Service Definition Document GCloud 7 : Product : G7 3.LAMP.008 Summary Secure LAMP Application Server Service Secure managed Web Software service, deliverying a LAMP application Service. Supports a wide range of web based applications( php, or perl based ) in a patched, secured container service. Provides a range of security features to provide a resilient platform, Includes Servide Desk integration to support wider resolver groups. Service Type Service IT management Software development tools Sector Features A configured, managed LAMP based application service. Provides additional Apache2 hardening including modsecurity, modevasive Includes optional Mysql or MariaDb databases support Build Server configuration, to ensure simple, repeatable, secure deployments. Secured, audited, managed, and under configuration control. Available in a range of sizes and configurations Resilience and Highly Available configurations, to support service levels. Self administer via Web interface, or via a managed service. Regular Service monitoring to help scale resources or services. Service includes regular patches, daily backups, support. Debian/Ubuntu based platform for easy of management, configuration and flexibility. Works with Skyscape, AWS and internal private clouds. Benefits Ensures repeatability in deployment of your application. Easy to move infrastructure deployment from Development, Test to Production Remove repeated manual steps from Infrastructure build, test and deployments Enables easy to scale up and out of Cloud services Viewdeck Secure Server platform, an NSA compliant VM build Swift and simple roll out of server changes to multiple servers Available for Web and Tier 1 services Suitable for Public, Private, Shared Cloud environments Hardened Tested stable platform. Key Components
Key Components Product Description License Open Source Viewdeck Secure Server Ubuntu 14.04LTS secure Free software licenses Y Platform server build (mainly GPL) Complementary Products and Services Viewdeck Management Domain Service Viewdeck Secure Application Server Service Client Access Browser Firefox, Google Chrome, Safari, or Internet Explorer (versions 9 or better) Dependencies A Viewdeck Patch Server is a requirement to provide a patch service and Virus/Rootkit signatures upgrades. A Viewdeck Log Server is a requirement to provide event monitoring for the service. A Viewdeck Monitor Service is required to provide availability and host health check monitoring Backup Solution providing secure offline remote cloud based storage is required. The Viewdeck Backup Service provides a suitable service. The Secure Mail Server with connectivity to the secure administration mailbox providing alerting and reporting from the hosts. Secure Remote Administrator Access via a suitable secure network. This will vary depending on the hosting environment. Description The Secure LAMP Application Server Service is a fully managed virtual software solution to provide a service for your applications, in a managed, secured, audited, patched environment. During the on boarding process, your application will be added to the Build service, and integrated into a controlled environment to provide a simple, managed application delivery capability. The Service includes 2nd or 3rd line support integration of the service and integrates the service desk function into any third party resolver groups ( ie application related support tickets are managed/handed off to your nominated application provider/maintainer ). The service supports standard web package ( html, php, perl ) sites. Integration and auto deployment from GIT based services is also supported. Pricing Pricing Options Vat Included [ No ]
Education Pricing Trial Option Free Option [ No ] [ No ] Terms and Conditions Minimum contract Period Month Support Service Desk Email Phone Live Chat Onsite Details Support Accessible to any Third Party Suppliers Support Availability Standard support response times From Mon Fri 9 5, to 24 hours/day 7 Days Week 1hrs for P1's, 2hrs generally Incident escalation process available Notes Extended hours support and hybrid support models available. Open Standards Open standards supported and documented Viewdeck SaaS services are all built on the Open Standards principles. Documentation and standards as provided by the community, solution providers and where appropriate further listed in the Service Descriptions. Onboarding and Offboaring Service onboarding process included Service offboarding process included
Service offboarding process included On boarding process limited to integration and set up between service processes and desks. Additional documentation, accreditation, service testing is available as an additional service. Analytics Real time management information available Analytic's are available from the Viewdeck Monitoring Service, a component available elsewhere on the catalogue. Cloud Features Elastic cloud approach supported Guaranteed resources defined Persistent storage supported Persistent Storage is dependent on the hosting solution and deployed services. The Viewdeck Backup Service provides a Persistent Storage solution for virtual cloud hosting services. Provisioning Self service provisioning supported [ No ] Service provisioning time Service deprovisioning time From 1 Day to 1 Month depending on complexity and Hosting option/model. One Week Excludes provision of crypto, and communications services outside those provided natively by the Hosting provider. It assume full access and availability to Hosting environment if a private cloud solution is used. Open Source Open source software used and supported No proprietary licenses used by default. Major software components are documented further in the Service Descriptions. Code Libraries Languages your code libraries are Ruby, Perl, Php, Python, Bash
