Infrastructure As Code
We are experts in delivering a complete Infrastructure As Code suite on any popular Cloud Provider (AWS, Azure or GCP) including auto-maintenance and auto-healing. Our max-automated approach help clients achieve highly reliable project infrastructure with resilience, Business Continuity, Disaster Recovery and Monitoring/Alerting bundled together, exploiting full power of cloud technology.
Features
- Private, Public and Hybrid Infrastructure created completely using code.
- Fully and semi automated maintenance.
- Auto-healing issues everywhere possible.
- Physical, virtual and container based and hybrid solutions.
- Zero downtime maintenance and deployment.
- Follow, apply and provide consultation of best practices,
- Provide proactive monitoring of all infrastructure components
- Fully automated and efficient CI/CD pipeline
- Highly modular and portable Infrastructure
- Blue/Green/multi-stream deployment strategy
Benefits
- Infrastructure in minutes.
- Modular design to easily switch between cloud providers.
- Automation reduces manual efforts, time and errors.
- Complete coding reduces thickness of user/developer manuals.
- Proactive monitoring reduces incidents and downtime.
- Multi-stream strategy facilitates zero downtime deployment/regression.
- Dynamic auto-scaling to reduce operating costs.
- IAC + automation +cloud approaches brings in high flexibility.
Pricing
£650 to £1,200 a person a day
Service documents
Request an accessible format
Framework
G-Cloud 12
Service ID
7 4 9 5 9 0 9 4 9 0 3 5 4 1 2
Contact
S2K DevOps
Srinivasan
Telephone: +447590310677
Email: operations@s2ksystems.com
Service scope
- Service constraints
-
The solution(s) we provide are on commercial cloud providers and *if required by clients* on data-centres on client premises. Though we have no constraints on our services, we are constrained on the services provided by the third-parties; however our solutions will include all the necessary resilience, auto-healing, pro-active monitoring/alerting to minimise any impact on the business.
The customer is responsible for agreement and complying with the commercial cloud providers' client agreement and acceptable usage rights which can be found in the corresponding provider service portal. - System requirements
-
- Client pays licence of commercial software/tools *preferred* by them.
- IAC on private cloud requires to be built on VMs.
- Extension/Transformation of legacy systems require complete audit.
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- To be agreed with customer based on the project type, architecture, tools used and customer requirement/SLA.
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Our service delivers auto-management and auto-healing capabilities with highest degree of pro-active monitoring and alerting, needing minimal support and maintenance. We provide complete support during the project delivery phase.
Beyond that, we provide highly flexible support model/levels, always tailored to suit the project architecture, tooling and customer requirement which will be discussed with the customer during the project delivery phase. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- We aim to deliver projects with as much open source, community supported and popular tooling along with custom automation scripts and front-desk solutions. The actual training will be provided based the on project architecture and client requirements, as workshops, videos and/or live documentations (Wiki pages for example).
- Service documentation
- Yes
- Documentation formats
-
- Other
- Other documentation formats
-
- Wiki
- Markdown
- End-of-contract data extraction
- Fully automated mechanisms, that will accept parameters, will be delivered part of the project, for Data extraction, which will be available throughout the life of the project. Clients will be able to perform incremental data extraction as the project runs. However, based on the nature of the project and client requirement, we will be able to assist the clients in the data extraction process.
- End-of-contract process
- Contracts include complete project delivery. Once all the agreed stories, for the given period/number of sprints are delivered, clients will be handed over with all the relevant documentation and access levels. Any additional costs will be discussed with the clients based on requirements.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Based on the projects architecture and requirement there may be one or more web interfaces for users and project maintainers (of the the customer side) usually provided by the tooling deployed to make up the project.
- Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
- Both access through browsers and through API calls will be made available, provided the underlying tool supports those facilities and are relevant to the project. Interface, where possible, will be tied up with a single sign-on system making onboarding new users quick and easy.
- Web interface accessibility testing
- No specific testings have been performed.
- API
- Yes
- What users can and can't do using the API
- API access will be made available to all the tools/systems involved in the project, provided the tools provide an API support and is relevant to the project.
- API automation tools
-
- Ansible
- Terraform
- Other
- Other API automation tools
-
- Packer
- Bash
- Python (with boto)
- Jenkins (along with CI/CD, used as a frontdesk tool too)
- AWS CLI
- API documentation
- Yes
- API documentation formats
-
- Other
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- This will be based on the project architecture and the client requirement.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Our service will be per client service and may not be linked with other clients/users.
