ABCDEFGHIJKLMNOPQ
1
https://i42.quest/baas-discord
https://i42.quest/baas-compare
💡Sponsored by Dylan Xblade Hunt, "Xblade" (Imperium42)💡Connect with me on LinkedIn
💡Want to contribute as an editor? Ask Xblade in Discord!
2
⭐ = Mods Choice Award (Unsponsored)"Premium"
AccelByte Gaming Services
"Starter"
AccelByte Gaming Services
⭐AcceleratXR
(AXR)
Amazon GameSparks
(AGS)
Amazon GameTech
(AWS)
Azure PlayFab (PF)
by Microsoft
Beamable⭐BrainCloud (BC)
by bitHeads Inc.
Epic Online Services (EOS)
by Epic Games
Google FirebaseLootLockerUnisaveUnlockd
(Formerly UETOPIA)
UnisaveUnordinalEXTR4L1F3
(Xtra)
3
GENERAL, PRICINGGENERAL, PRICING
4
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
⚠️ IMPORTANT NOTES ⚠️
⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️
Skip this if !AAA, but if you are AAA - this is going to be your lifeblood.Very new - so new that you may have trouble Googling or finding other devs that have coded this.they got acquired, pending new commercial offering (sept 2023)⚠️ Determined to be vaporware

⚠️Early Access
[NDA'd Roadmap]
💡 Identical to Core AWS
⚠️ No native Steam Auth
⚠️ Cloud scripts are raw Azure infra and is excluded from PF support. Very high learning curve to setup Azure infra with confusing price models.

⚠️Unreal user? The game server side (Lobby/Matchmaking) is pretty much unusable; very Unstable.
Lobby/Matchmaking is broken, there are no native socket-based events (OSS separate SDK has severe limitations like no premades and has almost no support/documentation)

⚠️Renders entire modules unusable without updating the docs even years later to let you know.
Documentation is dated and guides you down rabbit holes of confusion.

Read More
--⚠️Client-Side
Semi-Vulnerable
---⚠️ Blockchain(BTC)-based:
You cannot run this on Steam || Android || Apple stores
-this company is no longer I believe.⚠️ Shared Environment (Free) solution removed in 2022

(Self-hosted solution ok!)

Open Source on Github
Will be updated at least until 2024

More news coming within 2023 about a new service(?)
5
Launch Date (or mark 'Early Access')?202320182022?2015(?)?20142021?20202019????
6
Website (omit https://www for brevity)accelbyte.iohttps://accelbyte.io/pricing
TODO: Is there a better site? --Xblade
acceleratxr.comdocs.aws.amazon.com/gamesparksaws.amazon.com/gametechplayfab.combeamable.comgetbraincloud.comdev.epicgames.comfirebase.google.comlootlocker.comunisave.cloudunlockd.ggunisave.cloud?https://github.com/xtralifecloud
7
Type(s)
Authoritative? BaaS? DGS? Hybrid?
Authoritative BaaS
+
Realtime DGS
(Hybrid)
Authoritative BaaS Authoritative BaaS
+
Realtime DGS
(Hybrid)
Authoritative BaaSAuthoritative IaaS
+
Realtime DGS
(IaaS Modules)
Authoritative BaaS
+
Realtime DGS
(Hybrid)
Authoritative BaaSAuthoritative BaaS
+
Realtime DGS
(Hybrid)
Realtime Client-Hosted Servers
+
Limited BaaS
Authoritative BaaSAuthoritative BaaS??Authoritative BaaS?Self-Hosted, Authoritative
+
Realtime DGS
(Hybrid)
8
Notable Client/Game List
* Disclaimer: Names are only posted if
publicly discoverable, generally with a src link.
These are best-guess (probable) associations.
Splitgate (1047 Games)?RedpillVR
Superbitmachine (Armajet)
Hexarchia (Overdroid)
?New WorldFull Service:
Roblox
Minecraft
Forza
Flight Simulator
More

ONLY Party/Chat Service:
Halo
Gears of War
Doom Eternal
Sea of Thie
ves
Outriders
?AtariFortnite
Hades
Dauntless
Rocket League
Paragon
?Hokko Life
SNOW
Block'Em
We Who Are About to Die
Rust Racers
Robot Lord Rising
?formup.gg???
9
Target AudienceAAA that want to own their own environment (launcher, etc) and customize to the fullest extent; advanced dev experience recommended.Indie~AAExperienced devs that want advanced features at a low cost."Fully managed AWS service that provides a multi-service backend for game developers. You can focus on building your game and leave managing and scaling your cloud infrastructure to AGS."Experienced devs that want reliability and flexibility, that may have integrations with other services (such as BrainCloud).* Devs that want an Azure db (with C# beta support)
* Nice web dashboard/portal and scaling prices based on usage.
* For cloud code: targeting very advanced Azure infra devs.
* For platorms, targeting Unity -- most definitely not Unreal.
C# Unity devs that want to upload their Unity project to the cloud to act as a server to match their client architecture; low priceDevs of all levels that want an Intuitive dashboard/portal with numerous prebuilt feats where it's free to start, but grows as you grow; the more efficiently coded, the more $$ you save.To those looking for a 100% free product with oAuth2 (login), stats, and P2P servers/lobbies for desktop games.Mobile app devs looking for a cheap, barebones solution with nothing prebuilt except for oAuth2 ("Login With...").?Unity DevsSmall studios and indie devsUnity Indies??Devs that want an open source backend on a flexible, affordable product.
10
High-Level Summary
To prevent information overload.
(No marketing fluff words)
AccelByte.io provides an affordable, comprehensive white-label backend for game studios to develop, publish, and operate games-as-a-service. allowing studios to fully own their user data and keep much more of their revenue.

Services incl. user account management, commerce, profile/stats/cloud save, lobby & matchmaking, social, game telemetry & analytics, player portal/launcher/patcher, and crash reporting. AccelByte also supports cross-platform play & progression and seamlessly allows crossover between titles.
Free indie variant of AccelByte that looks quite promising, although very newOffers tons of AAA features for simple to complex online and MMO projects including real-time and asynchronous multi-player capability. Open technology platform built on NodeJS (TypeScript) and Kubernetes using proven industry standards.

Flexibile pricing structures ranging from do-it-yourself royalty based, premium support contracts to fully managed hosted solutions with simple per MAU pricing.

