S2K DevOps

Automated Cloud Infrastructure

We are experts in delivering a complete Infrastructure As Code suite on any popular Cloud Provider (AWS, Azure or GCP) including auto-maintenance and auto-healing. Our max-automated approach help clients achieve highly reliable project infrastructure with resilience, Business Continuity, Disaster Recovery and Monitoring/Alerting bundled together, exploiting full power of cloud technology.

Features

  • Private, Public and Hybrid Infrastructure created completely using code.
  • Fully and semi automated maintenance.
  • Auto-healing issues everywhere possible.
  • Physical, virtual and container based and hybrid solutions.
  • Zero downtime maintenance and deployment.
  • Follow, apply and provide consultation of best practices,
  • Provide proactive monitoring of all infrastructure components
  • Fully automated and efficient CI/CD pipeline
  • Highly modular and portable Infrastructure
  • Blue/Green/multi-stream deployment strategy

Benefits

  • Infrastructure in minutes.
  • Modular design to easily switch between cloud providers.
  • Automation reduces manual efforts, time and errors.
  • Complete coding reduces thickness of user/developer manuals.
  • Proactive monitoring reduces incidents and downtime.
  • Multi-stream strategy facilitates zero downtime deployment/regression.
  • Dynamic auto-scaling to reduce operating costs.
  • IAC + automation +cloud approaches brings in high flexibility.

Pricing

£650 to £1,200 a person a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at operations@s2ksystems.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 6 4 6 7 6 2 2 5 0 4 9 2 6 7

Contact

S2K DevOps Srinivasan
Telephone: +447590310677
Email: operations@s2ksystems.com

Service scope

Service constraints
The solution(s) we provide are on commercial cloud providers and *if required by clients* on data-centres on client premises. Though we have no constraints on our services, we are constrained on the services provided by the third-parties; however our solutions will include all the necessary resilience, auto-healing, pro-active monitoring/alerting to minimise any impact on the business.
The customer is responsible for agreement and complying with the commercial cloud providers' client agreement and acceptable usage rights which can be found in the corresponding provider service portal.
System requirements
  • Client pays licence of commercial software/tools *preferred* by them.
  • IAC on private cloud requires to be built on VMs.
  • Extension/Transformation of legacy systems require complete audit.

User support

Email or online ticketing support
Email or online ticketing
Support response times
To be agreed with customer based on the project type, architecture, tools used and customer requirement/SLA.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Our service delivers auto-management and auto-healing capabilities with highest degree of pro-active monitoring and alerting, needing minimal support and maintenance. We provide complete support during the project delivery phase.

Beyond that, we provide highly flexible support model/levels, always tailored to suit the project architecture, tooling and customer requirement which will be discussed with the customer during the project delivery phase.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We aim to deliver projects with as much open source, community supported and popular tooling along with custom automation scripts and front-desk solutions. The actual training will be provided based the on project architecture and client requirements, as workshops, videos and/or live documentations (Wiki pages for example).
Service documentation
Yes
Documentation formats
  • PDF
  • Other
Other documentation formats
  • Wiki
  • Markdown
End-of-contract data extraction
Fully automated mechanisms, that will accept parameters, will be delivered part of the project, for Data extraction, which will be available throughout the life of the project. Clients will be able to perform incremental data extraction as the project runs. However, based on the nature of the project and client requirement, we will be able to assist the clients in the data extraction process.
End-of-contract process
Contracts include complete project delivery. Once all the agreed stories, for the given period/number of sprints are delivered, clients will be handed over with all the relevant documentation and access levels. Any additional costs will be discussed with the clients based on requirements.

