FEXCORP LIMITED

Computerko Enterprise Web Hosting

Computerko enterprise Cloud Hosting is for hosting simple to a complex web application(s) i.e. Website, CRM, Database, Email server or ERPs. It provides 99.99% uptime while delivering high-level redundant techniques with around the clock customer services.

Features

  • Unlimited SSD Disk Space and Bandwidth
  • Autoscaling and loadbalancers
  • Different Operating system, distribution and database type
  • Firewall, MFA and SSO compatible with Active Directory/SAML/LDAP
  • Remote access - Browser, FTP and SSH
  • Contend Delivery Network, Caching and option for data versioning
  • Six instances (Development, Testing, Staging, Live, DR, Email Server)
  • Automatic Daily Snapshot backup with RTO/RPO 24/48 Hours respectively
  • 99.99% system availability
  • Logical private data network or option for dedicated data network

Benefits

  • No data or bandwidth usage cap
  • Agile scaling of resources during offpeak and peak times
  • Choice of Operating System via Self service portal
  • Secured login, also configurable using active directory
  • Remote access from anywhere using FTP, Browser and SSH
  • Fast data download with CDN and data versioning during development
  • Seperate instances for (Development, Testing, Staging, Live, DR, Email Server)
  • Meet Disaster recovery requirement with the oneclick DR server
  • Meet the GDPR requirement and UK G-Cloud Security by default
  • Customer data seperated by default using logical networks

Pricing

£250 to £22000 per instance per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11

698474045646140

FEXCORP LIMITED

Samuel Emunemu

02070960777

ask@computerko.com

Service scope

Service scope
Service constraints Service is only accessible remotely.

All Support request must be made remotely and resolved remotely.
System requirements
  • Operating Systems - Windows, Linux or Rasbian
  • Commnad Line Interface
  • Host or Endpoint Devices
  • Modern Browsers

User support

User support
Email or online ticketing support Email or online ticketing
Support response times This is a 24 hours service with a response time of 10 minutes
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard WCAG 2.1 AA or EN 301 549
Web chat accessibility testing No Assistive testing has been done at this time. Although in our improvement roadmap, there is testing to be carried out in October 2019.
Onsite support Yes, at extra cost
Support levels Computerko Levels of Support:

1. Help Desk - This is free of charge
2. System Admins -This is free of charge if within framework or agreement
3. Our DevOps Engineers - -This is free of charge if within framework or agreement

Account manager: Our account managers are very experienced with a minimum of 5 years of experience working with Cloud technology.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Users can start using our services straightaway by following the following simple step by step guide (summarised).

1. Login to their portal (change their password)
2. Follow steps to provisioning their required service

NB: The service Portal elements may not be suitable for a 'Monkey User' although there is online documentation and onboarding training to assist them with vendor-specific terminologies and industry standard terminologies.

Training:

Users can opt into online or onsite training to be able to be familiar with the portal and various terminology of the service but this service is at a cost.

Support:

Users can open support tickets if they require clarification

User:

It is highly recommended for Users to read the user documentation to get a holistic view of the service at their own pace.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Users can export their data from the Service anytime they want including at the end of the contract.

For small data, they can use services like web downloads, File transfer protocols etc.

For large data export, users can use CLI or API to compress and archive their data in these two formats;

GNU gzip
GNU tar

This services or commands can be run at any time throughout the lifetime of the contract.
End-of-contract process The Service standard cost comes with

1. Four instances with associated preconfigured packaged services like volumes, a domain name, nodeBalancers, Reverse DNS etc comes as standard. Full package details will be disclosed in the commercial section.

