EnterpriseDB

EDB Postgres Cloud Database Service (CDS)

A hosted cloud database service that enables easy, self-service provisioning of highly available Postgres clusters or single instances on public clouds such as AWS. Includes auto-scaling, high availability, load balancing, data encryption, elastic storage, backup and recovery, cluster health monitoring, pre-defined templates. Support included. On demand or Reserved instances.

Features

  • Auto-scale with streaming replication, connection pooling, load balancing, elasticity.
  • Resiliency: cluster health monitoring, automated failover, backup/recovery, secure encryption.
  • Streamlined Migration - compatibility features/tools move Oracle databases to Postgres.
  • Multiple regions; General purpose and memory optimized instance types available.
  • Supports both EDB Postgres Advanced Server and PostgreSQL databases.
  • Extension modules - PostGIS, Contrib, SQL/Protect, Index Advisor, SQL Profiler.
  • Procedural Language Support: PL/PgSQL, PL/ Perl, PL/TCL, PL/Python, PL/Java, PL/V8.
  • Support included free with subscription, delivered by certified Postgres specialists.
  • Free, full-featured trial, no credit card required.
  • Flexible pay-as-you-go pricing, discounts with reserved CDS.

Benefits

  • On-Demand – EDB Postgres and PostgreSQL databases launched in minutes.
  • Cloud-based elasticity and automation ensure access to critical applications.
  • Resource consumption managed with templates to meet business requirements.
  • Simplified by running the same Postgres everywhere: on-premises and cloud.
  • Built-in Oracle compatibility with EDB Postgres Advanced Server databases.
  • Migration Portal integration - export your migrated schema to CDS.
  • Auto-scaling/failover/backups meet application high availability/disaster requirements.
  • Enterprise Support add-on provides best practice guidance and 24x7x365 support.
  • Define teams and roles to simplify and enable DevOps processes.
  • Operations/admin staff maintain control over dev, test, production environments.

Pricing

£0.10 per instance per hour

Service documents

Framework

G-Cloud 11

Service ID

3 1 3 0 7 0 4 8 5 6 9 2 7 6 0

Contact

EnterpriseDB

Matthew Peachey

44-7801-383565

matt.peachey@enterprisedb.com

Service scope

Software add-on or extension
No
Cloud deployment model
Public cloud
Service constraints
No.
System requirements
  • CentOS 7.x
  • Amazon EC2
  • Microsoft Azure

User support

Email or online ticketing support
Email or online ticketing
Support response times
Basic Technical Support is included with a Cloud Database Service subscription with a same business day response goal. EDB can be reached Monday through Friday, 8am - 6pm ET, via email at cds-help@enterprisedb.com or get help on PostgresRocks.com.
Enterprise-level Support is optionally available for an additional fee, useful for production deployment or other critical workloads. Enterprise Support is 24x7 with a 30 minute initial response goal, and includes direct phone support as well as best practice guidance. Support at both levels is delivered by a certified team of experienced Postgres database professionals.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
The web chat software being used by EnterpriseDB is LiveChat by LiveChat, Inc.
Per LiveChat, Inc, Supporting WCAG standards is a feature requested by multiple customers and is in their roadmap, however an exact ETA is not provided.
Web chat accessibility testing
We use a 3rd-party tool called LiveChat to provide web chat, so any testing done with assistive technology users would have been done by the vendor.
Onsite support
No
Support levels
Basic Technical Support is included with a Cloud Database Service subscription at no extra cost, with a same business day response goal. Basic Support is available Monday through Friday, 8am - 6pm ET, via email at cds-help@enterprisedb.com or get help on PostgresRocks.com, with inquiry and knowledge base options available.

A higher-level, Enterprise Support option is available for an additional fee, useful for production deployment or other critical workloads. Enterprise Support is 24x7 with a 30 minute initial response goal, and includes all Basic Support features as well as a direct phone support channel as well as best practice guidance. The cost for Enterprise Support is based on a tiered fee structure based on usage of the service and related resources, with a $200 USD per month minimum.

