Penta Technology

ePaaS.io Service Manager - for Kubernetes Platforms

ePaaS.io Service Manager provides Enterprise Management for your container workloads, Kubernetes and Cloud native environments.

Cost management, analysis and budgeting for your estate via the control plane which also manages your Networks, Servers, Kubernetes Clusters, Applications, Services and Components.

Features

• Run in own cloud account, datacentre or our hosted version
• Simple, easy-to-use, web GUI
• Multiple Organisations
• Cost Management/Analysis/Budgeting and Complex Cross Charging
• Enterprise Asset View & Monitoring
• Roll out, Update and Remove Assets
• Change and Version Management
• Dependency Management
• Simple to Use and Highly Configurable
• 100% Owned British Technology

Benefits

• FREE for UK Gov Subject To Terms
• Helps turn Public Cloud Vendors into a Commodity Service
• Zero Vendor Lock In - Source Code Available!
• Works with existing Cloud and Kubernetes IT Estates
• Proven Automation Productivity Gains of over 50%

£175 a unit a day

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@penta.technology. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

721752901146230

Contact

Ian Peterson
020 8647 3999
ian@penta.technology

Service scope

• Service constraints: Our platform is often provided on top of 3rd party Cloud provider services. Any constrains of the underling 3rd party service will be highlighted and discussed before engagement of our service.
• System requirements: A reliable internet service is required

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We have numerous service levels packages to suit all of customers requirements no matter how onerous.; Our basic package is Monday to Friday UK office hours with a 2 hour response time.; However, to be clear, we can accommodate any response time required including weekends and out of office hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: In our experience, customers that understand and are experienced in cloud infrastructure and the terminology, need little support. Furthermore, if they are using our software they find it intuitive to use. Invariably, if these type of customers do need our help it is for more strategic advice around the architecture and design of the system(s) they are building. Often customer also ask for our help with populating the Service Catalogue with their own unique service deployments - over and above the Services we provide as standard. We are happy to help in anyway we can and can offer support either remotely or on-site. Our prices are listed in the UK Government SFIA rate card.; At a more basic and tactical level, our standard online and telephone support services are more than adequate to get teams being highly productive on their own. We provide a mixture of account manager and cloud support engineers depending on the individual needs of the customer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Our preferred approach is always to start with the free option, whereby we assign a dedicated cloud engineer, to the support the customers main user, and help with set-up and basic navigation of ePaaS.io software. In this way we gain a better understanding of the aims and objectives of our customer and can offer best-practice design patterns and advice (essentially free consultancy).; All of this is done remotely along with, if necessary, access to further online support staff and/or basic written user documentation.; We can also offer on-site training but this is not included as standard in the free on-boarding option.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Markdown
• End-of-contract data extraction: All of your data, such as log files, or config commands, are easily accessible and retrievable at any stage of the engagement including when off-boarding. We are happy to sign an SLA that specifies precisely how that process would work best for UK Government at end-of-contract stage.
• End-of-contract process: The off-boarding process is straightforward. Customers need to provide notification in line with our Terms and Conditions document. The services are terminated and all data is given back to our customer and deleted on our side. If customers wish for the services to be transitioned to a new provider, this work is charged on a time and materials basis. Any IP assets that were not offered for free that belong to Penta Technology will be removed prior to the transfer, but ALL environments will be left in an operational state.

