FlyingBinary Ltd

Open Source Big Data Platform

Featuring redundant, distributed, fault-tolerant architecture with true NoSQL database, Open Source Big Data Platform resides in the FlyingBinary open source and big data suite, simplifying data integration, management, analysis and data visualisation. The Apache Cassandra database supports true 24x7 operation, delivers huge transaction performance and scales simply and linearly.

Features

  • Always-on distributed and redundant architecture
  • Fault tolerant from component to data centre level
  • Linear scalability to massive data and transaction volumes
  • Open source and commodity hardware
  • Enterprise support and security is built-in
  • Data architecture supports transaction and warehousing workloads
  • Complements Plotly Private Visualisation service

Benefits

  • Advanced architecture eliminates most downtime scenarios
  • Supports true 24x7 availability and operation
  • Scales to citizen-scale or web-scale workloads
  • Open and commodity components provide lowest cost of ownership
  • Enterprise support assures production integrity
  • Single database for both transaction and warehousing reduces cost

Pricing

£3500.00 per terabyte per year

Service documents

G-Cloud 9

677651119927400

FlyingBinary Ltd

Dr Jacqui Taylor

+44 77 899 668 02

jacqui.taylor@flyingbinary.com

Service scope

Service scope
Service constraints Single database for both transaction and warehousing reduces cost
System requirements Linux or macOS clients to access management functions

User support

User support
Email or online ticketing support Email or online ticketing
Support response times We respond to all questions within 8 business hours. Normal business hours are 0800-1800 Mon-Fri excluding UK holidays. We regularly respond to questions within 4 business hours, and we triage all inbound questions to establish urgency and set appropriate priorities.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Our standard support service is by email 0800-1800 Mon-Fri excluding UK holidays and we respond to all questions within 8 business hours. We regularly respond to questions within 4 business hours, and we triage all inbound questions to establish urgency and set appropriate priorities. We can offer several extensions to the standard service at extra cost: extended hours support at 10x7 or 24x7; 4 business hour response; phone support; web chat support; onsite support. The support service is provided for issues, incidents and service requests. We will also respond to questions about how to use the service, but we reserve the right to direct clients to our training services if users are clearly not equipped to use the service competently.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started There are four types of onboarding help available, which may be used in combination: online help; key contact getting started assistance; additional onboarding assistance; service training courses. Key contact getting started assistance is included within the cost of the service. It is usually conducted as an interactive web screenshare session, but may also be provided as a pre-recorded video session with a follow up teleconference, or as an onsite session. Onsite sessions outside the M25 area will incur an additional cost. Online help is available to all client users of the service and is included within the cost. Additional onboarding assistance and service training courses are both provided via the companion Cloud Support service.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction The service has built-in tools that allow user data extraction. These tools are available at any time, not just at contract end, and may be used for any data extraction purpose required. There are no restrictions: all user data may be extracted from the service for any reason, at any time. User data extraction does not require supplier intervention, but clients may choose to limit this functionality to client super users or administrators. There is no limit to the number or size of data extractions performed, but the service is priced on a "fair use" basis for network charges. Excessively large or very frequent data extractions may incur an additional cost or bandwidth limits. Alternatively, the companion Cloud Support service offers assistance with data extraction, at an additional cost.
End-of-contract process Prior to the end of contract/contract renewal date, we discuss the forward plan with the client key contact. In the event of contract end, we work with the key contact to ensure that all user data and collateral is retrieved or extracted before the contract end date. Although there are standard data extraction tools built in to the service, there may be a requirement for special data migration to the client's chosen new service. In that instance, we can work with the new supplier to migrate data to maximum benefit for the client, such work would be performed within the companion Cloud Support service and incur an additional charge. In the event that the client is unable to extract all required data before the contract end date, it is often possible to extend the duration of the data extraction features of the service for an additional period; or to extend the full service for an additional period; so that the client does not suffer unnecessary unavailability.