- Usage notifications
- Yes
- Usage reporting
-
- API
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- Application specific (error,warning and other) metrics
- Replication lag (as applicable)
- Any successful/unsuccessful login attempts
- Instance restarts
- Reporting types
-
- API access
- Real-time dashboards
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Encryption of all physical media
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Hardware containing data is completely destroyed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files
- Documents/Objects
- Database
- Instance/VM Images
- Docker Images
- All configurations of all the tools
- Log files
- Application data (if not stored in the database)
- Backup controls
- All the process will be scheduled to run/to be triggered from one central location. Relevant interfaces (mostly web), with relevant user access, will be provided either from the underlying tooling or a custom developed front desk to tune/control the schedule and other parameters based on the project requirement.
- Datacentre setup
-
- Multiple datacentres with disaster recovery
- Multiple datacentres
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
- Users can recover backups themselves, for example through a web interface
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
Our solutions include various processes and techniques to ensure zero down time on planned and unplanned maintenance. We include maximum level of auto-healing and pro-active monitoring to eliminate any service unavailability due to Infrastructure faults.
Other SLAs and OLAs to be agreed with clients based on the architecture, requirements and other third party components that may have an impact on the delivered service. - Approach to resilience
- Services are delivered on commercial Cloud and Data-centre providers. Providers with multi region/zone availability will be (recommended to be) chosen for the service delivery. Appropriate processes and configuration techniques will be developed and deployed to deliver a maximum level of resiliency mostly without impacting any running services.
- Outage reporting
-
* Projects dashboard
* Email
* Text messages
* Instant Messaging services (eg. Slack)
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
- User onboarding process involves Role Based Access Control. Access to dedicated delivery managers, leads or scrum masters as agreed by the client.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- Other
- Other security governance standards
- As implemented by the cloud/datacentre providers (AWS, Azure, Google and others).
- Information security policies and processes
- All the hosting partners (major cloud and datacentre providers) have a number of connected governance frameworks in place which control both how they operate and the manner in which they deliver platform (cloud/datacentre) services to our clients. Most of them have been independently assessed and certified against ISO20000, ISO27001, ISO27017 and ISO27018. Integrated suite of information security policies have been deployed by the platform providers.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
All the configuration are treated similar to code and are maintained in the revision control. Changes will be reviewed and tested in various environments before rolling out into the prod. Every bit of the environment will be represented within the revision control; a Prod deployment will be an idempotent exercise to ensure the expected state.
Changes Requests will be raised as per the client requirement and will be rolled out with all the supplier approval. ITIL aligned Service Asset and Configuration Management (SACM) and Change Management processes will be followed. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
As a secure practise, we recommend clients to go through the deployment cycle continuously. Every deployment process will be a complete update of the underlying platform/operating system/software/other applications. Thorough testing will be performed in every environment before it reaches the Prod. This process will be developed to be a single push button one, and as per our principle motto, with no interruption to the services.
In addition, clients directions/advice will be included in the process. - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
Potential compromises will be sensed through our efficient protective monitoring capability built into our service.
Our services include controlled ingress and egress which will prevent intrusions and/or will prevent further compromises. Our preventive measures also include dynamic ip addresses for all the components in the system.
Mechanisms will be included as part of the service delivery to quickly disconnect the service from the external world. Given our solutions are delivered purely through code and fully automated, a very unlikely compromisation can easily be removed by completely destructing the whole infrastructure and bringing up a fresh one in no time. - Incident management type
- Supplier-defined controls
- Incident management approach
-
Incidents are generally identified by proactive monitoring through emails, Instant messaging and/or Text messages. Any other incidents need to be raised are through our emails or telephone.
Incidents are tracked using clients' or our own issue tracking system (Service Now, JIRA, Redmine, Gitlab, Github, Bitbucket - as per client requirement). Progress of the incident, workaround, resolution can be tracked using them. An appropriate problem database will be maintained, should there be a chance of re-occurrence of the incident, if no immediate resolution is available.
Our incident management process will also be connected to the underlying cloudproviders' one.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Third-party
- Third-party virtualisation provider
- AWS, Azure, Google Cloud, UK Cloud and other Cloud/Datacentre provider(s)
- How shared infrastructure is kept separate
- VPCs, Firewalls, Virtual LANs as implemented by the Platform Service provider
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
AWS and Azure use 50%+ renewable energy to power their data centres; they are increasing this proportion every year through their stakes in renewable energy projects across the world.
Other cloud/datacentre providers, we partner with, also bring their fair-share to achieve energy efficiency.
Pricing
- Price
- £650 to £1,200 a person a day
- Discount for educational organisations
- No
- Free trial available
- No