend running it in a Kubernetes cluster, using our Helm chart.
Our out-of-the-box Terraform module for AWS has hosting costs around $170-$180/month which can be used as a benchmark. The image below is a breakdown of the bill that you would typically see for the AWS resources required to run the gateway:
Hosting the optional LLM Classifier is the most expensive part (and is not enabled in the image above), because it requires using an NVIDIA GPU.
Our out-of-the-box Terraform module uses AWS Fargate to simplify the process of managing and deploying container-based images. This gateway will receive a fair amount of traffic that is initiated by your customers, your employees and also Transcend's integrations. For improved performance and availability, we recommend running 2 instances to add more resiliency when there may be spikes in traffic (e.g. privacy policy update announced in an email chain).
If you are looking to cut costs, we recommend experimenting with smaller instance sizes before removing replication of instances. If you have a small volume of DSRs or discovery plugins, you could try 1vCPU and 5GB to bring the bill down to around $90/month.
It's common to replace Fargate with another framework for managing Dockerfile deployment (e.g. Kubernetes, EC2s, Nomad, Docker Swarm, etc.). If you don't want to use our Terraform module with Fargate, our recommendation is to deploy the Dockerfile using whatever framework your team may use for internal Dockerfiles.
Load balancers will be needed for communication between Sombra and Transcend, as well as your internal systems and Sombra.
Data Usage costs are variable based on a number of things:
- Number of DSRs submitted
- Number of Data Silos in a DSR
- Number of discovery Plugins and the Frequency that the scans run at
The $2/month baseline is a reference point of around 100,000 DSRs per month, processed across 8 different systems with a couple discovery plugins. 100,000 DSRs per month is much higher than the average company. Although you may see fluctuation in your bill related to request volume, in most cases this cost is negligible compared to the total hosting costs.
The Sombra gateway produces detailed logs of any sensitive operations that happen within your organization, this includes:
- Your Data Subjects submitting a DSR
- Your Employees submitting a DSR
- Your Data Subjects downloading their data
- Your Employees previewing data in an Access request
- Transcend sending a network request to your SaaS vendors for the purposes of fulfilling a DSR or Structured Discovery scan
- Transcend running an employee-verified SQL statement against one of your databases to fulfill a DSR or for a Structured Discovery scan
The Dockerfile produces these logs in a standard JSON format and they can be ported into your log tool of choice. Transcend ports logging into Datadog which we use to get visibility into logs and set alerts & metrics. We use AWS FireLens to do this. The cost of those logs is dependent on which vendor you use. Price per log and log retention policies factor into the pricing, but for Transcend it ends up being around $5-10/month per Sombra cluster per month.
The LLM Classifier needs to deployed onto a server with an NVIDIA GPU. For example, an EC2 instance that would meet this spec is the g5.xlarge instance, which costs $1.006 per hour with on-demand pricing, or about $724 every 30 days.
You can view costs for other AWS instance types using on-demand pricing here.
You may also choose to prepay for the instance type you plan on using, which can save considerable money in public clouds.
You can view costs for AWS instance types using prepaid, reserve pricing here.