docs/COST_PLAN.md

Cost Plan — SysEleven Infrastructure

Companion to INFRASTRUCTURE.md and IMPLEMENTATION_PLAN.md. Pricing source: SysEleven-Cloud-Services-Preisinformationen_01_26_v2.pdf (effective 2026-01-20). All prices net EUR, exclusive of 19% VAT. Region: DUS2 + HAM1.

---

1. TL;DR

Locked topology (2026-05-18): 4 billable VMs — 1 stage + 3 prod — totalling 48 GiB-RAM. See INFRASTRUCTURE.md §1.

All four pricing modes, side by side, at the locked sizing:

Mode	Compute €/mo	Storage €/mo	Network €/mo	Total net €/mo	+ 19% VAT	Annual gross €
On-Demand	434.50	112	2.92	549.42	653.81	7,846
12-month commit	295.20	112	2.92	410.12	488.04	5,856
36-month no upfront	216.00	112	2.92	330.92	393.79	4,725
36-month upfront	192.00	112	2.92	306.92	365.23	4,383

36M upfront one-time payment: €6,912 net at signing (compute only; storage + network still billed monthly).

Recommended cash plan for Year 1:

1. Months 1–3: burn On-Demand (~€549/mo) while flavors get proven against real workload
2. Month 4 onward: sign 36M-upfront commit at proven size (~€307/mo)
3. Year-1 total infra: €4,410 net / €5,248 gross + one-time €6,912 upfront in Month 4

Growth tiers extend that same baseline (next 4 sections drill in).

---

2. What to use / what to skip

Use from day one

Service	Why	Cost
OpenStack IaaS (m2 GP)	Bread and butter. General-purpose 1:4 vCPU:RAM fits everything.	per VM, see §3
Block Storage (Ceph)	3x replicated, persistent. €0.10/GiB/mo.	per GiB
Object Storage (S3)	Backups, audit logs, demo seed bundles, export ZIPs. €0.02/GiB/mo.	per GiB
Floating IP	Public IPs for vm-edge (1) and stage (1).	€2.92/IP/mo
VPN as a Service	Inclusive. Use for ops access from our laptops.	€0
Self-Service Support	Free. Adequate while we're shaking out the platform.	€0

Defer until clearly needed

Service	When to add	Cost
DNS Zones (DNSaaS)	Never — we self-host PowerDNS on vm-edge per self-hosted-oss-first	€10/zone — skipped
Load Balancer (Octavia)	When we add a second vm-edge for HA (Tier D). Until then orca-proxy + Floating IP is enough.	€14.60–57.67/mo
Business Support	When MRR > €5k. Below that, Self-Service docs cover us.	€185/mo
Priority Support	Only if we sign an Enterprise contract that requires <1h response.	€545/mo
DDoS Guard PLUS	After first attack OR before launching anything customer-promoted.	€875/mo
DBaaS PostgreSQL Cluster	When tenant_registry Postgres becomes the bottleneck (200+ customers, see RISK-1 in INFRASTRUCTURE.md).	€213–426/mo per cluster (m2.small–medium, 36M upfront)
MetaKube Core (managed K8s)	We use Orca (the user's own product). MetaKube would compete with Orca, not complement it. Skip unless Orca is replaced.	€0 by design
Managed VM (Business/Priority)	Defeats Orca. We are the ones who manage VMs.	skipped — saves €1k+/mo
Operational Support Platform	€759–€1,479/mo. Massive overkill until late stage.	skipped

GPU instances (separate concern)

LiteLLM today is a passthrough. If we ever self-host an inference model:

• L40S (24 GB GPU RAM): €1,309/mo On-Demand, €1,086 (12M), €877 (24M)
• H100 NVL (94 GB): €5,755/mo On-Demand, €4,637 (12M), €3,743 (24M)

For now: route LLM calls through LiteLLM → external provider. Add GPU only if a customer pays for dedicated inference.

---

3. Per-VM sizing — Locked topology (Tier A, 5 customers)

Flavor mapping from INFRASTRUCTURE.md §1 to SysEleven m2 General Purpose (1 vCPU : 4 GiB RAM, 50 GiB ephemeral root included).

Compute — all four pricing modes side by side

VM	Env	Flavor	vCPU	RAM	On-Demand	12M	36M no-upfront	36M upfront
stage	stage	m2.small	2	8 GB	72.42	49.20	36.00	32.00
vm-edge	prod	m2.small	2	8 GB	72.42	49.20	36.00	32.00
vm-control	prod	m2.medium	4	16 GB	144.83	98.40	72.00	64.00
vm-data	prod	m2.medium	4	16 GB	144.83	98.40	72.00	64.00
TOTAL			12	48 GB	434.50	295.20	216.00	192.00

36M upfront one-time cost: 192 × 36 = €6,912 net at signing (compute only; everything else billed monthly).

Reference per-GiB-RAM rates (the linear model behind all numbers above):

Mode	€/GiB-RAM/mo
On-Demand	9.05
12M commit	6.15
36M no-upfront	4.50
36M upfront	4.00

Any future sizing change can be sanity-checked as RAM × rate.

