Enterprise
Everything in the open-source gateway, plus the infrastructure, support, and compliance tooling that production teams need.
Early AccessWhy Enterprise?โ
The open-source gateway is fully featured and production-ready for solo developers and small teams. Enterprise adds the operational layer required by organizations with strict security, compliance, and reliability requirements.
๐ SSO & SAML 2.0โ
Single sign-on via your existing identity provider โ Okta, Azure AD, Google Workspace, or any SAML 2.0 / OIDC-compliant IdP. Directory sync, just-in-time provisioning, and MFA enforcement are all included.
๐ข Advanced RBACโ
Role-based access control with custom roles, resource-level permissions, and hierarchical policy inheritance. Separate permissions for gateway configuration, API key management, log access, and billing.
๐ Audit Logsโ
Immutable, tamper-evident audit logs for every configuration change, key rotation, and administrative action. Export to SIEM tools (Splunk, Datadog, OpenSearch) via webhook or direct integration.
โก Priority SLAโ
Guaranteed response SLAs with dedicated Slack or Teams channel access. Escalation paths to senior engineers for P0 / P1 incidents with defined RTO/RPO commitments for production outages.
๐ Multi-Region Deploymentโ
Active-active and active-passive configurations across multiple cloud regions. Automated failover, global load balancing, and data-residency controls to meet GDPR, HIPAA, and regional data sovereignty requirements.
๐ง Custom Pluginsโ
Private, first-party plugin development on request. Build bespoke middleware for your specific routing logic, compliance checks, or data transformation requirements โ shipped as Go plugins or WASM modules.
๐ก Compliance Packsโ
Pre-built configuration profiles for SOC 2 Type II, GDPR, HIPAA, and ISO 27001. Includes PII inventory, data-flow maps, retention policies, and templated security questionnaire responses for your vendor review process.
โธ Kubernetes Operatorsโ
Official Helm chart + Kubernetes Operator for fully declarative gateway management. GitOps-ready CRDs for routing rules, API keys, and plugins. Horizontal pod autoscaling and PodDisruptionBudget templates included.
๐ On-Premises Deploymentโ
Air-gapped deployment packages for fully isolated environments. Includes offline model registry sync, self-hosted update server, and network-policy templates for zero-trust architectures.
๐ Advanced Analyticsโ
Request-level cost attribution, per-team usage dashboards, budget alerting, and cost forecasting across providers. ClickHouse-backed time-series storage for long-retention query analytics.
๐ท White-Labelingโ
Deploy the gateway under your own brand. Custom UI, custom domain, and custom documentation site available for resellers and platform teams embedding the gateway into a larger product.
๐ค Dedicated Onboardingโ
Hands-on migration from your current LLM infrastructure. Architecture review, configuration tuning, load testing, and runbook creation by a Ferro Labs solutions engineer.
Comparisonโ
| Feature | Open Source | Enterprise |
|---|---|---|
| All 29 providers | โ | โ |
| All 8 routing strategies | โ | โ |
| 6 OSS + 5 enterprise plugins | 6 OSS | โ All 11 |
| MCP integration | โ | โ |
| Prometheus metrics | โ | โ |
| Community support | โ | โ |
| SSO / SAML 2.0 | โ | โ |
| Advanced RBAC | โ | โ |
| Audit logs + SIEM export | โ | โ |
| SLA with dedicated support | โ | โ |
| Multi-region & HA deployment | โ | โ |
| Custom plugins | โ | โ |
| Compliance packs (SOC2, GDPR โฆ) | โ | โ |
| Kubernetes Operator | โ | โ |
| On-premises / air-gapped | โ | โ |
| Advanced analytics + cost attribution | โ | โ |
| White-labeling | โ | โ |
| Dedicated onboarding | โ | โ |
Get Startedโ
Early Access
Ferro Labs Managed enterprise plans are accepting early access signups. Join the waitlist to get started.
Join the Waitlist โ
Every feature in this list is additive. The open-source gateway is complete on its own โ enterprise is for teams that need organizational controls, compliance tooling, or commercial support on top.