2. Remote priority Support as an enterprise customer of 10 mins SLA with other quick and strict response KPIs

3. Access to online user documentation

Professional Service (additional cost)

1. Online training
2. Face to face training
3. Face to face support
4. Development services
5. Server configuration outside specification stated in commercial documentation

Using the service

Using the service
Web browser interface Yes
Using the web interface SOME OF WHAT YOU CAN DO

Computerko Web Tools

i. Filemanager, FTP setup, SSH setup, Database setup, PHP configuration, Stats

ii. DNS Management, Setup Domain names

iii. Backup and Restore

iv. Email Management and Webmail

v. OneClick installs

Compute and Networking

i. Create and manage Web servers

ii. Manage DNS

iii. Manage Private Network

Database

i. Create and deploy SQL and NoSQL database

ii. Configure memory cache system

iii. Configure and deploy relational database

iv. Special tools to manage large database (petabyte-scale)

App Services

i. Set up workflows

ii. Push Notifications

iii. Email sending services

Storage and content delivery

i. Setup and manage different types of storage

ii. Integrate on-premise IT environment with Cloud storage

Deploy and Management

i. Monitor instances/applications

ii. Manage workflows

iii. Setup application containers

iv. manage access to users

v. DevOps tools

Security

i. Multi-factor authentication management

ii. API setup and configuration

iii. Free and Premium SSL setup

iv. Users access management

v. Setup and manage firewall

WHAT YOU CANNOT DO
Web interface accessibility standard WCAG 2.1 AAA
Web interface accessibility testing N/A
API Yes
What users can and can't do using the API Users can just about do almost all the services that can be performed on the web interface 'Cloud Manager'.

For example, Users can set up the following services via API;

Creating an Instance
curl -H "Authorization: Bearer $TOKEN" \
-H "Content-type: application/json" \
-X POST -d '{
"type": "g5-standard-2",
"region": "eu-london",
"image": "linode/debian9",
"root_pass": "root_password",
"label": "prod-1"
}' \
https://api.linode.com/v4/linode/instances
A simplistic approach will be;
curl https://api.linode.com/v4/regions | python -m json.tool

Booting an instance
curl -H "Authorization: Bearer $TOKEN" \
-X POST \
https://api.linode.com/v4/linode/instances/$linode_id/boot

Resizing a block Storage
curl -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-X POST -d '{
"size": 2000
}' \
https://api.linode.com/v4/volumes/$volume_id/resize

Create a DNS record;
curl -H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-X POST -d '{
"type": "A",
"target": "123.456.789.101",
"name": "sub.example.com"
}' \
https://api.linode.com/v4/domains/$domain_id/records

Changes;

The uses a standard RESTful architecture. HTTP verbs have predictable results across the API:

i.e.
GET retrieve information about a resource.
POST collect or to create a new resource of that type
PUT can Update a resource.
DELETE can Remove a resource

The Overall Limitation is that the API service can only perform tasks and service provided by the web interface 'Cloud Manager'.
API automation tools
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Puppet
  • Other
Other API automation tools
  • Munin
  • Cacti
  • Laravel
  • Selenium Grid
  • Nightmare.js
  • Git
  • Webhooks
  • Stackscripts
  • R-diff backup
  • Jenkins
API documentation Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
  • Other
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface Computerko users can create any service that the Cloud Manager can create using CLI.

These are some of the examples;

Creating an instance;

linode-cli linodes create --root_pass mypassword --region eu-london --image linode/debian9 --group webservers

Create a Domain

linode-cli domains records-create $domain_id --type A --name subdomain --target 192.0.2.0

Create a new Volume, with the size specified in GiB;

linode-cli volumes create --label my-volume --size 100 --linode_id $linode_id

Create a NodeBalancer;

linode-cli nodebalancers config-create $nodebalancer_id

Users can make changes to the services above by following the following steps

Boot, shut down, or reboot an instance;

linode-cli linodes boot $linode_id
linode-cli linodes reboot $linode_id
linode-cli linodes shutdown $linode_id

Add an IP to an instance;

linode-cli linodes ip-add $linode_id --type ipv4 --public false

or Private IP by;

linode-cli linodes ip-add $linode_id --type ipv4 --public true

Delete a Domain

linode-cli domains delete $domain_id

To delete a node, you will need the ID of the NodeBalancer, configuration, and node
linode-cli nodebalancers node-delete $nodebalancer_id $config_id $node_id

The general limitation is that the CLI will only run service available in the web interface.