Languages your code libraries are written in Ruby, Perl, Php, Python, Bash API Access API access available and supported API Type Web, REST, SOAP, CLI/JSON Networks and Connectivity Internet PSN Gsi PNN N3 JANET Other Access Supported Web Browsers IE6 IE7 IE8 IE9 IE10+ Firefox Chrome Safari Opera Offline working and syncing supported [ No ] Supported Devices PC Mac Smartphone
Tablet Browser based access to all services. Certifications Vendor certification(s) None Appropriate. Identity Standards Identity Standards LDAP/AD, Kerberos dependent on solution option chosen. Data Storage Data Centres Datacentres adhere to the EU code of conduct for energy efficient datacentres User defined data location Data Centre Tier Accreditation TIA 942 Tier3 Service Continuity Backup, disaster recovery and resilience plan in place Data extraction/removal plan in place We provide a range of solutions, available in differing hosting locations. Each has its own Codes of Conduct and Accreditation. Data in transit Protection Data protection between user device and service Encrypted PSN service PSN service CPA Foundation VPN Gateway
CPA Foundation VPN Gateway VPN using TLS, version 1.2 or later VPN using legacy SSL or TLS No encryption independent validation of assertion Encrypted PSN services are available for IL3/Tier 1 / Enhanced deployments. PSN services are available for IL2/Official/ Assured tier 1 based solutions. VPN technology is available across all environments where required. Asset Protection And Resilience Datacentre location UK EU USA Safe Harbor Other Countries with data Protection treaties Rest of World Independent Validation of Assertion Data management location UK EU USA Safe Harbor Other Countries with data Protection treaties Rest of World Independent Validation of Assertion Legal jurisdiction of service provider UK EU USA Safe Harbor
Other Countries with data Protection treaties Rest of World Datacentre protection Physical Security [Yes] Independent Validation of Assertion Data at rest protection CPA Foundation grade assured components FIPS assured encryption Other encryption Secure containers, racks or cages Physical access control No protection independent validation of assertion Secure data deletion Product Assurance Other erasure process independent validation of assertion Availability Percentage 99.95% Availability of SaaS is based on the assumption that solution is configured and operating in a resilient/high available configuration. Viewdeck provided management domain control over functions like DNS, Monitoring, Event Monitoring etc are assumed to be part of the overall capability to achieve these service levels. Erasure of content is a service provided by the underlying hosting provider and dependent on the hosting platform option chosen. Separation Between Consumers Cloud deployment model Community Cloud Independent Validation of Assertion
Type of Consumer Only Government Consumers Independent Validation of Assertion Services Separation Services Management Separation These separation options are dependent on the hosting platform option chosen, and whether a shared or dedicated deployment model is used. Governance Governance framework Do you have a governance framework and process in place for the service, eg ISO27001:2013? [ No ] All cloud providers have an ISO27001:2013 Governance Framework or equivalent. Private hosting options do not guarantee such qualification. Services separation and Service Management separation are both options to the Service. Configuration And Change Management Change impact assessment Are changes to the service assessed for potential security impact, and are changes managed and tracked through to completion? Agile delivery, impact assessed by all delivery teams, through a traditional Dev(test) >UAT(test) >Production, following an agile change release process. Vulnerability Management Vulnerability Assessment Are potential threats, vulnerabilities or exploitation techniques which could affect the service assessed, and are corrective actions taken? Vulnerability Monitoring Do you monitor relevant sources of information
Vulnerability Monitoring Do you monitor relevant sources of information relating to threat, vulnerability and exploitation techniques? Vulnerability Mitigation Prioritisation Is the severity of threats and vulnerabilities considered and do you use this information to prioritise implementation of mitigations? Vulnerability Tracking Are known vulnerabilities within the service tracked until suitable mitigations have been deployed? Vulnerability Mitigation Timescales Do you make timescales available for implementing mitigations to vulnerabilities? Mitigation timescales are available on request. Event Monitoring Event monitoring Do you conduct event monitoring and analysis to identify suspicious activity? Viewdeck Event Monitoring Service provides this capability. Rootkit detection, IDS, host integrity, etc are tested and reported every 24 hours. Live events are captured and triggers accordingly. Incident Management Incident management processes Do you have incident management processes in place and are they enacted in response to security incidents? Consumer reporting of security incidents Do you have a defined process for reporting security incidents experienced by consumers and external entities? [ No ]
