Viewdeck Consulting Limited

DevOps Build Automation and Continuous Delivery Server - PaaS

The Chef Server service provides a build solution for Automation, Configuration Management, Quality Assurance, and repeatable build and delivery of Windows and Linux based servers. Chef provides a service to manage 'recipes' for servers, configured and personalised to environments and server roles. Provides security of Build at rapid pace

Features

  • Secure Linux based Open Source Chef® Server
  • Scalable to support from 1 to 1000's of production servers
  • Resilient and High Availability Solutions, deployable in Master Slave formats
  • Simple Web based interface for each remote management and use
  • Works with Chef Workstation to develop and deploy automation Services
  • Server 'healing' capability to ensure servers remain patched, secured designed
  • Regular server reports on compliance/build status
  • Service includes regular patches, daily backups, support.
  • Debian/Ubuntu based platform for easy of management, configuration
  • Works with UKCloud, Azure, Rackspace, Memset, internal private cloud architectures

Benefits

  • Ensures repeatability in deployment of large scale cloud based solutions
  • Easy to move infrastructure deployment from Development, Test to Production
  • Remove repeated manual steps from Infrastructure build, test and deployments
  • Easy scaling up/out of Cloud services, continuous deployment/delivery
  • Simplifying and Self Documenting infrastructure build instructions.
  • Greatly reduced build time through re-use of 'cookbooks'
  • Built on an NSA compliant Secure Gold build.
  • Swift simple roll-out of server changes to multiple servers
  • Online, for tier1/tier2 via PC, Public/Private, Shared Cloud
  • Supports full digital upgrade (Discovery, Alpha, Beta, Live).

Pricing

£425 to £1194 per instance per month

Service documents

G-Cloud 9

237874223546903

Viewdeck Consulting Limited

Gary Seymour

0203 384 3350

gary@viewdeck.com

Service scope

Service scope
Service constraints A Viewdeck Patch Server is a requirement to provide a patch service and Virus/Rootkit signatures upgrades. A Viewdeck Log Server is a requirement to provide event monitoring for the service. A Viewdeck Monitor Service is required to provide availability and host health check monitoring. Backup Solution providing secure offline remote cloud based storage is required. The Viewdeck Backup Service provides a suitable service. The Secure Mail Server with connectivity to the secure administration mailbox providing alerting and reporting from the hosts. Secure Remote Administrator Access via a suitable secure network. This will vary depending on the hosting environment
System requirements
  • Viewdeck Patch Server for patch and Virus/Rootkit signatures upgrades
  • Viewdeck Log Server for event monitoring for the service
  • Viewdeck Monitor Service for availability and host health check monitoring
  • Backup Solution providing secure offline remote cloud based storage
  • The Viewdeck Backup Service provides a suitable service
  • The Secure Mail Server with connectivity to secure administration mailbox
  • Providing alerting and reporting from the hosts.
  • Secure Remote Administrator Access via suitable secure network.
  • This will vary depending on the hosting environment

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Support response times
mmediate Automatic response. Email Response 'SLAs' is supported for P3 P4 and P5's during normal working hours. All P1's and P2's should be logged via email, and immediately escalated via the help line. Weekend response to email tickets is available as an additional service.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), 7 days a week
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), 7 days a week
Web chat support accessibility standard WCAG 2.0 A
Web chat accessibility testing Web chat accessibility testing
Web chat accessibility testing Our knowledge has come from market research provided by the Slack community.
Onsite support Onsite support
Support levels Viewdeck follows a traditional P1-P5 problem management prioritisation and response model, providing integration and escalation as you would expect to deliver to the agreed service levels. P1 Total loss of service. P2 Some loss of service. P3 Small loss of service or work around. P4 Tasks are made more difficult, but are not impossible to complete. P5 Interferes with non-operational use. All P1 and P2 events are allocated an Incident Manager to see and manage incidents through to successful resolution, providing SPOC, regular reporting, and coordination between various resolver groups. Standard support is Mon-Fri 9-5:30pm. P1’s and P2’s are supported 24 hours a Day, 7 Days a week as standard. Additional extended hours of support are available, either for 8am-8pm Monday-Saturday , or 24 hours x 7 days Week. All services can take advantage of the 24 hour per day web and telephone service, although only P1’s and P2’s will be responded out of supported hours. Additional pricing for these services is based on the product, with further details in our pricing guide. All Viewdeck Services include an Account Manager to manage service issues, and provide a SPOC for clients.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Viewdeck offer assistance to getting stated Self taught CBT training is available as part of the service Additional fixed price packages for other training is also available on request at extra cost
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction On end of contract, Viewdeck can supply the Clients information extracted from the system in native format or configuration files, including XML/JSON format. This can be transferred to the user electronically via secure electronic transfer by arrangement with the client organisation, or via a shared secure File Transfer area. If the client has specific needs for the physical transfer of the data we would support this by additional services for the media and media transport for Data Extraction.
End-of-contract process 30 days before end of Contract, there will be client engagement to confirm the Requirements, agree a plan, any additional services needed, and the Quality Criteria for the delivery of those services to meet the Requirements.