Support at both levels is delivered by EDB's certified team of experienced Postgres database professionals.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The EDB Postgres Cloud Database Service (CDS) enables easy, self-service provisioning of highly available Postgres clusters or single instances through an intuitive web application interface. Getting started with the service is straightforward and no specific training is required. After registering, users only need to complete a few steps in order to deploy their first Postgres cluster, and use a wizard-like, step by step process to define the basic cluster configuration. Pre-defined database templates – for common configurations for developer, departmental, read-scale, production, and enterprise use cases, are available and make starting to use the service even faster.
In addition, comprehensive user documentation, the CDS User's Guide, is available as a .PDF or .HTML file directly from with in the CDS user interface or from the EDB web site, and contains basic getting started information as well as comprehensive documentation of the included features.
Users can also find relevant FAQ and Knowledge Base articles in the CDS Resource Center on PostgresRocks.com (https://postgresrocks.enterprisedb.com/)
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
If buyers stop using the EDB Postgres Cloud Database Service or Terminate a Subscription, an export of the data can be made available to you upon request within 7 days of cancellation. This is requested by contacting cds-help@enterprisedb.com for assistance. See the CDS Terms of Service for related cancellation terms.

Any special data handling requests beyond a basic export, such as data modification, transformation, and transfers may require Professional Services and incur additional fees. Requests to maintain, hold, store or otherwise maintain data beyond 7 days post cancellation would also require a signed change order.

Upon cancellation or termination, the Application and all applicable data will be permanently deleted from the EDB Cloud Database Service on the seventh day following termination.
End-of-contract process
Any special data handling requests beyond a basic export, such as data modification, transformation, and transfers may require Professional Services and incur additional fees. Requests to maintain, hold, store or otherwise maintain data beyond 7 days post cancellation would also require a signed change order.

Customers are allowed to cancel at any time and if using the pay-as-you go, On-Demand billing mode, EnterpriseDB will prorate payment based on the point in the month that was reached before cancelling your Subscription. Upon cancelling, you will be billed for the prorated amount immediately and your account will be terminated. For Reserved CDS billing mode, there is no credit for pre-paid subscription fees if the contract is cancelled prior to the contract term end-date.

Upon cancellation or termination, the Application and all applicable data and associated cloud resources will be permanently deleted from the EDB Cloud Database Service on the seventh day following termination. User accounts are disabled.

See the CDS Terms of Service for related cancellation terms.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Users can access the software management features through mobile browsers. However given screen size restrictions this is not recommended.
Service interface
Yes
Description of service interface
Customers use a web-based portal that can be accessed by any of the browsers listed in this application. This portal is the initial interface to the service and allows administrators to perform end user administration functions, check billing, increase capacity, purchase reserved instances, and launch the CDS console to configure and deploy database clusters.
Accessibility standards
None or don’t know
Description of accessibility
While we have not formally assessed the EDB Cloud Database Service against WCAG Accessibility standards, we employ some of policies and practices that adhere to various criteria, including using tool tips, help functions, distinct color coding, titles, and prompts. We may pursue meeting accessibility standards in the future for CDS.
Accessibility testing
We have not done formal testing of the EDB Postgres Cloud Database Service with users of assistive technology but do follow certain best practices related to accessibility, as described above. Also in some cases, our QA team will perform testing with zoom controls and large fonts.
API
No
Customisation available
No

Scaling

Independence of resources
Each user account uses independent web services resources to host their databases - with no shared compute and storage. EDB's CDS leverages the cloud providers scaling infrastructure.
The controlling administration consoles are used by multiple user accounts with monitoring for throughput and performance load on consoles

The EDB Postgres Cloud Database Service sits within the buyers cloud infrastructure of choice. All DB instances for are private instances and respect the isolation and processing independence such instances are afforded by the cloud infrastructure provider. EDB Postgres database instances are not shared with other users outside of those authorized by the buyer.