The team's former experience (not AXR, itself) has experience working with AAA titles such as Hawken and XCOM 2.
Succeeded from the original "GameSparks", but sigificantly slower than we anticipated (GS Classic will be gone by the time AGS has a full launch). Has high potential, but taken with skeptism due to the sloppy (and unexpected) GameSparks sunset that really hurt devs that used it.Amazon GameTech is the umbrella of Amazon web services dedicated to games currently has 175 microservices that can be stiched together to make back-end systems along with other functionality.

GameTech incorporates everything from back end tech, RT + Matchmaking, Twitch, DB + Storage, Analytics and AI + ML
PlayFab is a full-featured BaaS built to handle all of your LiveOps needs, whether you’re a small indie studio or building a AAA game or MMO.

Featuring authentication and cross-network identity, leaderboards, inventory and economy management, analytics, hosted multiplayer servers, matchmaking, groups, CMS, CDN, robust engagement features, cloud server functions*, voice chat, RT P2P networking, push notifications, and more.

*Cloud script accepts a link to a raw Azure Function, completely detached from PF.

*Unity is immensely priroitized over Unreal.
Beamable enables game makers to easily add social, commerce and content management features to their games with drag-and-drop prefabs inside Unity3D without the need of a game server.

A Unity package features ready-to-ship user interfaces distilled from best-practices with every feature, and a visual skinning designer so they seamlessly integrate with the developer's game.

A fully managed SaaS backend powers Beamable with features including Accounts, Social Login, Groups/Guilds/Teams, Chat, Friends, Leaderboards, Live Events, Tournaments, In-Game Mail, Push Notifications, News/Announcements, Analytics, Segmentation, Stats/User Properties, Commerce/Storefront, Payments (Steam, Windows Store, iOS, Google Play, Amazon, Facebook/Gameroom, Flexion), Inventory, and a Relay Server for deterministic real-time multiplayer and turn-based multiplayer.

Still in development (but already has live titles): Has bright and promising future.
Ready-made platform to dev feature-rich games.

Core feats: Cloud saves, leaderboards, tournaments, divisions, friends, achievements, milestones, quests, groups

Advanced real-time (RTT) feats include RTT events, chat, messaging.

MP feats include online + offline MP modes, hosting, relay and room servers, lobbies and online matchmaking.

Live pricing plans begin at $15/mo.

Private instance licenses also available.

For more information on pricing, check the BC Calc Tab
Brand new, 100% free service (often called EOS). Holds huge potential, but is still so new that no one knows what to think, yet.

The service is quite similar to Steam's mplayer service, but platform/engine-independent: P2P, key/val storage (no direct DB access), stats, achievements, lobby, matchmaking, oAuth2 and analytics. Mobile support coming soon.
Targeted towards small-scoped games on mobile/web. One of the cheapest BaaS in price.LootLocker is a game backend-as-a-service with plug and play tools to upgrade your game and give your players the best experience possible. Designed for teams of all shapes and sizes, on mobile, PC and console. From solo developers, indie teams, AAA studios, and publishers. Built with cross-platform in mind.

Manage your game
Save time and upgrade your game with leaderboards, progression, and more. Completely off-the-shelf features, built to work with any game and platform.

Manage your content
Take charge of your game's content on all platforms, in one place. Sort, edit and manage everything, from cosmetics to currencies, UGC to DLC. Without breaking a sweat.

Manage your players
Store your players' data together in one place. Access their profile and friends list cross-platform. Manage reports, messages, refunds and gifts to keep them hooked.
?unlockd.gg provides a full stack of open source tools from game client, game server, backend, and metagame servers.

Features include Achievements, Abilities, Inventory, Action bar, Chat, Characters, Friends, Recent Players, Party, Guilds/Clans, Player owned vendors, Game Store (microtransactions), Matchmaker, Tournaments, External Metagame, Leaderboard, Server persistence, Player data persistence, Server connections (travel), Server instances (private, guild, party), Server management, Server List, Access Control, Sponsors / Ads, Consignments, Match Statistics
Unisave allows you to easily build backend for your next Unity game. It is a server, database, framework, and platform - all in one.?Open-source backend.
11
High-Level Pros (+)
What features stand out?
* Very comprehensive coverage of publishing and game backend services. Has both UE4 and Unity SDK, history of custom C++ SDK implementations, and whitelabel web & PC launcher player experiences that can be incorporated into 1P websites.

* Single-Tenant Deployments for each client which enables wide range of customization options and ownership of platform user data.

* Supports Cross-Platform Play & Progression across multiple titles.

* Adopted by some AAA game publishers and built from the ground up by industry veterans who architected online systems for some of the largest game and distribution platforms.

* Can hire AB staff to create custom features/implementations.

* Extremely active development with friendly/responsive staff.

* Trust and reliability: Huge company full of active staff; actively-used by renown AAA companies.
* Free with very generous caps

* Easily transitions into "AB Premium" if you explode with traffic

* Tons of premade features with arbitrary data for custom modules

* Created to have more focus on your game, less on devops
⭐ "Mods Choice" award (Top 3) in 2020+

* The most active team on Discord (2021).

* Huge MMO feature set.

* Live Scripting System for editing any code without requiring redeployment: Easily extend REST API with new endpoints, storage data types, event handling.

* Access to full source code, forkable, customizeable. Great code quality, in-line docs.

* Easy-to-use dashboard UI.

* Remote debugging (with step-thru).

* Offers realtime and asynchronous capability.

* Easy integration to other third-party or proprietary backends/services.

* Simple and flexible pricing with perpetual licensing options.

* BaaS offers dedicated service resources, no hard limits, gauranteed data privacy, direct database access and dedicated hardware options.

* Game server hosting and CDN available.

* Self-Hosted can be deployed on any cloud provider, public or private datacenter using Kubernetes.

* Capable of supporting multiple titles. Fully customizeable and whitebox capable. Built on the open-source framework ComposerJS.

* Unity plug-in, UE4 plug-in with OnlineSubsystem implementation, Custom C++/C#/JavaScript SDKs
* OG GameSparks was overall great.

* Not many all-in-one competitors.
* #1 in uptime reliability.

* Greater control + unlimited flexibility.

* Scales with unlimited potential.

*
If you have the time and budget, GameTech is probably the best choice above all when it comes to making your game "future-proof".

* Immune to DDoS (one would assume?).

* All vulnerabilities will be fixed as soon as its identified, ultimately saving your future self money from outages.
* Easy to use and get started

* Cloud scripts link to [raw] Azure or AWS using any language.

* Backed by Microsoft - it's not going away

* Great [Unity; not UE4] docs and active staff in Discord/forums

* Ticket system or [unofficial] Discord contacts with quick replies

* Friendly dashboard UI

* "Playstream" feature with realtime API event viewing/triggers.

