The Go-based Control and Data Planes handle thousands of concurrent auth requests with minimal footprint.
The performance-critical paths — RADIUS decision engine, WebSocket fan-out, Redis consumer — are written in Go. Native concurrency, no GIL, sub-millisecond goroutine scheduling.
The event bus uses a Unix domain socket instead of TCP, eliminating network stack overhead. Typical Redis latency: <0.1ms for XADD/XREAD operations.
The RADIUS collector groups events into batches of 50 and flushes every 500ms, reducing SQLite write pressure by 60–80% vs one INSERT per event.
Write-Ahead Logging allows concurrent reads without blocking writes. 256MB memory-mapped I/O eliminates most disk seeks for the hot event data.
Dashboard REST endpoints cache responses for 5–60s depending on volatility. Connected users: 5s. Top VLANs: 60s. Eliminates redundant DB queries under burst load.
All TLS termination handled by nginx, keeping the Python Management Plane free from crypto overhead. Static assets are served directly from disk.
| Feature | PortGuardNAC | Cisco ISE | Aruba ClearPass | ForeScout |
|---|---|---|---|---|
| Deployment time | < 1 hour | Days / weeks | Days | Days |
| Vendor lock-in | None | High — Cisco only | High — HPE | High |
| Entra ID Captive Portal | ✅ Native | Add-on license | Add-on license | Limited |
| Air-gapped / offline | ✅ Native | Limited | Limited | No |
| Starting price | €490/yr (Standard) | $50,000+/yr | $20,000+/yr | $15,000+/yr |
| Hardware required | No — VM / bare metal | Yes (appliance) | Yes (appliance) | Yes |
| Open deployment model | ✅ | No | No | No |
| Auth latency | < 50ms | 50–200ms | 50–150ms | 100ms+ |