When a client asks me how much a MariaDB audit costs, I prefer to explain how I price it rather than throw out a number disconnected from context. This article lays out the commercial model I apply: fixed-price (with overrun clause absorbed by RDEM) or time and materials (T&M), a concrete definition of a “day of audit”, optional Signal18 peer review at variable proportion, and end-to-end worked examples.
The goal of this article is not to sell: it is to let you compare a proposal with mine knowing what each line covers — and what it does not.
How a MariaDB audit is priced
Three variables drive the quote:
- The size and criticality of your production (1.5 to 5+ days on the RDEM side depending on whether you run a modest single instance or a critical multi-DC Galera).
- The billing mode chosen (fixed-price or T&M).
- The recommended Signal18 peer-review proportion — variable by complexity, estimated at quote time.
Scoping pre-audit (optional)
0.5 to 1 day (€600 to €1,200 excl. VAT). Information gathering on your stack, your monitoring, your pain points. This phase makes it possible to produce an honest quote. Optionally credited against the final fixed-price if the audit is commissioned right after.
Fixed-price — predictability, risk on RDEM side
I commit to a fixed price. If I get the estimate wrong, I absorb up to +20 % of the committed time.
Beyond that threshold (typical case: I am chasing you for information that does not arrive), I do not invoice more, but the report delivered will be limited to the leads I was able to explore within the committed time. No magic promise: transparency on the limit is part of the fixed-price model.
Conversely, if I move faster, you do not pay less.
T&M — maximum quality, risk on client side
Billing on actual time spent. No cap.
You guarantee completeness of the deliverable (I keep digging until every lead is addressed), you carry the financial risk of any overrun.
Reference daily rate
€1,200/day excl. VAT on my side. This rate is used to compose the quote; it is not billed “by consumption” in fixed-price mode.
What is a “day” in an audit quote?
A day of audit in the fixed-price model is one end-to-end working day: not just the time spent in calls with you, but also:
- Cross-checking against the official MariaDB documentation.
- Inspecting MariaDB source code when an obscure behavior warrants it.
- Writing and structuring the report.
- Asynchronous analysis of dumps, configs, slow query logs and metrics you share with me.
- Exchanges (calls, emails, back-and-forth with Signal18).
Most of the time is spent solo digging into the system, not in meetings. If I quote a 4-day fixed-price, those are not 4 days on site — they are 4 days of total effort to deliver a documented report.
Signal18 peer-review option — variable proportion
Signal18 (the company led by Stéphane Varoqui — CEO of Signal18, formerly MariaDB Corporation — makers of Replication Manager) takes part in peer review on audits where it is warranted. The number of Signal18 days is variable, estimated at quote time based on technical complexity and client need:
| Audit profile | Typical Signal18 share |
|---|---|
| Light scoping on simple production | 0.5 day |
| Typical audit — standard production | 1 day |
| Mid-to-complex audit (Galera cluster) | 1.5 to 2 days |
| Ultra-complex audit (banks, critical transactional platforms) | up to nearly 1:1 RDEM / Signal18 |
Signal18 daily rate in peer review: €1,500/day excl. VAT (negotiated rate for my clients).
What a Signal18 day brings
Possibility of fail-fast (not guaranteed)
Targeted questions during the audit that can open or close avenues quickly.
Vendor-level expertise
Sharp on Galera split-brain, GTID edge cases, optimization of highly specific queries.
Counter-audit of the final report
Critical review of the deliverable before handover.
Worked examples of quotes
All examples below are in fixed-price mode, excl. VAT, full audit delivered. Durations correspond to end-to-end audits (see the “What is a day?” section).
| Profile | RDEM share | Signal18 share | Fixed-price w/o S18 | Fixed-price with S18 |
|---|---|---|---|---|
| Small single-instance setup | 1.5 to 2 days | 0.5 day (optional) | €1,800 to €2,400 | €2,550 to €3,150 |
| Typical audit — standard production | 4 days | 1 day | €4,800 | €6,300 |
| Multi-DC Galera cluster | 4.5 to 5 days | 1.5 to 2 days | €5,400 to €6,000 | €7,650 to €9,000 |
| Ultra-complex audit (bank, critical platform) | 5+ days | up to nearly 1:1 | on quote (> €10,000) | on quote |
For T&M mode, multiply €1,200/day × RDEM days actually spent + €1,500/day × Signal18 days actually spent, with no cap.
When to take the Signal18 peer-review option
Three cases where it is rational:
Compliance with an independent-opinion requirement
ISO 27001 A.5.36, PCI-DSS, SOC 2. The added cost stays small compared with a failed certification audit.
Decision worth ≥ €30k
Migrating AWS RDS to sovereign MariaDB, architecture rework, multi-DC Galera deployment. The Signal18 add-on stays under 10 % of the decision cost.
Critical production
≥ 10 TB, ≥ 1k QPS, SaaS platform, or banking / transactional context.
When the audit alone is enough
Cases where peer review is overkill:
- Pre-sales audit with no implementation commitment.
- Bootstrapping startup, production < 1 TB.
- Technical decision < €20k.
- Mockup or PoC in a test environment.
For the exact scope of the offering, see the MariaDB audit offering details.
FAQ
Who is Signal18?
The company led by Stéphane Varoqui (CEO of Signal18 and formerly MariaDB Corporation), makers of Replication Manager — an open-source orchestration tool for MariaDB / MySQL cluster failover. Recognized vendor-level expertise in the ecosystem.
Why not commission a Signal18 audit directly?
Because I cover the managed services context (your OS stack, your monitoring, your Galera, your Nimbus / PBS backup strategy) while they validate the analysis on pure DBA matters. The two scopes are complementary, not interchangeable.
Fixed-price or T&M: which mode to pick?
Fixed-price if you want budget predictability and your team will respond quickly to my requests for information. T&M if you want guaranteed completeness of the deliverable and you would rather pay for actual hours spent. Most of my clients choose fixed-price.
Can the fixed-price be revised if the audit takes longer than expected?
No, within a +20 % overrun on committed time that I absorb on the RDEM side. Once you commit to fixed-price, your price is locked — but in return, beyond that +20 % overrun (typically when I am chasing you for information that does not arrive), the report will be limited to the leads explored within the committed time. For guaranteed completeness regardless of duration, pick the T&M mode.
How many days for a typical audit?
From 1.5 day for a modest single instance to 5+ days for a complex multi-DC Galera or a banking-grade context. The article's pedagogical reference (4 days) matches a standard production. The Signal18 share varies from 0.5 day to nearly 1:1 with my share depending on complexity.
Does the fixed-price include implementing the recommendations?
No. The audit delivers a prioritized report. Implementation is quoted separately, as discrete days of work or within a Pro or Critical managed services contract, or under a Remote DBA on-call engagement.
Key takeaways
- Fixed-price: locked price, ≤ 20 % overrun absorbed by RDEM, beyond which the report is limited to leads explored.
- T&M: billing on time spent, guaranteed deliverable, financial risk on client side.
- One day = end-to-end work (docs, source code, write-up, async analysis), not a day on site.
- Signal18 peer review: variable share (0.5 day to nearly 1:1), at €1,500/day excl. VAT.
Need a quote for a MariaDB audit?
Describe your stack and I will send back a costed proposal — fixed-price or T&M, with or without Signal18 peer review.