* Large, helpful community

* Forum is filled with tips and solutions

* The actual devs are active on Discord

* Realtime pub/sub sockets [Canceled?]
* C# server-side code

* Created and supported by a company that build and shipped a number of successful mobile titles.

* Many features highly tailored to best practices of building, operating, and scaling item based economies.

* Includes shippable UI via Unity Prefabs

* Many large games running on the platform today (Star Trek Timelines, Archer: Danger Phone).
⭐ "Mods Choice" award (top 3) in 2020+

* Cheap (or even free) to start.

* The most-similar spiritual successor to GameSparks.

* Semi-open Mongodbl + NoSQL access (but watered down for the cheaper tier).

* The most user-friendly and intuitive dashboard/API to-date.

* Extremely responsive in-browser chat tool with what appears to be native English speakers.

* Under active development with clear+updated roadmap.

* Amazing cloud script version control: Every time you save, a new version is copied with easy-access reverts.

* Supports no-hassle cloud script renaming/moving, script directory organization, import and export.

* Free (and hassle-free) support that always responds in <24h: Competitors charge a huge premium for this.
* 100% Free

* Has native anti-cheat service to compensate for client-side hack vulnerabilities.

* Unspoken likilihood of increasing your chances to get on Epic Store.

* Support for standalone Windows, Mac, Linux, Android, iOS.
* Seems extremely affordable.

* Supports realtime sockets.

* Supports native NoSQL DB.
* Easy to use and get started

* Plug and play features, requiring no additional coding

* Extremely responsive developers & communit on Discord

* Free to launch with (up to 10k MAU)

* Built by game developers

* Inuitive interface / dashboard

* MMO feature set

* Self-hosted option
????⭐ Former "Mods Choice" award (top 3) from 2020-2021 for hosted solution.

* Free, up to 1 million MAU for hosted version.

* Immediate support on Slack.

* APIs to control just about everything.

* Open Source version available.

* Very Flexible tool/service.
12
High-Level Cons (-)
What is missing/weak?
* Expensive, targeting AAA

* Confusing what AB actually is?
* Too new to trust 100%, but AB is known for reliability so perhaps we can bypass this

* You can "do anything with it", but there seems to be some database restrictions that I don't fully understand yet (to edit later.
* Dashboard is very minimal / does not feel modern.

* Small # of staff.
* Seems to be vastly different than the original vision of GS Classic.

* MongoDB / DocumentDB not supported.

* From the same folks that acquired GameSparks Classic, promised great things, then killed the product with live-production games still rolling - with no port tool. Will this, too, be an expendable product, costing devs/pubs thousands of dollars to port away again?
* Has no native support for Steam auth.

* Misleadingly identical to barebones AWS: GameTech is essentially just a collection of docs specific to gaming.

* No collective dashboard.

* Costs money while developing.

* Overbearingly difficult to calculate/predict fees.

* Learning curve is significantly higher, causing greater development times.
* Lobby/Matchmaking is essentially broken on Unreal without coding your own standalone PubSub system (or use OSS, as a workaround for events, but at the cost of crippled features like the inability to matchmake with friends - solo only - or throwing out Mac/Linux support, among low-effort OSS code/docs).

* You need to code/manage your own Azure barebone infrastructure to get any Cloud Scripts working. Massive learning curve and can be frustrating. 0 PF support for this - they'll send you to the horrible support of Azure unless you have a high-paying support tier. The new Azure cloud scripts have potential, but until they have deep integration, it's essentially raw Azure/AWS - deeply confusing and difficult to setup; billed separately. They even charge a "proxy" fee from PF to Azure (doubling the estimates of cloud scripts). Care - the tutorial guides you through to get the highest possible prices.

* PF Support does not actually support all things PF: Due to carefully worded use, PF will not help you with Azure. They will not help you with SignalR. They will send you to low-effort "free tier" support for third parties.

* Confusing and always-changing price schema (with no grandfathered prices upon changing).

* Charges per-minute rather than per-MAU (a con to most, a pro to some).

* Breaking bugs have been known to take years to fix with instructions to make an entirely new title to get unstuck (stats, leaderboard...).

* Hyped features (pub/sub) removed, leaving lackluster messaging support.

* No socket connections, yet can only poll a heartbeat once every 6 seconds max
(now better than the old limitations of once per couple mins).

* Hyped pubsub feature vanished. Instead of something native, they low-effort said "Just implement SignalR, instead" without actually telling clients in the API docs that SignalR is required. The docs make it look like it's a native callback to the SDK (in Unreal, at least) - it is not. SignalR is a complex beast you must implement on your own without any help from PF.

* There's essentially 0 Unreal support: no inline/external docs, no examples, difficult to find Q+A, and even PF staff seem to have no clue (Unreal modules outsourced?).

* Friends list featured are limited to add, remove, list. No online indicator. No rich presence. No invite/accept system. No block/unblock system. Pretty low-effort, considering all modern games and competitor servicess seem to at least suport invite requests and block systems.

* Minor annoyance that grows over time: Forums and web portal have no dark theme and seem to block extensions like Chrome Reader.
* Still a new company with many features left to fully document and productize.

* Unity/C# only (no js or Unreal support).

* 10 seconds timout for server calls

* Anonymous authentication cannot be disabled
* Probably the worst editor you'll ever use: No intellisense, no autofill, no typings; it's essentially Notepad: this creates a massive learning curve, all while leaving risk of accidentally typo'ing code.
^September 2023 Update: New Editor came with BrainCloud version 5.0

* Expensive to scale: API structure requires more API calls than other services, easily resulting in much more than 150 calls/day ($$) using minimum features.

* Server-to-server calls consume 0.5 API call (most competitors consume 0). Due to this, one must pack out-of-scope API calls into 1 call to save API calls.

* Rhino backend: Meaning ancient javascript level (not even `backtick` support) and frustrating debugging.
^ Mar2022 Update: New Rhino ver includes backticks, promises, and string interpolation!

* No Minimal stacktrace support: Errors become overwhelmingly-difficult to pinpoint without your own err-handling system.
^ Mar2022 Update: There are now stacktraces, but so minimal and bloated that it's still better to make your own.

* Expect numerous vague errors (that ignore try/catch) that will send you on a wild goose chase for actually simple fixes. This includes even callbacks from 3rd-parties, such as Steam, that exclude essential debug info.

* Severely limited monetization features: Not possible to sell "bundles"; Offers/promos feat only for RLM purchases (not virtual currency); no "quantity limitations" like competitors have.

