Penta Technology

ePaaS.io - Independent Kubernetes Automation Platform

ePaaS.io provides Enterprise Management for your container workloads, Kubernetes and Cloud native environments.

One-click deployment of k8 Clusters, Istio, your k8 micro services Pods, plus your underlying pre designed or bespoke AWS, Azure and Google Cloud environments.

Features

  • Runs in AWS | Azure | Google | Bare Metal
  • Consistent Kubernetes Version Across all Providers
  • Auto Scaling & Auto Healing
  • Service Mesh
  • Dedicated or Shared Clusters
  • Granular Access Controls
  • Built Using Automation
  • Suitable for Dev / Test or Production
  • Simple to Use and Highly Configurable
  • 100% Owned British Technology

Benefits

  • FREE for UK Gov Subject To Terms
  • Helps turn Public Cloud Vendors into a Commodity Service
  • Zero Vendor Lock In - Source Code Available!
  • Build Once, One-Click Deploy Anywhere
  • Proven Automation Productivity Gains of over 50%

Pricing

£175 a unit a day

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@penta.technology. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 5 2 7 1 6 3 2 4 7 1 1 7 1 8

Contact

Penta Technology Ian Peterson
Telephone: 020 8647 3999
Email: ian@penta.technology

Service scope

Service constraints
Our platform is often provided on top of 3rd party Cloud provider services. Any constrains of the underling 3rd party service will be highlighted and discussed before engagement of our service.
System requirements
A reliable internet service is required

User support

Email or online ticketing support
Email or online ticketing
Support response times
We have numerous service levels packages to suit all of customers requirements no matter how onerous.
Our basic package is Monday to Friday UK office hours with a 2 hour response time.
However, to be clear, we can accommodate any response time required including weekends and out of office hours.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
In our experience, customers that understand and are experienced in cloud infrastructure and the terminology, need little support. Furthermore, if they are using our software they find it intuitive to use. Invariably, if these type of customers do need our help it is for more strategic advice around the architecture and design of the system(s) they are building. Often customer also ask for our help with populating the Service Catalogue with their own unique service deployments - over and above the Services we provide as standard. We are happy to help in anyway we can and can offer support either remotely or on-site. Our prices are listed in the UK Government SFIA rate card.
At a more basic and tactical level, our standard online and telephone support services are more than adequate to get teams being highly productive on their own. We provide a mixture of account manager and cloud support engineers depending on the individual needs of the customer.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Our preferred approach is always to start with the free option, whereby we assign a dedicated cloud engineer, to the support the customers main user, and help with set-up and basic navigation of ePaaS.io software. In this way we gain a better understanding of the aims and objectives of our customer and can offer best-practice design patterns and advice (essentially free consultancy).
All of this is done remotely along with, if necessary, access to further online support staff and/or basic written user documentation.
We can also offer on-site training but this is not included as standard in the free on-boarding option.
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
Markdown
End-of-contract data extraction
All of your data, such as log files, or config commands, are easily accessible and retrievable at any stage of the engagement including when off-boarding. We are happy to sign an SLA that specifies precisely how that process would work best for UK Government at end-of-contract stage.
End-of-contract process
The off-boarding process is straightforward. Customers need to provide notification in line with our Terms and Conditions document. The services are terminated and all data is given back to our customer and deleted on our side. If customers wish for the services to be transitioned to a new provider, this work is charged on a time and materials basis. Any IP assets that were not offered for free that belong to Penta Technology will be removed prior to the transfer, but ALL environments will be left in an operational state.

