Skip to content

Network services — software

Egress, identity, and routing infrastructure for organizations whose traffic profile breaks the assumptions of off-the-shelf VPNs and SaaS proxies.

What we provide

  • Stable outbound identity. A single egress IP per region for an entire workforce or fleet, eliminating the IP-reputation friction that flags accounts on GitHub, AWS, banking portals, B2B SaaS, and AI APIs when employees travel or rotate IPs.
  • Geographic egress routing. Per-connection choice of egress region, decoupled from where the client device sits. Source IP geography becomes a deployment variable.
  • Restrictive-network transports. DPI-resistant transports that survive deep packet inspection in jurisdictions where commercial VPN protocols are blocked. Per-region transport extensions are scoped per engagement.
  • Mesh and hub-and-spoke topologies. Star topology for centralized egress; full mesh for low-latency peer-to-peer. Both supported in the same control plane; topology is a deployment choice.
  • IP rotation defense. Pin all client traffic to a stable upstream IP. Eliminates account-flagging, MFA-rechallenge loops, and IP-reputation contamination from shared exit nodes.
  • Whitelisted intranet communication. Per-peer ACLs and subnet-scoped routing for cases where the network must reach internal services without exposing them to the public internet.
  • Operator admin API. REST surface for user, device, key, and topology management. Drives white-label admin consoles, customer SSO integration, or programmatic provisioning from the customer's existing IT systems.

Delivery models

  • Custom build. Ground-up implementation against a defined transport, region, and threat model. Customer owns source under proprietary license.
  • Framework deployment on customer infrastructure. Our framework codebase deployed onto a VPS the customer owns and operates. Single-tenant per customer; no customer traffic shares servers with another customer.
  • Fully managed service. We handle the entire infrastructure path on the customer's behalf — VPS procurement in the region the customer specifies, deployment, day-2 operations (key rotation, capacity, incident response), patching, and monitoring. The customer never touches infrastructure.
  • Customization on the framework. Per-region transport extensions, customer-issued attestation roots, custom admin workflows, integration with the customer's identity provider.
  • Hardware appliance bundles. Portable Wi-Fi appliances paired with the customer's deployment; see Hardware for SKU and firmware detail.

Single-tenancy is preserved across every delivery model. Even in the fully managed shape, each customer receives dedicated VPS instances; nothing is shared across customers. Multi-tenant SaaS is a separately scoped product line, not the default.

Pricing

Pricing structure is selected per engagement against the delivery model and the customer's procurement preferences:

  • Per-deployment fixed fee. A single negotiated fee covers the deployment regardless of seat count. Suitable for fixed-size workforces or appliance-style deployments.
  • Per-seat licensing. Priced against active user seats, with the deployment delivered onto customer infrastructure or onto infrastructure we manage on the customer's behalf. Seat counts are reconciled monthly or quarterly per the SOW.
  • Fully managed per-seat. Per-seat pricing inclusive of VPS infrastructure cost, with the studio absorbing or passing through infrastructure cost as agreed in the SOW. The customer receives one invoice covering software, infrastructure, and operations.
  • Hybrid combinations. Per-seat for some user groups, per-deployment for others; managed in some regions, customer-operated in others. Combinations are normal and negotiated in the SOW.
  • Ongoing operations are priced as a retainer against the SLA tier defined in the SOW.

Engagements typically open with a scoped review of the customer's traffic profile, threat model, and target jurisdictions under NDA, after which the delivery model and pricing structure are agreed.