* Questionable roadmap priorities, prioritizing fluff over "must-have" features.
* Client-side: Vulnerable to hacks.

* Too new (risky for production).

* No official dev support/ticket/chat (community forum only).

* SDK + documentation favors Unreal/C++.

* No official Unity SDK (so not QA'd).

* Many services are in beta or unreleased.

* Getting started is confusing.

* No global data persistence, yet.

* 49% owned by Tencent (mainland China): Is data safe?

* Roadmap has been severely delayed: Is EOS marked as low-priority?
* Very barebones (eg, need to setup even your own db rules).

* Lack of robustness.

* Rumors that medium+ amounts of data may cause issues.
* Young company, still growing development team

* No Cloud Code (yet)

* No consumption / API pricing (yet)
?* Have to compile a custom Engine. Need to do a source install for dedicated servers anyway, but a custom build makes it more difficult for the casual developer

* Blockchain is banned on Steam, Apple Store, Android Store
??* Not for beginners.
13
Is under active development
(NOT sunsetting/abandoned)
✓✓✓✓✓✓✓✓✓✓✓?✓??✓
14
Indie program || Free/cheap tier
(if any)
✗⭐✓
Free up to 1 million players
✓
Hosted: $19/mo Indie tier
Self-Hosted: Free until $100K gross revenue
?
(Free during preview)
Free tier across all AWS services for new accounts ✓✓
Free under 500 MAU
✓
$15 month lowest tier
(currently)
and free during
Development
⭐✓
100% FREE!
✓
"Spark" tier is free for ~100CCU (and other factors)

https://firebase.google.com/pricing
✓
(free under 10,000 MAU)
?✓??⭐✓
Open Source
15
Priced by
+Actual numbers, if available
+Actual meters, if available
Flat $1,500 per month during development

One-time setup fee depending on the services of interest

Passthrough infrastructure cost (AWS, GCP)

Starts from $0.005 per CCU per hour
Free for up to 1 million players

Include up to 50K total player hours using any AGS solution
Hosted:
Minimum fee/mo
+ Per 1 CCU/hour

Self-Hosted:
4% Profit Share
?Usage per service varies[2022]
2020 Fees +Azure fees +"Proxy" fees to call Azure

---
[2020]
AWS-like micropricing (confusing) meters x17:
Static Fee ($99/mo)
MAU (Monthly Active Users)
Playstream events
Profile Reads
Profile Writes
Profile Storage
Content & Config Reads
Content & Config Writes
Content & Config Storage
Execution Time
Insights Credits
Party Connectivity/Mins
Party Voice/Mins
Party Voice+Cognitive/Mins
VM Instance Hours
MPlayer Server Bandwidth
Party Bandwidth

See "PF Calc" tab

---
[2019]

$300/mo (Minimum)
per 39k MAU
+ limitation cap tiers + confusing meters
(Cheaper if indie program)

---
[2017]
2¢/MAU

100k MAU FREE
+confusing meters
$10 per 1 mln API calls

Subscription tiers with Developer Seats and Microservices limits

(333% price increase in 2022)
Base monthly fee
+ Per million API calls.
⭐ n/a
Free
Base ("Spark") is free while under development or low activity, but after that:

AWS-like micropricing (confusing) meters x25:
Pay-as-you-go pricing varies based on product
.

Too many meters to list; go here:
https://firebase.google.com/pricing
Monthly Active Users (MAU)?5% fee on game income - or just run your own backend??User is responsible for hosting
16
Pricing schema clear/easy?
Number of price calculations?
Some BaaS can be impossible to predict how much you'll actually pay due to numerous amounts of "meters" running
✓ 1~2✓ 1~2✓ 1~2?

(Free during preview)
?✗
Meters x17 + Azure Fees:
See above or "PF Calc" tab
✓ 1~2✓ 1~2⭐✓ 0
Free
✗ 25✓ 1?✓??✓ 1
17
Lowest priceOne-time setup fee depending on the services of interest

Passthrough infrastructure cost (AWS, GCP)

Starts from $0.004 per MAU
⭐✓
Free up to 1 million players
Hosted: $19/mo (Minimum)

Self-Hosted: 4% Profit Share
??[2020]
Free tier
: $0 +17 other metered calculations (AWS-like microfees)
Standard Tier: $99/mo + 16 other calculations, including time clients are connected (similar to a LAN center)

[2019]
Indie Tier: $99/mo,
up to 100K MAU.

Pro tier: $0.008 per MAU,
$299 monthly minimum,
lower prices at high
(500K+) MAU
Free under 500 MAU

Then $10 per 1 mln API calls
$15 base/mo for intro plan
(incl 1M API calls)*

Real-Time Tech Lowest price plan starts at 25$/month

*Note that you're likely going to pay more than this if you include realtime services and extras like database calls/stats/leaderboards/etc

For detailed pricing, navigate to BC Calculator Tab of this sheet
⭐Perpetually Free,
even for production
Free while under limitations
(likely not for production, though)
Free under 10,000 MAU?free/open source??Free while under limitations



(TODO: Can this be viable for production? --Xblade)
18
Free prototyping/pre-release✓✓
Free
✓* Hosted
✓ Self-Hosted
?

(Free during preview)
?✓✓✓
Free for 100 DAU,
1000 total users,
up to 1M API Calls
✓
Free
✓
Free (including App Distribution, a free product to distribute test versions of your mobile apps).
✓
Free
?✓??✓
19
CDN (+Binary Storage) Pricing
Realistic-use examples in memo
Passthrough?✓
10+GB free (per plan level), then $0.06 per GB
?Amazon Cloudfront charges are based on actual usage of the service in five areas:

(1) Origin/Inet Data Transfer Out
(2) HTTP(S) Reqs
(3) Invalidation Reqs
(4) Field-Lvl Encryption Reqs
(5) Dedicated IP Custom SSL Certs (Cloudfront Distribution)
"$0.05/GB Americas (except Brazil) and Europe

$0.08/GB All other except Brazil

$0.20/GB Brazil"
--PF

TODO: Who knows CDN rates? Is this good?
✗✓
1+ GB free (per plan level)
and 10 GB free transfers,
then $0.05 per GB
and $0.15 per GB transfer
✓
Free, but capped
@ 400MB/Player
⭐✓
Free CDN for Firebase Hosting.
https://firebase.google.com/docs/hosting
✓
Free, but capped (~15MB / file)
?✗??N/A
(No CDN)
20
Free server2server (in-house) API calls
(Metered per-server-call, not per-script?)
Client >> Server >> Server == 1 API call

For example:
Client calls backend "Foo1" >>
Script 'Foo1" calls "Foo2" >>
Since server2server, "Foo2" call is free
✓?✓??n/a
Server-to-server calls do not count as an API call, but other billable meters are still running as this is called (CPU time, bandwidth, etc).
✓First 2 API Calls (client >> server >> server) count as only 1 call.

