Good morning. I am evaluating Ory Cloud, but I hav...
# ory-network
Good morning. I am evaluating Ory Cloud, but I have several questions that I couldn't find the answers to on the site.
Welcome :) Feel free to ask away
For Cloud specifically, check out #cloud
We handle B2B users, and we have a new requirement for a few hundred of them
We want to avoid VPNs and move to a Zero Trust approach.
The oathkeeper iap proxy would be in Ory's infrastructure, correct?
Latency is one concern in our solution, and the location of services is critical.
Also, users connect usually once a day, but stay for hours. How does this affect pricing?
Hey @thankful-oyster-73550, are you also looking to solve Authentication/User Management or just an IAP proxy? Ory Oathkeeper is a part of Ory Cloud as Ory Proxy ( It is basically Oathkeeper integrated in Ory Cloud, and you have to run it on a VM/Docker/k8s. As for latency and location, that probably depends how low/where, but we work closely with our users to ensure low latency.
users connect usually once a day, but stay for hours. How does this affect pricing?
Currently Startup&Growth plans are free for one year! But in general we price for API consumption, so how long a user stays does not affect it, only No. of calls to the Ory APIs. But @orange-needle-13244 can tell you more about individual pricing plans.
Happy to get you some information on that
Sorry to jump in, but can I get in on that pricing information? 🙂
@magnificent-energy-493, if we split the authentication as I am investigating, we would need all cloud items.
@orange-needle-13244, in Ory Cloud, what is hosted and what is deployed in our infrastructure? As I understood, Ory proxy is deployed locally, correct? Can I have multiple proxies, in different servers?
Neat! You can deploy multiple Ory Proxy if you want to protect multiple projects and you only host Ory Proxy, the rest is hosted&maintained by Ory. We also will soon offer CNAME, that would potentially eliminate the need for the proxy.
One of the requests is to handle a third party application that has to connect directly to the server. Usually we do with a VPN, but how can we do with Ory? We don't have acccess to the application developer.
I see! Ory Proxy (at least now) handles connectivity with Ory Cloud to streamline securing access to our service. It does not work as a VPN or traffic tunnelling in general. So you can use Ory Cloud to authenticate your users, but you would still need some other kind of VPN or IAP. Ory Oathkeeper however can be used as an Identity Aware Proxy when selfhosting! We are planning to offer the full potential of Ory Oathkeeper as a managed service, but that some time out.
@magnificent-energy-493, so if I use Ory Cloud, and install Oathkeeper in our local servers, does it work? Meaning, all configuration and maintenance in cloud, but IAP locally?
Yes! The APIs in Ory Cloud are exactly the same as when selfhosted. So if you configure Oathkeeper to talk to the Ory Cloud API it will work fine. In fact many are using it this way, use Oathkeeper as an IAP and then connect to a Auth Provider (like Ory Cloud).
Also have a look at this guide, it is outdated, so be careful. But it can give you a place to start with Oathkeeper. Just substitute Ory Kratos in the guide with the Ory Cloud APIs: