Sign up free — the free tier includes 500 QURLs/month and you can start creating QURLs immediately. No call required, no approval process. For enterprise deployments with custom domains and SLAs, contact us to schedule a 30-minute onboarding call.

Proxy mode deployments take less than an hour—just a DNS change and Okta app configuration. Sidecar agent deployments (coming soon) for EKS/ECS take 2-4 hours including testing. Full enterprise rollouts typically complete within 1-2 weeks.

For the free tier: just sign up and start creating QURLs — no infrastructure requirements. For production deployments: you need an Okta tenant (any tier), AWS infrastructure you want to protect, and admin access to configure DNS. No agents required for proxy mode.

LayerV offers three tiers: Free (500 QURLs/month for developers), Pay-per-use with volume discounts for growing teams, and Enterprise annual contracts with custom SLAs. Contact us for enterprise pricing details.

All plans include email support, documentation, and access to our engineering team during onboarding. Enterprise plans include dedicated Slack channel, 24/7 support, and a named customer success manager.

Yes — we have a free tier with up to 500 QURLs/month that anyone can sign up for right now. No approval needed, no credit card required. Just create an account and start building.

LayerV integrates natively with Okta via SAML 2.0 or OIDC. We support Okta Device Trust for device posture verification, Okta Groups for access policies, and Okta System Log for unified audit trails. Setup takes minutes through our guided configuration. Learn more about our Okta integration.

LayerV can protect any AWS resource including ALB/NLB endpoints, API Gateway, EC2 instances, EKS clusters, RDS databases, and internal tools like Jenkins, Grafana, and admin panels. Our proxy mode requires only a DNS change.

No. Proxy mode is completely agentless—users authenticate via their browser with Okta SSO. For advanced use cases like SSH access or non-HTTP protocols, we offer an optional lightweight agent.

Our primary focus is Okta integration, but we're actively expanding support. If you use Azure AD, Google Workspace, or another IdP, contact us at info@layerv.ai—we'd love to discuss your use case and timeline.

While we're optimized for AWS infrastructure today, LayerV can protect any internet-accessible resource. If you're on Azure, GCP, or on-premises infrastructure, reach out to info@layerv.ai to discuss your environment.

LayerV uses the cryptographic primitives defined in OpenNHP: Elliptic Curve Cryptography (ECC) for efficient public key operations, and the Noise Protocol Framework for secure key exchange and mutual authentication—the same framework used by WhatsApp and WireGuard.

No. Each knock includes a cryptographic timestamp and nonce. The Controller maintains a sliding window of seen nonces and rejects replays. Stale packets are automatically rejected.

Even if an attacker knows the URL, they cannot connect. All ports remain closed until a valid cryptographic knock is received. Port scans return nothing. The infrastructure is invisible at the network layer. Try our interactive demo to see this in action.

LayerV Controllers are deployed in high-availability clusters across multiple AWS availability zones. If a controller becomes unavailable, requests automatically failover to healthy nodes with no user impact.

Knock-to-access latency is under 50ms (p99), faster than typical VPN handshakes (100-300ms). Once connected, traffic flows directly with negligible overhead. Users don't notice any difference.

Failed knocks are silently dropped—attackers receive no response, maintaining invisibility. After configurable thresholds, source IPs can be temporarily blocked. All attempts are logged for security analysis.

VPNs encrypt traffic but still expose server IPs to the internet—attackers can find and probe your VPN endpoints. LayerV hides your infrastructure entirely. There's nothing to scan, nothing to attack. Plus, no client software required for web applications. See how LayerV works.

ZTNA solutions like Zscaler and Cloudflare Access control access at the application layer, but your infrastructure is still visible and scannable. LayerV operates at the network layer—ports don't open until after authentication. It's a complementary layer, not a replacement.

LayerV eliminates direct DDoS attacks against your infrastructure—you can't attack what you can't find. However, LayerV doesn't provide WAF functionality (SQL injection, XSS filtering) for your applications. We recommend using LayerV for infrastructure invisibility alongside a WAF for application-layer protection.

OpenNHP (Network Hiding Protocol) is an open standard developed by the Cloud Security Alliance. It defines cryptographic protocols for "authenticate first, connect second" networking. LayerV is a commercial implementation with enterprise features. Learn more about OpenNHP and open source.

Yes. LayerV provides identity-based audit logs for every connection, supporting SOC 2, HIPAA, PCI-DSS, and other frameworks requiring access logging and least-privilege controls. Every connection is attributed to a verified identity, not just an IP address.

We're currently pursuing SOC 2 Type II certification. Contact us for our current security documentation, including our security whitepaper and architecture overview.