Then >> additional API calls count as 1/2 per
n/a
(No authoritative)
?n/a?✓???
21
LIMITATIONS, FAIR-USELIMITATIONS, FAIR-USELIMITATIONS, FAIR-USE
22
Multi-title support
One account, multiple games
✓?✓??✓
[2022] I believe this was added within the past year or two, but needs confirmation. I saw some param opts in the Unreal SDK to indicate yes, but unsure if this is experimental/stable. --Dylan
✓✓??✓?✓???
23
Links to fair-use policy limitations
and/or EULA/Terms of Service
??https://www.acceleratxr.com/eula/

⭐
Almost no Fair-Use:
"Use as Intended"
??https://playfab.com/limits/

Any Tier:
Hard-capped (API calls will auto-fail).
Lifting restrictions costs +money/mo.
https://www.beamable.com/tos https://getbraincloud.com/terms-of-service/https://dev.epicgames.com/en-US/services/terms

⭐TL;DR: "Use as Intended"
(You'll get an email rather than hard-capped if being blatantly abusive)
https://firebase.google.com/terms https://lootlocker.com/terms-of-service?Roll your own??⭐
No Fair-Use
24
Fair-use policy fairness, 1~10
By comparison to competitors
??⭐10
No Fair-Use (Limitless)
??3⭐10
No Fair-Use (Limitless)
9⭐10
Almost no fair-use
(Near-limitless)
?⭐10
Almost no fair-use
(Near-limitless)
?⭐10
No Fair-Use (Limitless)
??⭐10
No Fair-Use (Limitless)
25
API Throttle Timeout Info
Rejected if called too many times? Hard throttle (err returned)?
Soft throttle (they email you)?
No Limit?⭐No throttle timeout
(Soft-capped via hardware resources)
??[2023]
Matchmaking docs recommend once/6s

[2022]
"Max 10 times per minute"

[<2022]
This thread says soft throttle
is >2m polling.


TODO: Is there also
a
hard throttle?
10 seconds timout⭐No throttle timeoutSeems Limitless??Hard throttle per client per game for irregular usage (~500 requests per minute)?⭐No throttle timeout
(Soft-capped via hardware resources)
??n/a
26
Max API call limitations
Per tier, if any. Any and all forms of limitations, hard caps, soft caps, throttling.
No Limit?No limit??* Confusing and always-changing price schema (with no grandfathered prices upon changing).

* Charges per-minute rather than per-MAU (a con to most, a pro to some).

* Breaking bugs have been known to take years to fix with instructions to make an entirely new title to get unstuck.

* Hyped features (pub/sub) removed, leaving lackluster messaging support.

* No realtime messaging, no socket connections; yet, can only poll max a few times per minute before being throttled.

* Hyped pubsub feature vanished.

* For Azure cloud scripts, the first call after a while will take ~10 seconds to "spin up".
No limitNo limitLimitations specified at the bottom of every page for each service in their docs.

Eg:
https://dev.epicgames.com/docs/services/en-US/GameServices/Lobbies/index.html#usagelimitations

From the example link above, the avg appears to be 30~100 requests/min.
?No limit?No limit??No limit
27
Bandwidth/Data Processing limitations
Per tier, if any
No Limit?No limit??No limit
(Except for CDN)
No limitNo limitSeems Limitless??No limit?No limit??No limit
28
Connections/CCU/MAU Limitations
Per tier, if any
No Limit?⭐Unlimited CCU:
Only soft-capped by hardware resources

$19/mo tier tested:
~10K CCU
$99/mo tier tested:
~100K CCU
??Free tier:
Max 100k accounts

$99/mo (Standard) tier:
No max: Includes $400 meter credit, then charged via meter rates (similar to AWS).

$1,999/mo (Premium) tier:
No max:Includes $8k meter credit, then charged via meter rates (similar to AWS).
No limit⭐Development Tier is Free but limited to 100 DAU / 1000 max accounts
(No limits on other tiers)
Seems Limitless??No limit?No Limit??⭐ No limit
29
Polling limitations/cooldowns
n/a == Websockets == persistent
No Limit?n/a: Realtime Sockets??[2023]
One call per 6s (from Multiplayer::Matchmaking doc)

[2022]
iMax 2 calls per 2s
(Hard-capped, if !enteprise tier)

"Few calls per minute on aver
age" soft cap
No limitRTT uses Realtime Sockets
(No limits?)
n/a: Realtime Sockets?No limit?No Limit??60s typical, no min
*Needs elaboration
30
Supports bursts
Allow temp limit exceeds
without hard-errors? Eg, a famous streamer plays your game
once
No Limit?✓
Limitless
??✓
Limitless
No limit✓
Limitless
✓
Limitless
?No limit?No Limit??✓
Limitless
31
Binary Storage Limitations
Honestly, you may want to look into saving binary storage WITHIN a db unless using your own patcher: It's generally cheaper/more-scalable.
No Limit?Unlimited CDN Storage
Soft Cap DB Storage*
??⭐ Free Plan: 2GB Global?

Standard Plan: 10GB
(+$1.40 per +1GB)
No limit2+ GB free in paid plans, No hard cap, +0.05 per GB, 50GB per file soft cap (adjustable)⭐ 400mb/Player?No limit?No Limit???
32
TECHNICAL, SCOPESTECHNICAL, SCOPES
33
Native Game Integration Engine Integrations
Eg, Unity SDK rather than a generic C# SDK or web-based API?
✓
Unity SDK
UE4 SDK
Custom C++ SDK
?✓
Unity SDK
Unreal SDK
Generic C++ SDK
Generic C# SDK
JavaScript SDK
✓
Unity SDK

✗
Unreal
?✓✓
Unity SDK

✗
Unreal
✓✗*✓
Unity SDK
Unity SDK
UE4 SDK
UE5 SDK
Godot SDK (WIP)
GameMaker SDK (WIP)
Javascript SDK (WIP)
?✓
Unreal
??✓
34
Backend Host??Managed: Private Cloud running on bare metal servers

Self-Hosted: Supports AWS, Azure, GCP, DO, private cloud. Can run anywhere Kubernetes runs
AWS?AWS[2022] This is becoming more-and-more Azure, now that they are owned by Microsoft.