Using the service

Web browser interface
Yes
Using the web interface
Users need to register and set up an account. They can then select the services they want from a pre-populated catalogue or add in their own service by configuring the service metadata using a form. Users can only access their own services.
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
Web interface testing has been undertaken using an external agency. When substantial changes are made, the agency is engaged to re-test and re-establish compliance.
API
Yes
What users can and can't do using the API
Users need to register and set up an account. They can then select the services they want from a pre-populated catalogue or add in their own service by configuring the service metadata using a form. Users can only access their own services. Integrations can be provides into change management tools such as ServiceNow.
API automation tools
  • Ansible
  • Terraform
API documentation
Yes
API documentation formats
Open API (also known as Swagger)
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Automatic
Independence of resources
Each customer has limits put on their resource utilisation and this ensures that individual customers can't consume resources that have been allocated to other customers. Overall resource capacity however autoscales to ensure customers have 'headroom' for usage peaks.
Usage notifications
Yes
Usage reporting
Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Databases
  • Files Systems
  • K8s Cluster State etc
  • ElasticSearch
  • Message Queues etc
Backup controls
The backups are managed by the underlying cloud service or by the service itself. The backup schedules are made available to customers, who can request changes via a support ticket.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
The service availability is predicated on AWS availability SLAs (see https://aws.amazon.com/compute/sla/). The service is therefore engineered to mirror the AWS availability of 99.99%.
Approach to resilience
The service availability is predicated on AWS availability SLAs (see https://aws.amazon.com/compute/sla/). The service is therefore engineered to mirror the AWS availability of 99.99%.
Outage reporting
Outage alerts are by email.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
See PT-P06 - Access Control And Authentication Policy 1.0,
PT-P07 - Physical Access Control Policy 1.0
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Penetration Test

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
We align to ISO 27001, with compliance with our security policies and standards.
Information security policies and processes
EPaaS-Platform-Architecture-Design-1.0-FINAL
PT-P01 - Information Security Policy 1.0
PT-P02 - Risk Management Policy 1.0
PT-P03 - Audit - Monitoring Policy and Standard 1.0
PT-P04 - Sensitive Data Handling & Storage Policy 1.0
PT-P05 - Sensitive Data Security Policy 1.0
PT-P06 - Access Control And Authentication Policy 1.0
PT-P07 - Physical Access Control Policy 1.0
PT-P08 - Network Management Policy 1.0
PT-P09 - Network Security Testing Policy 1.0
PT-P10 - Change Control Policy 1.0
PT-P11 - Remote Access Policy 1.0
PT-P12 - Third-Party-Service-Providers-Policy 1.0
PT-P13 - Intrusion Detection Policy 1.0
PT-P14 - AntiMalware Policy 1.0
PT-P15 - Software Development Policy 1.0
PT-P16 - Software-Security-Testing-Policy 1.0
PT-P17 - Wireless Security Policy 1.0
PT-P19 - Laptop And Mobile Device Policy 1.0
PT-P20 - Acceptable Use Policy 1.0
PT-P21 - Incident Management Policy 1.0
PT-P22 - User Awareness Policy 1.0
PT-P23 - GDPR Data Mapping and Compliance Policy 1.0
PT-P24 - GDPR Internal Data Handling Policy 1.0
PT-P25 - BCM Policy 1.0
PT-P26 - GDPR Data Subjects Rights Policy 1.0
PT-P27 - Encryption Key Management Policy 1.0
PT-P28 - Counter Fraud Policy 1.0
PT-P29 - Employment Vetting Policy 1.0
PT-P30 - Patch Management Policy 1.0
PT-PL01 - BCDR Plan 1.0

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
See PT-P10 - Change Control Policy 1.0
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
See PT-P30 - Patch Management Policy 1.0, PT-P16 - Software-Security-Testing-Policy 1.0, PT-P02 - Risk Management Policy 1.0
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
See PT-P13 - Intrusion Detection Policy 1.0, PT-P21 - Incident Management Policy 1.0
Incident management type
Supplier-defined controls
Incident management approach
See PT-P21 - Incident Management Policy 1.0

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
AWS virtualisation, with Kubernetes Namespaces and k8 ACLs with RBAC, plus end point TLS encryption and Auth.
How shared infrastructure is kept separate
AWS virtualisation, with Kubernetes Namespaces and k8 ACLs with RBAC, plus end point TLS encryption and Auth.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Our platform utilises other companies Cloud data centres. These are, most often, the worlds leading and most modern data centres such AWS or Azure. For more details on how these companies adhere to EU's code of conducts please contact Amazon Web Services or Microsoft Azure etc.

Pricing

Price
£175 a unit a day
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
For UK Government Departments we offer the underlying Kubernetes automation platform for free along with a number of fully automated catalogue items for deployment. Any out of hours support, or further consultancy/engineering/configuration work will be charged on a T&M basis as detailed in our SFIA pricing document.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ian@penta.technology. Tell them what format you need. It will help if you say what assistive technology you use.