Using the service

Using the service
Web browser interface Yes
Using the web interface Client (normally Technology Administrators) can access the system through a web interface. This allows the Client to gain 'Controlled' access to the key functionality of the service to support Configuration and Data Management.
Web interface accessibility standard None or don’t know
How the web interface is accessible The web interface supports a templates/skin approach that enables it to be configurable and accessible for users to use. This interface is is common use across the community and supported by a wide range of groups. It supports high-contract layouts/formats as well as other key WCAF 2.0A recommendations.
Web interface accessibility testing None at this time
API Yes
What users can and can't do using the API Client (normally Technology Administrators) can access the system through a web based API. This allows the Client to gain 'Controlled' access to the key functionality of the service to support Configuration and Data Management. All Services support REST based API interfaces.
API automation tools
  • Ansible
  • Chef
  • Puppet
API documentation Yes
API documentation formats HTML
Command line interface Yes
Command line interface compatibility Linux or Unix
Using the command line interface Client (normally Technology Administrators) can access the services through a command line interface. This allows the Client to gain 'Controlled' access to the key configuration options that are only available via the package or solutions CLI tools. Most functionality of this kind is configurable via Web interfaces as well. All Services support REST based API interfaces.

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources We use a combination of dedicated services, and proactive monitoring of resource performance. In the event of an impact to a service due to contention or resource utilisation, an incident ticket is automatically raised and the service desk informed. It is then treated accordingly as an event and managed through the resolver groups.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Complete Hosting Configuration due to use of DevOps tooling
  • Transaction level Recovery - RPO less than 5 min
  • Transaction level Recovery - RTO less than 2 hours
Backup controls Back-up Regimes will be defined as part of the Service Set up - Schedules are variable according to the Business Needs
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The level of availability is 99.50%
Our service utilises a service provider that has multiple hosting sites with diverse routing of communications and power. We use a service configuration that makes use of these capabilities to provide a resilient service.
The client would get an alert via an email should there be an outage The client would also be able to view a service dashboard to see the status of their service
Approach to resilience We provide a range of services that correspond to business needs. This includes capabilities that utilise multiple sites, multiple providers and hybrid services based on configuration of commodity and in-house resources. This provides the confidence that service meets the operational service, recovery time and recovery point objectives.
Outage reporting Client Notification( email and/or sms ), Web Portal and option alert via messenger

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Access to management interfaces is via secured VPN only, to known/fixed IP address.

All user access is then controlled via username password , or certificate.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users receive audit information on a regular basis
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users receive audit information on a regular basis
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach We follow approach aligned with CSA STAR and IOS27001. We are in the process of gaining CSA STAR level 1 accreditation
Information security policies and processes Viewdeck has a ISMS with the basis procedures to manage security such as Information security policy and objectives Risk assessment and risk treatment methodology Statement of Applicability Risk treatment plan Risk assessment report Definition of security roles and responsibilities Inventory of assets Acceptable use of assets Access control policy Operating procedures for IT management Supplier security policy Viewdeck has a nominated security officer who ensure security policies are followed and undertakes scheduled audits. The security officer reports directly to the CEO

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Viewdeck utilizes suppliers that follow certified configuration and change management procedures. Viewdeck also uses automated configuration control and management via the Chef toolkit. Viewdeck has its own documented procedures for configuration and change management based on ITIL. All changes are assessed and appropriate assurance steps determined for the change. All changes are tested in a dedicated environment before release to live.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Security vulnerability services ( eg OSWAP ) are used to provide information on threats and criticality.
Application providers and community data sources are used to provide up to date and emerging threats.
Software providers, are used to provide key update and information.
Platform and host patches are typically applied automatically from assured repositories for security relating patches.
Non-Urgent patches will be tested in a progressive process across dev-test-live over the course a month, and applied in a controlled way regularly after assurance/confidence checks have been carried out.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Hosting and Platforms are managed via assured third party suppliers with accredited security compliant solutions. Existing SOC services provide network, host and boundary controls.

Our Services include log capturing, storing and shipping. Logs are available and forwarded to either a client SOC capability, or to a platform/service specific service that can optionally manage, monitor activity.

All services include platform alters and event monitoring around HIDs, AV, lock-down, build assurance, which are monitored daily and used to identify Events. Incidents are raised on the back of alerts from any source , triaged and action-ed as part of the Service incident procedure.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Full description of our Incident Management procedures can be found in our Service Descriptions.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider AWS, UKCloud, Azure, Private Cloud via VMWare, VirtualBox
How shared infrastructure is kept separate Assured virtualisation services for the provision of separated PaaS components on top of accredited IaaS platforms.
Separation is provided with known approved products and services that conform to NCSC cloud principles and have been tested.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £425 to £1194 per instance per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