AWS (us-west-2) / Azure (USW2)
AWS (us-west-2)???AWS?Google Cloud?Node JS on bare metal servers
35
Backend EngineMicroservices on AWS or GCP?NodeJS micro-services on KubernetesAWS?Vanilla JS + Azure/AWSScala microservice architecture running on AWSRhino JS
+
Some ES6 Javascript Support
[Extremely watered down]
??PHP + Go?Google Cloud??Your choice (self-hosted)
36
Direct NoSQL access
Proprietary (closed/limited) access?
Direct/open access?
✗?⭐✓✓
DynamoDB
?✗✓
MongoDB
✗
(proprietary, rich api,
full json support)
✗
(proprietary/closed)
?✗
(proprietary/closed)
?⭐✓??✓
(All global and player data can be read/modified from the dashboard)

37
Supports REST API 3rd-party access
API access points w/separate scopes?
Eg, stats/profiles for fan sites to use
✓?✓??✗
(supported, but no separate scopes)
✓✓✗?✓?✓??REST-y (not purist)
^ What does this mean?
Needs updating --Xblade
38
Webhook Support✓?✓??✓
[2022] TODO: Is this still true?
✓
Custom microservice apis
✓??✗?✓??✓
39
Open source
✓ Module?
✓ License?
✗?✓*
Source Available, not FOSS
??✓
Open Source SDKs
✗✓
Open Source SDKs
✗✓
https://firebaseopensource.com
✓
Open Source SDKs
?✓??✓
MIT Licence
40
Intellisense / Typings / Autofill
For cloud script online IDE
N/A (Remote Edit)*????✗
No online IDE
✗
No online IDE
Q3 2023
Patch 1 of 2 to revamp the online IDE is here!

<= 2023
✗
Essentially
Notepad
n/a
(No authoritative scripts)
?✗?✗
No online IDE
???
41
Dashboard/SDK updates, 1~1010/10?/10?/10?/10?/10[2023]

(Unity + Backend?) 10/
10
Ships updates 2x/wk; major updates 1x/mo

(Unreal)
10/10 for update schedules
4/10 for updates we want:
-----------------
Updates for new features, but 0 refinement to much-needed upgrades to low-effort modules. Eg:

* There are still no updates to the "lazy Blueprint models" that contain only 1 prop of json (no explicit typings) for tons of models.

* There are no parsing utils between CPP + BP models, wasting time to reinvent the wheel when using both CPP+BP models.



[2017]
3
?/109/10
^September 2023 Update: Massive DashBoard overhaul
?/10?/10?/10?/10?/10?/10?/10?/10
42
Overall server/SDK expected feats/stability, 1~1010?10/10?/10?/106/10?/109/105/10?/1010/10?/10?/10?/10?/10?/10
43
Well-suited for MMO dev?
Deeply authoritative with realtime scripting.
Name example(s), if publicly known.
??✓??✓
PF staff claims "multiple MMO's rely on PF as a backend" (awaiting src).

Architecture is "replicable authoritative game logic server that caches & utilizes PF as a backend for inventory, Catalog & Networking.
✗✗✗✗✓?????
44
CORE FEATURESCORE FEATURES
45
Stats/Leaderboards
w/dashboard
✓?✓ Leaderboards
✓ Dashboard
??✓ Stats*
✓ Dashboard*
✓ Can delete leaderboard (as of 2023)
✓✓ Leaderboards
✓ Dashboard
✓✓
Open-source leaderboard
✓ Leaderboards
✓ Dashboard
?✓??✓
46
Virtual Items/Goods
w/dashboard
✓?✓ Virtual Items/Goods
✓ Dashboard
??✓*✓✓ Virtual Items/Goods
✓ Dashboard
??✓ Virtual Items/Goods
✓ Dashboard
?✓??✓
47
Native Backups/Snapshots
If !native, at least has a wrapper
??✓??✗ No native feature

✓ Unreal Marketplace
has a plugin
????✓?✓???
48
Envionments
eg, dev >> staging >> production
✓?✓*??✗✓✓✓?✓?✓???
49
Friends System
Add/remove? Request/accept system?
Socket notifications on requests?
?????✓ Add/remove
✗ No request/accept
✗ No socket notifications
✗ No online/status indicator
✗ No rich presence
✗ No block/unblock
✗ No Discord integration
✓ Add/remove
✗ Request/accept
^^Can be implemented using RTT events

✓ socket notifications
✓ online/status indicator
✓ rich presence
✗ No block/unblock
✗ No Discord integration
????✓???
50
QOL, DOCS, SUPPORTQOL, DOCS, SUPPORT
51
Has web interface
Dashboard/Portal
✓?✓??⭐✓✓✓✓✓
console.firebase.google.com
✓
my.lootlocker.io
?✓??✓ Basic interface
(Data, profile leaderboards, realtime matches, cloud code)
52
Dashboard/portal ease-of-use, 1~10?/10?/107/10?/10?/10⭐10/10?/109/10New? 3/10*

Past init? 7/10
?/10⭐10/10?/10?/10?/10?/106/10
53
Has built-in (step-thru) portal debugger??✓??✗ There is no cloud script available via the portal.

(However, if using new Azure Functions CloudScripts, can access a step debugger via VS Code integration)
✗✗✗?✗????✓
(Open Source verson)
54
Online docs quality, 0~10
via their website/wiki.
(0 for non-existing)
?/10?/105/10?/10?/10⭐Unity: 8/10
⚠️Unreal: 0/10
(Dupe modules, many completely removed, years behind)
?/109/103/10?/109/10?/10?/10?/10?/107/10
55
Inline docs quality, 0~10
via their SDK within the actual code
(0 for non-existing)
?/10?/109?/10?/102/10
(Mostly redundant)
?/108/10??/10✗?/10?/10?/10?/108/10
56
Docs/Tutorials up-to-date, 0~10
(0 for non-existing)
?/10?/109?/10?/10Unity: 8/10
⚠️0 for Unreal
?/109/10

*New docs came with Version 5.0
https://brainclouddocs.netlify.app/learn/introduction
3/10?/109/10?/10?/10?/10?/104/10
57
Demo/Tutorials quality, 0~10
For memo: Did the demo have a native SDK for your engine?
(0 for non-existing)
?/10?/105?/10?/10Unity: 6/10
⚠️Unreal: 0/10
?/1010/10

Probably the first Service to offer free online courses
https://bootcamp.braincloudservers.com/
Unreal Demo: ?

