Skip to content

Add a Usage Reporting and Billing page #34254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ptgott merged 3 commits into from
Nov 8, 2023
Merged

Add a Usage Reporting and Billing page #34254

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
72e0ec8
Add a Usage Reporting and Billing page
ptgott Nov 6, 2023
830edb8
Respond to twakes feedback
ptgott Nov 7, 2023
212aabc
Update docs/pages/usage-billing.mdx
ptgott Nov 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions docs/config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@
"title": "FAQ",
"slug": "/faq/"
},
{
"title": "Usage Reporting and Billing",
"slug": "/usage-billing/",
"forScopes": ["cloud", "team", "enterprise"]
},
{
"title": "Upcoming Releases",
"slug": "/upcoming-releases/"
Expand Down
92 changes: 92 additions & 0 deletions docs/pages/usage-billing.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
---
title: Usage Reporting and Billing
description: Provides a detailed breakdown of Teleport usage reporting and billing.
---

Commercial editions of Teleport send anonymized usage data to Teleport so we can
calculate billing metrics. This guide describes the anonymized usage data and
the billing metrics we calculate.

## Anonymized usage data

The commercial editions of Teleport send anonymized information to Teleport's
cloud infrastructure. This information contains the following:

- Teleport license identifier.
- Anonymized cluster name and Teleport Auth Service host ID.
- For each Teleport user, the anonymized user name and a count of interactions
with infrastructure resources enrolled in your Teleport cluster.

Self-hosted Teleport deployments aggregate interaction data before it reaches
Teleport Cloud. Teleport Cloud accounts provide this information as an
anonymized log, which Teleport aggregates over the billing period.

The count of interactions includes the following:

- Teleport logins
- SSH and Kubernetes exec sessions
- Web sessions with registered HTTP applications
- Connections with registered TCP applications
- SSH port forwards
- Kubernetes API requests
- SFTP actions

The anonymization is done by passing names and IDs through HMAC-SHA-256, with an
HMAC key that's randomly generated when the Teleport cluster is initialized and
is never shared with us. This makes it infeasible for anyone without access to
the cluster to deanonymize the data we store.
Comment on lines 34 to 37
Copy link
Copy Markdown
Contributor

@espadolini espadolini Nov 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bl-nero when we get to the implementation of RFD 0014e we should update this to mention that the HMAC key might be in the license file instead.


The code that aggregates and anonymizes this data can be found in our [GitHub
repository](https://github.com/gravitational/teleport/tree/master/lib/usagereporter/teleport/aggregating).

## Billing metrics

Teleport uses the anonymized usage data described in the previous section to
calculate three types of billing metrics:

- Monthly Active Users
- Teleport Protected Resources
- Teleport Identity Authorizations

### Monthly Active Users

Monthly Active Users (MAU) are calculated as the aggregate number of unique
active users (as defined in the Services Agreement and aggregated over each
monthly period starting on the Subscription Start Date and ending on each
monthly anniversary thereafter) accessing Teleport.

"Active" means a user having performed any auditable activity in a resource
(e.g., an action that would appear in an audit log such as logging into a
resource via the Web UI or via `tsh login`, submitting an Access Request, etc.).
The MAU calculation does not include automated actions, such as the modification
of a user's role by an administrator or the automatic creation of a user
automatically through an identity provider.

### Teleport Protected Resources

The Teleport Protected Resources (TPR) metric is calculated as the aggregate
number of unique resources (aggregated over each monthly period starting on the
Subscription Start Date and ending on each monthly anniversary thereafter)
connected to Teleport. A "resource" means any unique endpoint such as a
Kubernetes cluster, SSH server, database instance or serverless endpoint, that
is registered itself with the Teleport cluster and is protected by Teleport.

### Teleport Identity Authorizations

Teleport Identity Authorizations (TIA) are calculated as the aggregate number of
Authorization Requests (aggregated over each monthly period starting on the
Subscription Start Date and ending on each monthly anniversary thereafter)
processed by Teleport. An Authorization Request is the authorization by Teleport
of a client connection, API request, SSH session, or any other activity related
to a user.

## Usage measurement for billing

The counts of the billing metrics are aggregated on a monthly basis starting on
the Subscription Start Date and ending on each monthly anniversary thereafter.
The amount of usage purchased by a Teleport customer is based on the maximum
aggregate amount of a billing metric in a given month during the term of the
Subscription (also known as a high water mark calculation).

Reach out to sales@goteleport.com if you have questions about the
commercial editions of Teleport.