Using the service

• Web browser interface: Yes
• Using the web interface: Users need to register and set up an account. They can then select the services they want from a pre-populated catalogue or add in their own service by configuring the service metadata using a form. Users can only access their own services.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Web interface testing has been undertaken using an external agency. When substantial changes are made, the agency is engaged to re-test and re-establish compliance.
• API: Yes
• What users can and can't do using the API: Users need to register and set up an account. They can then select the services they want from a pre-populated catalogue or add in their own service by configuring the service metadata using a form. Users can only access their own services. Integrations can be provides into change management tools such as ServiceNow.
• API automation tools:
  • Ansible
  • Terraform
• API documentation: Yes
• API documentation formats: Open API (also known as Swagger)
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Each customer has limits put on their resource utilisation and this ensures that individual customers can't consume resources that have been allocated to other customers. Overall resource capacity however autoscales to ensure customers have 'headroom' for usage peaks.
• Usage notifications: Yes
• Usage reporting: Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types: Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Databases
  • Files Systems
  • K8s Cluster State etc
  • ElasticSearch
  • Message Queues etc
• Backup controls: The backups are managed by the underlying cloud service or by the service itself. The backup schedules are made available to customers, who can request changes via a support ticket.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: The service availability is predicated on AWS availability SLAs (see https://aws.amazon.com/compute/sla/). The service is therefore engineered to mirror the AWS availability of 99.99%.
• Approach to resilience: The service availability is predicated on AWS availability SLAs (see https://aws.amazon.com/compute/sla/). The service is therefore engineered to mirror the AWS availability of 99.99%.
• Outage reporting: Outage alerts are by email.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: See PT-P06 - Access Control And Authentication Policy 1.0,; PT-P07 - Physical Access Control Policy 1.0
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Penetration Test

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: We align to ISO 27001, with compliance with our security policies and standards.
• Information security policies and processes: EPaaS-Platform-Architecture-Design-1.0-FINAL; PT-P01 - Information Security Policy 1.0; PT-P02 - Risk Management Policy 1.0; PT-P03 - Audit - Monitoring Policy and Standard 1.0; PT-P04 - Sensitive Data Handling & Storage Policy 1.0; PT-P05 - Sensitive Data Security Policy 1.0; PT-P06 - Access Control And Authentication Policy 1.0; PT-P07 - Physical Access Control Policy 1.0; PT-P08 - Network Management Policy 1.0; PT-P09 - Network Security Testing Policy 1.0; PT-P10 - Change Control Policy 1.0; PT-P11 - Remote Access Policy 1.0; PT-P12 - Third-Party-Service-Providers-Policy 1.0; PT-P13 - Intrusion Detection Policy 1.0; PT-P14 - AntiMalware Policy 1.0; PT-P15 - Software Development Policy 1.0; PT-P16 - Software-Security-Testing-Policy 1.0; PT-P17 - Wireless Security Policy 1.0; PT-P19 - Laptop And Mobile Device Policy 1.0; PT-P20 - Acceptable Use Policy 1.0; PT-P21 - Incident Management Policy 1.0; PT-P22 - User Awareness Policy 1.0; PT-P23 - GDPR Data Mapping and Compliance Policy 1.0; PT-P24 - GDPR Internal Data Handling Policy 1.0; PT-P25 - BCM Policy 1.0; PT-P26 - GDPR Data Subjects Rights Policy 1.0; PT-P27 - Encryption Key Management Policy 1.0; PT-P28 - Counter Fraud Policy 1.0; PT-P29 - Employment Vetting Policy 1.0; PT-P30 - Patch Management Policy 1.0; PT-PL01 - BCDR Plan 1.0

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: See PT-P10 - Change Control Policy 1.0
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: See PT-P30 - Patch Management Policy 1.0, PT-P16 - Software-Security-Testing-Policy 1.0, PT-P02 - Risk Management Policy 1.0
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: See PT-P13 - Intrusion Detection Policy 1.0, PT-P21 - Incident Management Policy 1.0
• Incident management type: Supplier-defined controls
• Incident management approach: See PT-P21 - Incident Management Policy 1.0

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: AWS virtualisation, with Kubernetes Namespaces and k8 ACLs with RBAC, plus end point TLS encryption and Auth.
• How shared infrastructure is kept separate: AWS virtualisation, with Kubernetes Namespaces and k8 ACLs with RBAC, plus end point TLS encryption and Auth.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Our platform utilises other companies Cloud data centres. These are, most often, the worlds leading and most modern data centres such AWS or Azure. For more details on how these companies adhere to EU's code of conducts please contact Amazon Web Services or Microsoft Azure etc.

Pricing

• Price: £175 a unit a day
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: For UK Government Departments we offer the underlying Kubernetes automation platform for free along with a number of fully automated catalogue items for deployment. Any out of hours support, or further consultancy/engineering/configuration work will be charged on a T&M basis as detailed in our SFIA pricing document.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@penta.technology. Tell them what format you need. It will help if you say what assistive technology you use.