Luminis U.K. Ltd

Luminis Cloud Run Time Infrastructure (RTI) Service

Cloud RTI helps organisations develop and deploy applications in the cloud. Using an open source framework, Cloud RTI supports the full application development lifecycle and any form of deployment strategy. It allows the freedom to migrate between PaaS and IaaS providers by connecting your infrastructure with your application-specific platform layers.


  • Innovative multi-tenant application deployment and hosting
  • Robust clustering capability giving high availability applications
  • Supports any application deployable in a Docker container
  • Centralised application monitoring and logging via customisable dashboard
  • Supports most public cloud infrastructure including Azure and Amazon
  • Supports on premise infrastructure and hybrid solutions
  • Provides “blue-green” application upgrades with zero down-time
  • Provides dynamic scaling of cluster node counts
  • Provides clustered, highly available, backed up storage
  • Supports fully customisable and automated DTAP approaches


  • Enables value for money by removing infrastructure constraints
  • Reduces migration burden between private and public clouds
  • Reduces application management overhead
  • Improves productivity by eliminating IDE and sandbox constraints
  • Improves productivity through increased application availability
  • Saves time through simplified scaling up or down
  • Gives peace of mind by automatically restarting failed nodes
  • Saves time by simplifying application error identification
  • Increases efficiency through server monitoring via central dashboard
  • Speeds up application upgrading with no down time


£449 per unit per month

  • Free trial available

Service documents

G-Cloud 11


Luminis U.K. Ltd

Mathew Wilson

+44 (0) 7934 864 472

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Customer applications must be able to run in a Docker container and must run under the Linux or Windows Server operating system.
System requirements
  • Requires Microsoft Azure or customer provided cloud infrastructure
  • Applications must run in a Docker container
  • Applications must run under Linux or Windows Server operating system
  • For small, medium, large instances: CPUs/RAM/Disk as follows
  • Small without Mongo: three nodes with 1CPU/2GB/4GB
  • Small with Mongo: three nodes with 1CPU/2GB/40GB
  • Medium without Mongo: three nodes with 1CPU/4GB/8GB
  • Medium with Mongo: three nodes with 1CPU/14GB/300GB
  • Large without Mongo: three nodes with 2CPU/8GB /16GB
  • Large with Mongo: three nodes with 2CPU/28GB/600GB

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Luminis provides Bronze, Silver and Gold level support. Bronze level is included in the price. For details of the three support service levels, please see Section 2.5 of the Service Definition. For pricing for the three support service levels, please see the Pricing Document. We can arrange for onsite support within 5 working days based on the day rates shown in our SFIA document. All support matters are handled via the Luminis support desk.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AAA
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Luminis provides Bronze, Silver and Gold level support. Bronze level is included in the price. For details of the three support service levels, please see Section 2.5 of the Service Definition. For pricing for the three support service levels, please see the Pricing Document.
We can arrange for onsite support within 5 working days based on the day rates shown in our SFIA document.
All support matters are handled via the Luminis support desk.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Preparation of physical infrastructure; configuration and test of user access; optional configuration a load balancer; optional configuration automated backup and recovery; configuration of metering and billing.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Retrieval and back-up of customer applications and data are available on a consultancy basis.
End-of-contract process At any time, the Cloud RTI user can un-deploy an application with a few clicks. The customer gives Luminis one month’s notice of cancellation of the Cloud RTI service and, at the end of that month, the service will be switched off.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices No
What users can and can't do using the API Users can:
- Create, retrieve, update and delete deployment descriptors
- Perform an application deployment using a deployment descriptor
- Retrieve information on current application deployments
- Redeploy a reconfigured or updated application
- Remove a deployed application
- Retrieve application logs
- Retrieve application status and health check information
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Customisation is performed as part of the on-boarding process.


Independence of resources Cloud RTI provides either dedicated hardware or multi-tenancy with guaranteed resource allocations.


Service usage metrics Yes
Metrics types By default, CPU, memory and number of active instances are provided. Any metric can be provided by including probes within application software. This includes but is not limited to disk usage, network status, application health and any application resource usage.
Reporting types Real-time dashboards


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Data can be exported on arrangement with the support team.
Data export formats Other
Other data export formats JSON
Data import formats Other
Other data import formats
  • Application deployment descriptors can be uploaded in JSON format
  • Applications can be uploaded as Docker images

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks TLS (version 1.2 or above)
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability 99.8% uptime
Approach to resilience Applications are automatically replicated in two or more servers. When one of these fails, another instance is automatically started to maintain the replication count. The application remains available throughout this process.
Outage reporting Failures are reported in the online dashboard.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels Authentication as with standard users, plus role-based authorisation. Some channels involve use of interfaces, such as command line, which is not available to standard users.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Username or password
  • Other
Description of management access authentication N/A

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Security governance for Luminis concentrates on the security aspects of its software products.
Information security policies and processes All Luminis software products follow industry standard practices for data security, including encryption of data in movement and data at rest, as well as user authentication and authorisation. We use extensive peer review of software design and implementation to ensure the robustness of all our products, including the security related aspects.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We track the status, location and configuration of service components throughout their lifetime. Changes to the service are assessed for potential security impact and are managed and tracked through to completion.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Potential threats, vulnerabilities or exploitation techniques which could affect the service are assessed, and corrective actions are taken. We monitor relevant sources of information relating to threat, vulnerability and exploitation techniques. The severity of threats and vulnerabilities are considered and we use this information to prioritise implementation of mitigations.
Protective monitoring type Supplier-defined controls
Protective monitoring approach All information to support protective monitoring is held in the system logs. A sophisticated search facility on system logs allows extraction of this information.
Incident management type Supplier-defined controls
Incident management approach We have a defined process for reporting security incidents experienced by consumers and external entities. We publish to consumers our definition of a security incident, along with the format, incident triggers and timescales for reporting such incidents.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £449 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Cloud RTI can be trialled for up to 30 days by arrangement with Luminis.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