Analytics

Service usage metrics
Yes
Metrics types
Within CDS, metrics are provided for resource utilization, cluster health, and backup status, and dashboards on the Monitoring Panel within the service interface provide metrics for: the amount of allocated data space used by the selected cluster against the user-defined threshold, the number of connections to the cluster within a specified time frame, and the load chart displays the processing load placed on the CPU by connecting clients. Cluster health metrics are provided for the virtual machines, cluster HA state, and package status.
Users can also see usage information for public cloud web resources that are not yet billed.
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
Database instances launched through the EDB Postgres Cloud Database Service are on infrastructure supplied by a public cloud provider of web services, chosen by the buyer when selecting a regional deployment console. They or their cloud supplier of choice have complete control of their data and its security including the encryption of data on disk or encrypting selected columns of data in the database. Encryption in transit is always enabled, and encryption at rest is enabled with the a user selectable checkbox in the system interface for cluster creating, cloning, and scaling options.
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
EDB Postgres Cloud Database Service is a complete end-to-end managed DBaaS solution that enables easy, self-service provisioning of highly available Postgres database clusters or single instances in the public cloud. Data is hosted on the system in the selected public cloud provider region and availability zone.
Upon subscription termination, an export of the data can be made available upon request within 7 days of cancellation. Contact cds-help@enterprisedb.com for assistance.
Data export formats
Other
Other data export formats
SQL
Data import formats
Other
Other data import formats
  • SQL
  • Import directly into database using the EDB Migration Portal.

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Client connections use secure protocols and ciphers, servers are configured to reject anything insecure. All HTTPS servers have A+ rating (www.ssllabs.com); all secure traffic uses TLS 1.2 or later; SSL certificates; HTTP Strict Transport Security enabled;Encryption in transit is always enabled, encryption at rest is enabled within create/clone/scale user options.
Continuous Monitoring/Alerting enabled for all servers - +cloud-watch logs. SNS topics send email when alarms trigger. Alarms are set for any suspicious activity in any of the server or database related to the service.
IPs must be specified and we whitelist access.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
CDS is hosted on public clouds and buyers databases are not within the EDB network. CDS has an option to create encrypted clusters, using aes-xts-plain(512-bit) cipher suite to provide an encryption environment that is secure/transparent to connecting clients. When enabled, everything residing on the cluster is encrypted except for the root file system.
We ensuring that the client connections are using secure protocols and ciphers and the servers are configured to reject anything insecure.
All HTTPS servers have A+ rating (www.ssllabs.com)
SSL certificates use 4096 bit keys, and must use SHA256 signatures at minimum.
HTTP Strict Transport Security is enabled.

Availability and resilience

Guaranteed availability
High-availability database clusters are created and managed with the EDB Postgres Cloud Database Service, as database clusters are distributed across multiple availability zones and are fault-tolerant. Streaming replication is used to synchronize the replicas across the cluster with built-in load balancing and connection pooling among all active instances. The cluster manager constantly monitors the state of each cluster and if any instance goes offline, the cluster's load is re-balanced among the remaining servers while the instance is automatically replaced. If a replica fails, CDS automatically spins up a new replica instance and attaches it to the master database. With the default healing configuration, in the event of a failure of the master node, an existing replica is used to replace the failed master node. The cluster continues operating during the replacement process. Two modes of automation are supported by the cluster manager: creation of a new master to replace a failed master node, or promotion of a replica node to be the new master node for the cluster.
SLAs for CDS follow the standard EDB production level SLAs, and service credits are appended to the end of a contract in the case of SLAs not being met.
Approach to resilience
User's clusters deployed using the EDB Postgres Cloud Database service sit within the buyers selected public cloud infrastructure based on a provider and region console selection in the service interface. Resilience is therefore partially controlled by their own network resilience and software configuration as well as by the resilience of the infrastructure of their cloud provider of choice. For the CDS Service, we have multiple layers of security, redundancy, and monitoring built in, but do not want to make the details of this public.
For database clusters provisioned via CDS, the solution provides automatic, self-healing failover and automatic online backup to protect from data loss. Replicas are automatically scaled out based on increasing user demand. Automated connection pooling and load balancing increases database read performance by distributing requests across all cluster members.
Outage reporting
Monitoring for the EDB Cloud Database Service consists of the active monitoring of 3 layers: database, server, and cloud infrastructure. Databases are monitored for availability and performance, with defined thresholds and alerts that notify our operations team of certain issues.
Our team also utilized advanced monitoring solutions that combine the robust monitoring capabilities of EDB Postgres Enterprise Manager (“PEM”) with AWS CloudWatch metrics, internally developed technology, and other 3rd party tools. The EDB CDS Operations team utilizes a mature event and incident management methodology to sustain the solution, enabling detection and management of issues that arise through alerts (events), and fast action for resolution. The team responds to each alert according to severity and SLA. Outages are reported immediately to the EDB operations team through automated alerts, and e-mail alerts for critical severity 1 issues are provided to the customer.