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Computerko use NodeBalancers to meet this requirement, NodeBalancers makes sure that the User experience is always at an optimum if not exceeding user requirements in terms of web server performance when there is a heavy load on the server. NodeBalancers will spread the load across multiple logical servers automatically. These are other ways it can help meet the high demand of the service;

SSL Termination
Multi-port Balancing
Passive and Active Health Checks
Connection Throttling
Session Persistence
Pooled Network Transfer
Static IPv4 and IPv6 Addresses
Full API Support
Usage notifications Yes
Usage reporting
  • API
  • Email
  • SMS

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra support
Organisation whose services are being resold AWS, LINODE, 20I.COM

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach By default, data at all stages of its life cycle is treated as confidential with appropriate controls in place excluding customer publicly accessible data

Protecting data rest by the following design: IT infrastructure has pre-built tools and protocols to allow encryption of block and elastic data within our Networks.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Entire instance
  • Database
  • Object Storage/files
  • Volume storage
Backup controls Users can backup an entire instance or volume using Cloud Manager.

Users can also schedule backups in Cloud Manager in line with their respective business requirements.

Users cannot backup individual files or databases etc using Cloud manager, although they can do this using other tools of protocols, for example, FTP, File manager, database management interfaces i.e. PHPMyAdmin etc.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Data at in-transit is protected with the use of SSL/TLS technology between endpoints while leveraging it with the latest VPN technology.

Data at rest is protected is implemented with the SSL/TLS protocols by default.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection within supplier network These are some of the ways but not limited to the following how we will protect our Customers data within our own network

1. Personal and physical security policy implementation
2. Secure equipment disposal
3. Data sanitisation techniques
4. Physical or Logical Separation of data from other Customers
5. Supply chain security
6. Secure identity and authentication
7. Operational security measures
8. etc

Availability and resilience

Availability and resilience
Guaranteed availability Computerko system reliability encompasses the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
The system designed storage systems for exceptional resiliency. For example, our block storage is all designed to provide 99.999999999% durability of objects over a given year.
The system’s instances are guaranteed a 99.99% availability.
Our business continuity RTP and RPO are 24 and 48 hours respectively.
We also leverage business continuity with a warm sided server backup that can be switched to at any time when there is fail or transient issues with the main production instance.
The Production server is monitored automatically and manually 24 hours and 7 days a week by experience system engineers with industry leading tools. This allows us to be agile and proactive in the scenario when we will have to act.
There is also a 24/7 support for Users.
Service credits are applied on request from users after a subsequent SLA breach but this service credit can be agreed on ad-hoc basis between users. Although our default service credit is 10 GBP per breach up to 100 GBP per month.
Approach to resilience Available on request
Outage reporting Outage reporting are managed

Automatically by the following;
API
Email
SMS services

we implement this by using a workflow engine to specifying acceptable conditions to trigger actions above.

Manually
We also leverage the lapses left by automated reporting by using 24/7 server monitoring by our support staff. Once they observe any abnormality they escalate or report an internal request to our DevOps team which are always on standby.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels Internal Users access to the system can be restricted by the use of the RBAC (role-based access control) API or web-based interface of the system i.e.

Users can only view/edit data or services within the system a designated system Admin has given Users the privilege to view/edit.

External Users can use username and password and Multi-factor authentication provisioned by a system admin to become an internal user.