Storage — Tier A steady state

Item	GiB	€/GiB/mo	€/mo
stage block (ephemeral PG + Mongo + Qdrant in-VM)	+50	0.10	5.00
vm-edge block (pg-keycloak + pg-infisical + Gitea repos)	+50	0.10	5.00
vm-control block (MariaDB + Stalwart spool)	+250	0.10	25.00
vm-data block (MongoDB + pg-app + Qdrant + MinIO)	+500	0.10	50.00
Object storage — geo-redundant backups (DUS2↔HAM1)	~500	0.0496	25.00 (€12.50 first 6mo via launch discount)
Object storage — seed bundles + exports + audit archive	~100	0.02	2.00
Storage subtotal (steady state)			112.00
Storage subtotal (first 6 months)			99.50

Network

Item	€/mo
1 Floating IP (vm-edge — only public host in prod)	2.92
1 Floating IP (stage — public for tester access)	2.92
PowerDNS (self-hosted on vm-edge)	0
Octavia Load Balancer (deferred to Tier D HA phase)	0
Network subtotal	5.84

Storage table above uses 1 Floating IP. Adjust to €5.84 if running stage with its own public IP (recommended). One-line delta of €2.92/mo.

Combined Tier A — four-mode summary

Mode	Compute	Storage	Network	Total net €/mo	+ 19% VAT	Annual gross €
On-Demand	434.50	112	5.84	552.34	657.28	7,887
12M commit	295.20	112	5.84	413.04	491.52	5,898
36M no-upfront	216.00	112	5.84	333.84	397.27	4,767
36M upfront	192.00	112	5.84	309.84	368.71	4,425

Recommended cash plan — Year 1 (use this line in the pitch)

Months	Mode	€/mo (net)	Subtotal €
1–3 (rightsizing window)	On-Demand	552.34	1,657
4–12 (proven baseline)	36M upfront	309.84	2,789
Year-1 infra net			4,446
+ 19% VAT			5,291
+ one-time 36M upfront in Month 4	(compute)		6,912
Year-1 cash out (gross)			12,203

3-year cumulative (full 36M commitment term)

Item	€
Months 1–3 On-Demand (compute+storage+net)	1,657
Compute 36M upfront (paid Month 4)	6,912
Storage + network, 36 months × ~118 €/mo	4,248
3-year infra net	12,817
+ 19% VAT	15,252

---

4. Growth tiers — what scales when

Tier A — Pilot (5 customers, first 6 months)

• Locked topology: 4 VMs (stage + vm-edge + vm-control + vm-data). See INFRASTRUCTURE.md §1.
• Year 1 cash plan: 3 months On-Demand → 36M upfront. ~€310/mo committed compute+storage+net + one-time €6,912.
• Add: Self-Service support (free). Skip LB, DNSaaS, DDoS, DBaaS, MetaKube, Managed Services.

Tier B — Early growth (50–200 customers, Year 1)

• Vertical scale only. Bump vm-data m2.medium → m2.large (+€64/mo for 36M upfront).
• Add cold-standby vm-edge-spare (€0 idle, only billed during a swap event).
• Add Business Support (€185/mo) once MRR > €5k.
• Add LB Single Instance (€14.60/mo) when we want zero-downtime portal deploys.
• Add DDoS Guard PLUS (€875/mo) before any marketing push.
• Estimated total: ~€1,100–1,400/mo + VAT.

Tier C — Scale (500–1000 customers, Year 1–2)

• Split vm-data into vm-data + vm-data-db (move pg-app to its own VM; resolves RISK-1).
  • Alternative: move pg-registry to DBaaS m2.small cluster (3 inst, 36M upfront): €213/mo
• Split vm-control into vm-control + vm-ops (ERPNext + MariaDB + Stalwart go to vm-ops): +€64/mo
• HA edge: second vm-edge, switch Floating IP → Load Balancer Double Instance (€58/mo).
• Object storage growth: audit logs, exports, demo backups → estimated 2 TB = €40/mo.
• Estimated total: ~€2,000–2,500/mo + VAT.

Tier D — Full scale (2000 customers, Year 2–3)

• 3-node clusters on hot paths: vm-control × 2, vm-data × 2.
• Split vm-edge into vm-edge + vm-identity + vm-secrets (back toward original 7-VM design).
• DBaaS m2.medium cluster (4V/16GB, 36M upfront): €426/mo for tenant_registry.
• Keycloak HA cluster: 2 vm-identity (m2.medium) + Postgres replica.
• Priority Support (€545/mo) becomes worth it.
• Object storage: ~5 TB = €100/mo.
• DDoS Guard PREMIUM (€2,200/mo) if traffic warrants — likely stays on PLUS.
• Estimated total: €4,500–6,000/mo + VAT.