Unity Demo: None

C# WFP (Non-Unity) Demo: 7
?/107/109?/10?/10?/109/10
Full Unity project available
58
Customer service, 0~10
Response time, accessibility, reliability, QoL
(0 for non-existing)
?/10?/1010/10?/10?/10[2022]
* For cloud script (raw Azure) = 0.
Note that any cloud script/Azure issues will not be handled by PF. Average Azure ticket reply is 5-days with initial bot auto-followups and low-level English.


[2022]
Has Discord support for any tier, but unofficial - some questions don't get answered (esp if it comes to Unreal/Azure questions). This is better for community Q+A, but a community of Unreal devs don't really exist here. Better for Unity/C# devs.

[2017]
* For non-cloud-script = 5.
(Could be higher in 2022+)
?/1010/10
Direct chat support even
on free tier with fast
responses
(Replies during Canada business hours)
10/10 - Fast answers in Discord

1/10 - Community Forums Only
?/10⭐10/10?/10?/10?/10?/10?/10
59
Porting tools from
other services?
??✗??✗✗✗✗?✗✗????
60
REALTIME, SOCKET, RPCREALTIME, SOCKET, RPC
61
Realtime gameplay support
Beyond just messaging systems
✗?✓?Multiple solutions including Amazon GameLift, Amazon Ec2, Fleet IQ. Flex Match and containers ECS and Amazon Fargate, ✗ Most SDK modules are missing socket events

✗
OLD matchmaking modules had it, but not new (need to poll matchmaking updates every 6s)

✓ Lobby has 2 socket subs

(!) Supports SignalR, but completely detached from PF and extremely complex to implement. Similar to Azure cloud scripts, expect 0 support from PF staff to help you with this. Very minimal documentation to get this setup. Underwhelming.
✗✓*

Requires a Plus Plan
Minimum Price
25$/month

(WebSocket)
✓?✗?✗??✓*
(Separate Fee)
62
Realtime messaging system
(eg, Sockets - not polling)
✓?✓✓Partial via Amazon API Gateway ✗✓✓?
(Probably)
?✗?✓??✓
63
ANALYTICS, COLLABORATION??
64
Collaboration Support
Invite others via email
✓?✓??[2022]
⚠️For Azure Functions (cloud scripts), collaboration is a nightmareish experience - not a single preson at PF knows how to set this up. You will likely end up giving Admin to your collaborators - be sure you trust them.

[For Azure]
✗

[For Non-Azure PF]
✓
"You've always been able to invite others to join your studio by email, and we have a full Role model for controlling what you give them access to." --PF
✓✓??✓?????
65
Collaboration Scopes / User Mgmt
Eg, read-only, access to x or y features only, access to edit...
✓?✓??✓
"Yes, see above. We've had a Role system for all permissions for years." --PF
✓✓??✗?????
66
CCU Analytics
Hourly? Daily? Weekly? Monthly?
✓?✓ Hourly
✓ Daily
✓ Weekly
✓ Monthly
?? Hourly
? Daily
? Weekly
? Monthly
Non-Native:
"Since the core service doesn't use socket connections, we don't have a CCU measure. You can use events as a proxy to compute this." --PF
✓✗ Hourly
✓ Daily
✓ Weekly
✓ Monthly
? Hourly
? Daily
? Weekly
? Monthly
? Hourly
? Daily
? Weekly
? Monthly
✗????? Hourly
? Daily
? Weekly
? Monthly
67
MAU Analytics✓?✓??✓
"Yes, multiple reports are pre-generated for the title on a daily and monthly basis, including MAU analytics." --PF
✓✗
Provides Detailed API Usage,
but no native stats for MAU
??✓?????
68
Player Session Durations
Stats between users logging in<>out
✓
Data Available
Requires 3P DW
?✓??Dependent on client SDK support. Works in Unity, but not all engines/languages.✓???✗?????
69
Analytics TTL
How long are stats retained for?
✓?⭐Indefinite??"By default, 30 days, but you can adjust that to whatever you need." --PF⭐Indefinite???⭐Indefinite?????
70
Retention Analytics (Funnels)✓
Data Available
Requires 3P DW
?✓*??By default can generate a retention report tracking D1-7, D14, and D30 across a cohort, with the ability to generate additional custom reports✓???✗?????
71
Players by Country✓
Data Available
Requires 3P DW
?✓??
✓
"Yes, player profile contains country for user's first login, and you can get current country from every login event." --PF
✓✗??✗?????
72
Players by Device✓
Data Available
Requires 3P DW
????
✓
"Device report on by default, if using their SDKs" --PF
✓ via IP???✗?????
73
LEGAL, REGIONS, TRUSTLEGAL, REGIONS, TRUST
74
Launch Date??2019TBD 2022? Seemingly cancelled2020??20142020?2020?2016???
75
Has self-hosted version
(Add memo if hosted && !free)
✓
Enterprise Licensing Option
?✓*??✗ Indie

✓ Enterprise ($10k/mo)
✓✓✗?✓
Enterprise Licensing Option
?✓*??
✓
(Open Source)
76
Supports mainland China deployment
and currently has live games in China
(Servers are physically located in mainland China; NOT Singapore/HK, etc)
✗
Is Possible
?✗?✓✓
"Full support for (and multiple titles using) our server hosting in China. The core service is more limited in features there at the moment, as they're working with a local partner on adding things like WePlay for auth and payments." --PF
✗✓?
(Probably not yet)
?✗?✗
Is Possible
??
✓
(Open Source)
77
Hosted region locations
+Support for multiple regions?
✓?✓?✓Core service - hosted in USA, GDPR compliance via SCCs.

Game server hosting - multiple regions
(TODO: List regions in memo).

Party (relay/chat) hosting - multiple regions.
(TODO: List regions in memo).
✗ Normally, no

✓ Can make exceptions
✓ Choose Room Regions
✗ Choose Data Regions
?
(Probably)
?✗?✓??One region for Hosted version
78
Live Game Examples
Which games use this service?
(The more notable games, the more trustworthy/reliable the service may be)
??Hexarchia?Sea of Thieves, Rainbox Six Siege, No Man's Sky, Minecraft, DOOM Eternal, Forza Horizon 4, MS Flight Simulator, Gears 5, Roblox, Halo MCC, Outriders*????Hokko Life
SNOW
Block'Em
We Who Are About to Die
Rust Racers
Robot Lord Rising
?formup???
79
Has red flags for contracts/trust
(Don't remove old flags)
No Flags?No Flags?⚠️
(2020) As a follow-up, they at least open-source GS Unity SDK -- however, I am currently the only contributor and could use assistance (there are many TODO's) --Xblade

(2019) Acquired GameSparks, but then sunset it without offering a port to GameTech or even fixing the remaining bugs: Will they do the same to GameTech?
⚠️
[2023]
Entire modules get deprecated without the docs being updated even years later.
You may spend a great deal of time implementing a module to discover you implemented an old version.