NB: External Users in this context are users not logged into the system
while Internal Users are users logged into the system.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for Less than 1 month

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications Cyber Essentials

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards ISO 14001:2004
ISO 22301:2012
ISO/IEC 27001:2013
ISO 50001:2011
ISO 9001:2008
OHSAS 18001:2007
PCI DSS
SOC 1
SOC 2 Type 2
Information security policies and processes Computerko core security policies;

Data Protection
Asset Protection
Customer Data Separation
Governance;
(a) Risk assessment
(b) Information security control
Operational Security
Personal Security
Secure Development
Supply Chain Security
Secure consumer management
Identity and Authentication
External Interface protection
Secure administration
Audit information
Secure use of the service

We have a governance framework that enforces these policies under one globally. The governance frame ensures that all policies are implemented following practical processes. It also put the onus on our staffs to adhere to the policies and provides training where applicable.

Incidents are reported to the Chief Security Officer, Yevgen Kyrlov, Yevgen Krylov may seek implementation approval from the Director with documented rationales why the approval is requested.

Information spreads easily within our organisation as we are a small team of 1-10 staff.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Routine, emergency, and configuration changes to the infrastructure are authorized, logged, tested, approved, and documented in accordance with industry norms such as Information Technology Infrastructure Library (ITIL). Our change management process is designed to avoid unintended service disruptions and to maintain the integrity of service to the customer.

Services tracked
Vulnerability management type Supplier-defined controls
Vulnerability management approach (1) Penetration Testing
This to be carried out by an accredited testing body with the results sent to our DevOps Team
(2) Characterising
The DevOps team will analyse and categorize the vulnerability in priority from 1-5, with 5 being the most severe.
(3) Being Proactive
The DevOps team will create security roadmap according to priority and start applying patches from the most severe to the least while running internal Penetration tests with industry-leading tools.
(4) Monitoring
Our CSO checks Pen test result against ‘Symantec and VulnDB’ for potential gaps
(5) Optimizing
Potential Gaps are further patched and characterised.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Computerko use the following methodologies to continuously monitor our systems for any abnormalities i.e. Comprehensive intelligence and 3rd party libraries, Restful API, Vulnerability metadata, Historical data, Email and SMS alerts, Server activity metrics, Reporting.
These abnormalities are potential compromises that are proactively checked if the activity is genuine, if not genuine, it maybe a compromise.
Once we identify a compromise, we can do one or more of the following but not limited to i.e. Implement incident management plan, follow our business continuity plans, for high and low impact priority, partially shut down or restrict the system to affected areas respectively.
Incident management type Supplier-defined controls
Incident management approach Computerko predefined common incident management follows the standards laid out by ITIL i.e. identification, logging, categorization, prioritization, diagnosis, escalation to DevOps support, Incident resolution, Incident closure, Communication with the User.
Users can report incidents by contacting support by email, ticket systems, SMS, Phone.
Our Incident report covers the following data fields not limited to;
SLA Versus attained SLA, causes breaches of agreed IT SLA’s Versus Counter-measures for the elimination of the Incident
Statistical evaluations (number of Incidents over time, resolution times, initial resolution rate, trend analyses)
Technical analysis of important or repetitive Incidents (Description, resolution strategy, elimination, root cause, workaround)

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used KVM hypervisor
How shared infrastructure is kept separate The system provides multi-tenant services with industry-best tenant separation security. we give ownership and control over data by design and provides the ability to secure data in transit/at rest.
Virtual Private Instances — enables the creation of a logically separate network enclave within our network. This provides flexibility, security, and complete control of presence in the cloud. We provide robust logical isolation of all User’s resources by controlling this private environment including the following but not limited dedicated resource per logical instance;
IP addresses
subnets
network access control lists
security groups
operating system firewalls
route tables
VPNs
Internet gateways

Energy efficiency

Energy efficiency
Energy-efficient datacentres No

Pricing

Pricing
Price £250 to £22000 per instance per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Customers are able to try the services for free for a period of 7 days without no obligation to pay but this offering does not come with any professional service except support i.e managed service. Although Customers must cancel their service before the expiration of 7 days.

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