Compute scaling cheat sheet (vs locked topology)

Tier	Customers	Topology delta from Tier A	Compute €/mo (36M upfront)
A	5	locked baseline: stage + 3 prod VMs (48 GiB)	192
B	200	+ vm-data bumped m2.med → m2.large (+16 GiB)	256
C	1000	+ split vm-data (+16 GiB), split vm-control (+16 GiB)	384
D	2000	+ split vm-edge (3 → 3 VMs), HA clusters (~+90 GiB)	~640

The €4/GiB-RAM/mo rate (GP, 36M upfront) is the linear model — everything else (storage, network, support, DBaaS, DDoS) scales sub-linearly with customer count. Compute is never the bottleneck on the bill.

---

5. Cost per customer

Tier	Customers	Monthly infra net (€)	Per customer/month (€)
A	5	310	62.00
B	200	1,200	6.00
C	1000	2,300	2.30
D	2000	5,000	2.50

At Tier A the per-customer cost is irrelevant — fixed costs dominate. From Tier B onward our gross margin on a Professional plan (assume €99/customer/month) is ~94% infrastructure-only. Add LLM passthrough (LiteLLM) + Polar.sh fees (~5%) + on-call time, and we are still well above the 80% gross margin floor SaaS investors look for.

Break-even: ~4 paying customers at €99/mo covers Tier A infra (€310/mo net).

---

6. SysEleven services we explicitly skip and why

Service	Why skip
DNSaaS (€10/zone)	We self-host PowerDNS on vm-gateway. €0 marginal cost since vm-gateway exists anyway.
MetaKube Core	Orca already orchestrates our containers. MetaKube would mean abandoning Orca, which the user owns.
MetaKube Accelerator	Same — competes with Orca.
MetaKube Operator add-ons (ExternalDNS, Cert-Manager, Tideways, Velero etc. at €78–171/mo each)	We pick and roll our own per self-hosted-oss-first.
Managed VM (Business €128–142/mo per VM, Priority €164–182)	Defeats Orca. We are the operators. Saves €1k+/mo at 7 VMs.
Operational Support Platform (€759–1,479/mo)	Massively over-specified for our scale. Buy individual Engineering Support days (€1,264/day) on demand if a real incident requires it.
DDoS Guard PREMIUM (€2,200) / ENTERPRISE (€4,800)	PLUS at €875/mo is enough for ≤500-customer scale. Upgrade if we see actual 1+ Tbps attacks.
Block Storage for Databases (€0.09 vs €0.10)	The €0.01/GiB difference saves ~€5/mo at our scale. Use it only on DBaaS cluster volumes (where SysEleven enforces it anyway).

---

7. Negotiation levers

SysEleven publishes list prices but is open to commercial negotiation, especially as a German Mittelstand provider courting startups. Things worth asking for:

1. Startup credits. Hetzner, OVH, and most EU clouds run startup-credit programs. Ask SysEleven for the equivalent before signing the 36M commit. Even €5–10k of credits = 6–12 months of Tier A infra free.
2. EXIST / HTGF discount. If we close the €1.5M raise (project_breakpilot_fundraising), SysEleven sometimes offers "Gründerförderung" pricing for HTGF-backed companies.
3. Single-region discount. We don't need DUS2 + HAM1 geo-redundancy at Tier A. Ask if single-region (DUS2 only) is cheaper.
4. Object storage commitment. 6-month 50%-off on geo-redundant storage applies anyway, but bulk commitments on regular S3 may unlock further pricing.
5. Bundled support. If we commit to 36M IaaS + Business Support, ask for support fee waiver in year 1.
6. Move-in incentive. Negotiate a setup/migration credit covering first 3 months of On-Demand burn.

---

8. Open questions / things to validate

• Port 25 outbound from vm-ops. Confirmed with SysEleven that outbound SMTP is allowed by default; if not, fall-back is to relay through Postal/Postmark for transactional only.
• Region choice. DUS2 vs HAM1 — DUS2 is the only region for L40S GPUs, HAM1 has A30. If we never self-host inference, region is purely a latency choice (DUS2 closer to most EU customers).
• Geo-redundant Ceph backups. Currently planning local block + S3 backup. Could also use SysEleven's geo-redundant S3 (DUS2 ↔ HAM1) for true DR. Cost: €0.05/GiB/mo vs €0.02 single-region. At 500GB backup that's €15/mo extra — buy it.
• Egress traffic. Fair Use policy — they reserve the right to bill if we exceed normal patterns. CERTifAI LLM passthrough could be heavy. Ask for clarification on what triggers metered billing.
• VPN-as-a-Service inclusive. Confirmed in the pricing doc. Use it for ops access — replaces our need to build IP-allowlists into Orca-Proxy for erp. and git..

---

9. Recommendation summary

1. Sign On-Demand for first 90 days. Burn ~€1,365/mo while you find the right flavor for each VM.
2. At Day 90, commit 36M upfront on proven baselines. Cuts monthly to ~€700.
3. Keep all 7 VMs separate. The €100/mo difference vs. consolidation is not worth losing failure isolation.
4. Skip every Managed Service. We have Orca.
5. Add Business Support at €5k MRR, DDoS PLUS before any public marketing push.
6. Negotiate startup credits before signing. Could be worth months of free infra.

---

End of document. Pricing snapshot 2026-01-20; re-check before signing commitments.