Using the service

Web browser interface
Yes
Using the web interface
Based on the projects architecture and requirement there may be one or more web interfaces for users and project maintainers (of the the customer side) usually provided by the tooling deployed to make up the project.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Both access through browsers and through API calls will be made available, provided the underlying tool supports those facilities and are relevant to the project. Interface, where possible, will be tied up with a single sign-on system making onboarding new users quick and easy.
Web interface accessibility testing
No specific testings have been performed.
API
Yes
What users can and can't do using the API
API access will be made available to all the tools/systems involved in the project, provided the tools provide an API support and is relevant to the project.
API automation tools
  • Ansible
  • Terraform
  • Other
Other API automation tools
  • Packer
  • Bash
  • Python (with boto)
  • Jenkins (along with CI/CD, used as a frontdesk tool too)
  • AWS CLI
API documentation
Yes
API documentation formats
  • PDF
  • Other
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
This will be based on the project architecture and the client requirement.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Our service will be per client service and may not be linked with other clients/users.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Application specific (error,warning and other) metrics
  • Replication lag (as applicable)
  • Any successful/unsuccessful login attempts
  • Instance restarts
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Documents/Objects
  • Database
  • Instance/VM Images
  • Docker Images
  • All configurations of all the tools
  • Log files
  • Application data (if not stored in the database)
Backup controls
All the process will be scheduled to run/to be triggered from one central location. Relevant interfaces (mostly web), with relevant user access, will be provided either from the underlying tooling or a custom developed front desk to tune/control the schedule and other parameters based on the project requirement.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
Scheduling backups
Users schedule backups through a web interface
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Our solutions include various processes and techniques to ensure zero down time on planned and unplanned maintenance. We include maximum level of auto-healing and pro-active monitoring to eliminate any service unavailability due to Infrastructure faults.
Other SLAs and OLAs to be agreed with clients based on the architecture, requirements and other third party components that may have an impact on the delivered service.
Approach to resilience
Services are delivered on commercial Cloud and Data-centre providers. Providers with multi region/zone availability will be (recommended to be) chosen for the service delivery. Appropriate processes and configuration techniques will be developed and deployed to deliver a maximum level of resiliency mostly without impacting any running services.
Outage reporting
* Projects dashboard
* Email
* Text messages
* Instant Messaging services (eg. Slack)

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
User onboarding process involves Role Based Access Control. Access to dedicated delivery managers, leads or scrum masters as agreed by the client.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
As implemented by the cloud/datacentre providers (AWS, Azure, Google and others).
Information security policies and processes
All the hosting partners (major cloud and datacentre providers) have a number of connected governance frameworks in place which control both how they operate and the manner in which they deliver platform (cloud/datacentre) services to our clients. Most of them have been independently assessed and certified against ISO20000, ISO27001, ISO27017 and ISO27018. Integrated suite of information security policies have been deployed by the platform providers.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All the configuration are treated similar to code and are maintained in the revision control. Changes will be reviewed and tested in various environments before rolling out into the prod. Every bit of the environment will be represented within the revision control; a Prod deployment will be an idempotent exercise to ensure the expected state.

Changes Requests will be raised as per the client requirement and will be rolled out with all the supplier approval. ITIL aligned Service Asset and Configuration Management (SACM) and Change Management processes will be followed.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As a secure practise, we recommend clients to go through the deployment cycle continuously. Every deployment process will be a complete update of the underlying platform/operating system/software/other applications. Thorough testing will be performed in every environment before it reaches the Prod. This process will be developed to be a single push button one, and as per our principle motto, with no interruption to the services.

In addition, clients directions/advice will be included in the process.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises will be sensed through our efficient protective monitoring capability built into our service.
Our services include controlled ingress and egress which will prevent intrusions and/or will prevent further compromises. Our preventive measures also include dynamic ip addresses for all the components in the system.
Mechanisms will be included as part of the service delivery to quickly disconnect the service from the external world. Given our solutions are delivered purely through code and fully automated, a very unlikely compromisation can easily be removed by completely destructing the whole infrastructure and bringing up a fresh one in no time.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are generally identified by proactive monitoring through emails, Instant messaging and/or Text messages. Any other incidents need to be raised are through our emails or telephone.

Incidents are tracked using clients' or our own issue tracking system (Service Now, JIRA, Redmine, Gitlab, Github, Bitbucket - as per client requirement). Progress of the incident, workaround, resolution can be tracked using them. An appropriate problem database will be maintained, should there be a chance of re-occurrence of the incident, if no immediate resolution is available.

Our incident management process will also be connected to the underlying cloudproviders' one.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
AWS, Azure, Google Cloud, UK Cloud and other Cloud/Datacentre provider(s)
How shared infrastructure is kept separate
VPCs, Firewalls, Virtual LANs as implemented by the Platform Service provider

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
AWS and Azure use 50%+ renewable energy to power their data centres; they are increasing this proportion every year through their stakes in renewable energy projects across the world.

Other cloud/datacentre providers, we partner with, also bring their fair-share to achieve energy efficiency.

Pricing

Price
£650 to £1,200 a person a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at operations@s2ksystems.com. Tell them what format you need. It will help if you say what assistive technology you use.