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Authentication and role-based access controls restrict access in management interfaces and support channels. Administrators can add users to the system, and users are members of teams, and each team has a defined role. Roles provide access control and are segmented as: Admin, Provisioning, Billing, Support, and User Management. Users can be members of one or more teams and therefore may have one or more associated role.

Only users with the administrator role or defined Support Portal access have access to open, view, and manage tickets, however public knowledge base support is available to all users.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
Yes
Who accredited the PCI DSS certification
Self-Assessed PCI DSS SAQ-A with Attestation of Compliance
PCI DSS accreditation date
12/09/2018
What the PCI DSS doesn’t cover
Not applicable.
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Security is governed by the cloud service provider and/or the customer's internal network.
Information security policies and processes
We follow best practices and have appropriate separation of duties and have sound, auditable processes in place pertaining to it:
A) Application and Database Servers Access: SSH access to servers is restricted through bastion host,CDS operations team can access the server using individual key only via bastion host;all accounts are MFA enabled; All systems are enabled for remote sys-logging to the IT monitoring server
B) Access to Infrastructure Restrictions - System access is restricted to authorized personnel only. Staff access to all systems are granted and revoked where IT & HR handle for new hires/leavers to ensure accounts are monitored and closed properly
C) AWS Accounts and Infrastructure: User accounts must be issued to “required users” only;All accounts must have MFA enabled;and must be provisioned using IAM with policy adhering to grant least privilege
D) Auditing: Database;OS;Support advises CDS Ops of requests, CDS Ops logs an Internal Helpdesk request with IT, enabled for all the servers. Audit trails for OS and Database are maintained and sent to secured servers maintained by IT, restricting access to the sys-logs/database-logs;Customer Requests can be made from CDS-Help, with a two-business day turnaround goal.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
EDB uses formal change management processes for development and for the introduction of new features into the service, and utilize separate development and staging environments for testing. We also have a separate QA team testing each release and evaluating software service changes for potential security impact, as well as related DBaaS Operations processes. Formal deployment checklists and validation processes are in place. Configuration and change management concerns for data housed in the databases are the buyer's responsibility.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As a public cloud DBaaS, the underlying infrastructure used is based on the buyer's chosen cloud provider. Vulnerability management is the responsibility at multiple layers including EDB, the buyer, and the cloud provider. For the database, EDB receives alerts from public cloud providers and watches the PostgreSQL user community for emerging vulnerabilities and will issue patches for customers to apply as needed. Additional tools inside the database are available for added security such as roles, row level security, view security barriers, SQL injection protection, SQL GRANT/REVOKE, column level permissions. We also have robust system monitoring and alerting protocols in place.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
The EDB software including the CDS management console is monitored around the clock with multiple software monitoring tools that provide alerting capabilities to a standby DBaaS operations team, staffed 24x7. Any potential compromises or incidents are responded to as soon as an alert is raised. Production servers are monitored at multiple levels including the operational controlling databases, the CDS Service application layer, the management console, and the CDS Portal.
Incident management type
Supplier-defined controls
Incident management approach
The EDB software including the CDS management console is monitored around the clock with multiple software monitoring tools that provide alerting capabilities to a standby DBaaS operations team, staffed 24x7. With over 10 years of providing RemoteDBA services for Postgres, EDB uses mature and robust processes to respond to common events. Any potential compromises or incidents are responded to as soon as an alert is raised. Users can report incidents to cds-help@enterprisedb.com and EDB provides incident reports to users as soon as practically possible. We also communicate status changes through the CDS dashboard.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.10 per instance per hour
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Full-featured trial, no credit card required. Access to all CDS features and cluster operations: Scale up to add replicas, Integrated backup and automated cluster healing, Auto-scaling of storage and server connections, cloning, compatibility with Oracle, Technical Support.
t3.micro, t3.small types, maximum 5 nodes
Free trial resources auto-deleted after 48 hours
Link to free trial
https://www.enterprisedb.com/cloud-database-service

Service documents

Return to top ↑