Using the service

Using the service
Web browser interface Yes
Using the web interface The Open Source Big Data suite of services is built upon the DataStax Enterprise product set and includes the built-in DataStax OpsCenter web-based visual management and monitoring solution. OpsCenter has integrated functionality for real-time monitoring, tuning, provisioning, backup and security management. The ring management aspects handled by OpsCenter, include node provisioning and repair, and ring reallocation. OpsCenter provides a consolidated view of monitoring metrics, and allows ring tuning parameters to be changed directly from the console. OpsCentre does not handle any direct data or metadata management or query functions.
Web interface accessibility standard None or don’t know
How the web interface is accessible The underlying framework in the web user interface is Dojo, which has made considerable efforts to be compliant with WCAG 2.0 A standards. The official statement is, “While Dojo does not make an explicit claim of compliance to W3C WCAG 2.0 Level A or to US Section 508, every attempt has been made to meet those guidelines and to make the 1.0 and future versions of the core widget set, dijit, accessible to keyboard, low vision and assistive technology users.”
Web interface accessibility testing While the core web user interface framework has made considerable efforts to be compliant with WCAG 2.0 A standards, no official testing with metricated outputs has yet been completed.
API Yes
What users can and can't do using the API The API includes several language drivers allowing applications built in C/C++, C#, Java, Node.js, Python and Ruby. Practically everything can be automated through the API, from basic cluster operations such as auto node discovery and connection pooling, through to CRUD data manipulation, query execution and table management. The API supports synchronous and asynchronous (non-blocking) modes, with simple, prepared and batch statements. The fluent API includes a query builder and an object mapper that simplifies converting domain classes to and from query results. Convenient execution features include automatic reconnection, configurable load balancing and automatic configuration for any cluster size.
API automation tools
  • Ansible
  • Chef
  • Puppet
  • Other
Other API automation tools
  • Docker
  • Mesos
API documentation Yes
API documentation formats HTML
Command line interface Yes
Command line interface compatibility Linux or Unix
Using the command line interface Several command line tools are provided, both for cluster management and data manipulation. Preflight tools verify cluster configuration; management tools provide node start and stop functions and cluster control. Other utility tools manage external clients and perform cluster stress testing. The Cassandra Query Language (CQL) shell allows users to issue data definition statements to manage data storage objects including keyspaces, tables and views. Users can also manipulate data directly with full CRUD capability, including support for user defined types and aggregates. Cassandra select statements allow users to retrieve data in raw form, or as the results from native or user-defined aggregates or transformation functions.

Scaling

Scaling
Scaling available Yes
Scaling type Manual
Independence of resources Our testing tells us the lower and upper levels of cloud resource required to maintain performance for normal levels of demand. We reserve and dedicate the lower level of cloud resources to each client, so that no client user can impact the performance of any other client. As client demand increases, we monitor performance and ensure that additional cloud resources are available to maintain performance, to the upper level. The service is priced on a "fair use" basis, so exceeding the upper level of demand means either reduced performance, or request further cloud resources, at additional cost.
Usage notifications No

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • Disk
  • Memory
  • Number of active instances
  • Other
Other metrics
  • Java Virtual Machine (JVM) heap
  • Operations per second
  • Node status
  • Latency
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery No

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.9%
Approach to resilience All cloud resources are virtualised, so there is no dependency on any single hardware component. The underlying infrastructure is 99.999% available. All service components are replicated at a second site. This provides geographic (availability zone) resilience, in addition to providing an alternate source of service provision in the case of some outage that affects multiple hardware components, or a whole data centre or geographic location. All client deployments are managed as separate cloud instances, ensuring that performance-affecting activity occurring in one client deployment cannot impact any others. In addition to the dual site service, there is also the option of a cheaper, single site option. This still has all the benefits of the resilient cloud infrastructure, but lacks the additional geographic resilience provided by second site operation.
Outage reporting Service affecting incidents are reported to client key contacts by email. Service affecting incidents include any observation of diminished service performance, reduced or missing functionality and not just observation of service outage. Initial emails may include only a report of the observation. Follow up emails will include notification of full service restoration, or estimated time to restoration, or additional details of mitigations or workarounds. Client key contacts may also request further details or additional help, as the emails are issued by a client support team, capable of responding to requests for additional information; the emails are not issued by "no-reply" mailboxes.