[2022]
PF + Azure are
completely disconnected, uninformed and desync'd between each other. If you have any issues with cloud scripts / Azure Functions, be prepared to be on your own with a wild goose chase of support sides blaming each other.

[2022]
The Microsoft tutorial for creating Functions is not only vastly incomplete, but guides you to being charged a very high amount of money.

[2022]
There is a near-hidden "Proxy Fee" for calling Azure cloud scripts, essentially doubling estimates.

[2022]
Cloud scripts appear easy, but are completely detached from PF - pricing and support is also detached. PF will not help you for anything that has to do with Azure/cloud script, even regarding setup/inviting other users to collab.

[2020~2022]
Extremely confusing pricing model.

(2019) No Flags

(2017) Red Flags:
Added a $300/minimum within their contract (*before* the website was updated to reflect this). Even after the person I spoke with admitted to doing this, they refused to honor the original price disclosures after multiple attempts. I was finally offered the original price after I refused to sign at a later stage (where I'd still have to upgrade to the normal tier after 100k MAU -- still not as advertised), but it was too late: After the first few refusals to honor the posted price, I had already begun moving to GS. My experience may not match yours.
[2021]
10mln+ raised from investors
(but unknown if company is profitable)

[2020]
Went bunkrupt as game dev company, reformed for online services
No FlagsPartially-owned by Tencent (a mainland-China gov't-backed company that allegedly has controversial privacy practices).

Epic makes a claim to have full control. However,
their FAQ lists Taiwan as "Chinese Taipei", a general indicator for more influence than what is stated.

Probably not a big deal (Tencent invested in almost all major AAA studios you know; and even Reddit, itself), but good to be aware.
?No Flags?No Flags??No Flags
80
Contract term length
SLA? You want long-term contract with opt-out options with heads up;

No SLA? You want no contract or monthly
Annual?Perpetual / Monthly /
Annually / Cancel anytime
?Perpetual / Monthly /
Annually / Cancel anytime


However, be aware of vendor-locking
Free tier:
No contract.

Indie (Standard) /
Pro (Premium) tiers:
Self-sign-up, no contract
(Must delete your title to cancel - no pause!)

Enterprise tier:
12 month contracts, but flexible cancellation where needed.
"prices for features are not raised every contract term"
Monthly /
Annually / Cancel anytime
Monthly⭐ No Contract?⭐ No Contract?Realtime - no contract??Free tier:
No contract.
81
SLA? Tier? % Uptime guarantee?
To compare, AWS offers 99.99% guaranteed uptime then pays out when outside beyond that. BE SURE TO CALCULATE. If <99%, that means they can be out 1/2 Saturday and you won't get credited.
Dev Env 99%
Live Env 99.9%
99.6%⭐✓
All Tiers
@ 99.99%
(Same % as AWS)
?⭐✓
All Tiers @
99.99%

This is likely the best SLA you'll find.
✗ <$99/mo tiers

⭐✓ For non-basic tiers only
($99/mo+)
@
99.99%
(Same % as AWS)
✓
All Tiers @
99.9%
✗ <$99/mo tiers

✓ For Business+ Plans
($99/mo+)
@
99.9%
(0.09% less than Amazon)
✗
(No SLA)
?⭐✓
All Tiers @
99.9%
?✓
All Tiers @
99.9%
??✗
(No SLA)
82
SLA Payout Calculations
There's no point of an SLA if you don't know how much compensation you'll get if your service goes down for the entire weekend!
??For any month in which an outage lasts longer than 15 minutes, a pro-rated percentage of the outage time for that month's bill is deducted from the bill.??Usually though, it's a % of your total service cost for the month in question.

Pretty much everyone has the same payout calculation for SLA: It's a refund based on total downtime. If that downtime gets you below 99.9%, 99.5%, etc. But the actual rate is frequently a point of negotiation, so there's no single answer to this.
For any month in which availability is less than 99.9% but higher than 99%, 7 days of fees will be waived in the affected month..
For any month in which availability is less than 99%, 30 days of fees will be waived in the affected month.
?✗
(No SLA)
?✗?withdraw anytime with lightning
TODO: What is "Lightning"? --Xblade
??✗
(No SLA)
83
Exit Strategies/Clauses:
What's offered if the business goes under, gets sold off, etc? Will the company go open src? Compensate? Offer ports to new service?
Enterprise Licensing Option?⭐2~3 years guaranteed service
+
Royalty-Free Self-Hosted License
+
If buyout, big perpetual license discounts
??"Bought by Microsoft in January 2018. Microsoft not only kept it going, but increased the team size considerably. This is the backend service used by our own first-party titles. There is little need for exit strategy due to Microsoft's embrace of the service." --PF✗?✗?Enterprise Licensing Option?full open source. run your own???
84
GDPR ready?
+Is it friendly for devs to access?
✓?✓??✓✓✓??✓?✓???
85
SECURITY STANDARDSSECURITY STANDARDS
86
Out-of-box hack vulnerabilities?
Recently-known vulnerabilities or successful hacking that is not yet (or cannot be) patched?
🔒?🔒⚠️GS1 had TLS self-signing exploits; need to confirm GS2 does not also have it.🔒🔒🔒🔒🔒🔒🔒?✗??🔒
87
Dashboard supports standard 2FA?
Standard == support for Google Authenticator/Authy (opposed to non-standard mobile/email 2fa)
✓?✓?✓✓✗✓✓✓✓?✓??✓
88
Security: Pen-tested by notable 3rd-party for vulnerabilities within the past year?✗?✗*??✓✗✗??✗?✗??✗
89
Security: Do clients verify TLS certificates safely by standards?
(To prevent man-at-the-endpoint attacks. Eg, would a self-signed client certificate from "Fiddler" disconnect the user?)
✓?✓
(2020)
⚠️GS1 had TLS self-signing exploits; need to confirm GS2 does not also have it.?✓✓???✓?✓???
90
Security: Are encryption key exchanges safely handled by 2020 standards?
(Company has literally hired a pen tester & can verify such tests; eg, Diffie–Hellman key exchange practices are vulnerable)
✓?✓*
(2020)
??✓✓*???✓?✗???