Identity and authentication

Identity and authentication
User authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
Access restrictions in management interfaces and support channels Opscenter is installed on a client machine, for example an admin's Linux or Mac laptop. It can also be installed on a dedicated server and accessed remotely. Depending on the choice of management machine, the access can be restricted to a separate, dedicated network access point. Within Opscenter, individual user accounts are assigned to one or more roles. The roles contain permissions for different access requirements, and therefore provide access on a specific grant basis.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach Our security governance is meshed with our corporate governance, with our CEO having final responsibility for G-Cloud services and governance policies and our CTO having day-to-day responsibility for policy implementation. Our policies cover people, processes, technology and information assets, at board, management and operational levels. We review our policies and update our practices in light of new regulation, standards and best practice to ensure we are able to counter current and emerging threats.
Information security policies and processes Our information security policy follows guidance in ISO27001, is owned by our CEO and implemented by our CTO. The top level Information Security Policy is supported by Architecture, Operations and Client Access policies. The policy states security objectives and establishes principles to ensure current and continued adherance and continual improvement. The policy set is integral to staff induction and all staff are required to agree and accept that information security governance is a core working principle. Operational checklists enforce security practices at the day to day level, and activities cannot be signed off without verified completion. The checklists also contain sections for feedback and challenge so that we actively improve. All staff are expected to challenge, because if we don't, bad actors will. Standard reporting flows from operational analyst or team lead to manager to CTO, but any staff member can invoke exceptional reporting directly to management or board, to ensure that important issues receive appropriate attention. Internal reviews ensure that all information security processes are working smoothly and as designed. If exceptions are found, we perform root cause analysis to understand if/how we need to change working practice to support our information security objectives.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Service hardware components are managed by our data centre suppliers. Component lifecycle management is accredited to ISO27001, including storage overwrite and secure destruction. Service software is assembled from existing software components (proprietary and open source), is obtained only from the official repository, and security checked before use. No custom software is used. The service deployment checklist records all versions and change dates. Planned infrastructure or software changes are reviewed for new or changed features or capabilities, and internal software library dependencies. If needed, configurations are changed to disable unnecessary new features or mitigate any additional security exposure.
Vulnerability management type Supplier-defined controls
Vulnerability management approach We monitor vulnerability feeds, vendor and security researcher blogs to understand emerging threats. We then make an assessment to confirm any potential to affect service, and if so, determine severity and likelihood. Based on our assessments, we create a mitigation plan that may include a change to operation practice, a planned upgrade or an emergency upgrade. Operational changes and emergency upgrades are carried out as soon as reasonably practical following assessment and planning. Planned upgrades are accommodated within the normal upgrade or patching cycle.
Protective monitoring type Supplier-defined controls
Protective monitoring approach System event monitoring is used to facilitate the identification, classification and analysis of potential security incidents. Any security-related incident is classified as a severely service affecting incident, is escalated accordingly and actioned immediately. Different techniques and processes are employed to mitigate and recover service integrity, depending on the nature of the incursion. Further details are available on request.
Incident management type Supplier-defined controls
Incident management approach All service incidents follow a standard process. A triage step classifies to: common event not service affecting; service affecting; severely service affecting. Common events are handled by following a routine process. Events affecting service severely are immediately escalated to acquire necessary resource and management support. All other incidents are handled by the respective support team. Clients can report incidents by email to the support team. Update reports and communications are issued for all client-reported and service affecting incidents. When service affecting incidents are resolved, root cause analysis is performed to determine mitigating actions.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used VMware
How shared infrastructure is kept separate While cloud resources are fully virtualised for flexibility and scale, our security is hardware based and implemented at the network layer directly on Cisco switches, allowing both high security and high performance. Individual cloud compute and storage resources are accessed via secure VLAN segmentation on top of this configuration. The combination of VMware vSphere hypervisor and high speed access to block storage via fibre channel allows full customisation of cloud resources. Security and network services available include customisable firewalls, network address translation, virtual IP addresses, load balancing and multicast.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £3500.00 per terabyte per year
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