Security incident definition published Do you publish to consumers your definition of a security incident, along with the format, incident triggers and timescales for reporting such incidents? [ No ] Incident process details available on request. Normal Service Management processes are used/followed, and where necessary escalated as a service P1/P2 event. Personnel security Personnel security checks Security clearance national vetting (SC) Baseline personnel security standard (BPSS) Background checks in accordance with BS7858:2012 Employment checks What kind of personnel security do you apply to staff who have access to the service? All staff in contact with client systems and client data are either SC/DV cleared or under Risk Management processes until as such time as clearances have been confirmed. Where new staff or sub contractors are brought into a Service, a Disclosure Scotland is required, and submission into the client clearance processes initiated. Secure Development Secure development Are new and evolving threats reviewed and your services improved accordingly? Secure design, coding, testing and deployment Is development carried out in line with industry good practice regarding secure design, coding, testing and deployment? Software configuration management Do you have configuration management in place to ensure the integrity of the service through
development, testing and deployment? The Viewdeck Build Server based on Chef enforces Configuration management throughout the Service deployment, controlling releases and ensuring compliance of build and deployment across all servers. Git servers/version control is used to handle software, configuration and build scripts. Supply Chain Security Visibility of data shared with thirdparty suppliers Do you inform consumers how much of their information is shared with, or accessible by, thirdparty suppliers and their supply chains? Third party supplier security requirements Do you ensure that relevant security requirements, such as the Cloud Security Principles, are placed on third party suppliers and delivery partners Third party supplier risk assessment Do you manage the risks to your service from thirdparty suppliers and delivery partners? Third party supplier compliance monitoring Do you manage your third party suppliers' compliance with relevant security requirements? Sub contractors are fully managed and contractually committed to GCloud terms and conditions. Software suppliers are not given access to the Solution, Services or Client data. Open source technology is deployed as a preference to reduce risk from suppliers. Authentication of Consumers
User authentication and access management Can only authorised individuals from the consumer organisation access management interfaces for the service? User access control through support channels Can only authorised individuals from the consumer organisation perform actions affecting the consumer?s service through your support channels? Access controls and authentication controls depend on the channel, Impact Level/Tier and the overall Service Architecture. Separation And Access Control Within Management Interfaces User access control within management interfaces Can consumers manage only their own service, and not access, modify or otherwise affect the service of other consumers via management tools and interfaces? Administrator permissions Can consumers restrict permissions given to their administrators? Where functionality is available and appropriate, these controls and technology available depends on the deployment model and hosting solution chosen. Identity And Authentication Identity and authentication controls Username and two factor authentication Username and TLS client certificate Authentication federation Limited access over dedicated link, enterprise or community network Username and password Username and strong
Username and strong password/passphrase enforcement Other mechanism All hosts are configured to NSA guidelines in password hardening and enforcement. The use of Client certificates depends on deployment model and hosting solution chosen. Two factor authentication is an option available as an additional capability/service. Secure Service Administration Service management model Dedicated devices on a segregated network Dedicated devices for community service management Dedicated devices for multiple community service management Service management via bastion hosts Direct service management Which technical approach do you use for your service management? Choose all that apply. This is hosting solution dependent, and options are subject to client appetite for Shared Service Management and Administration. Audit Information Provision To Consumers Audit information provided None Data made available Data made available by negotiation All Audit information can be made available as an additional activity. Secure Use Of The Service By The Customer Device access method Corporate/enterprise devices Which end devices are the cloud service accessible from? Choose all that apply.
Partner devices Unknown devices Training Training Do you provide user or administrator training on the use of the service and its security? Configuration and Service options are dependant on the deployment model and Impact Level/Tier required by the client. Support of unknown devices is limited to application browser/level. Trademarks and Copyrights Ubuntu and Canonical are registered trademarks of Canonical Ltd. About Us Viewdeck is an experienced solution and professional services provider, supporting complex ICT change and transformation across the Public and Private sector. Our experience covers Procurement, Outsourcing, Strategic ICT transformation, Enterprise and complex Solutions Architecture, as well as more traditional project and programme management in niche and turn around situations. Our team includes SC and DV cleared independent practitioners and associates with real experience from both the UK and overseas. We regularly work in the secure, defence and intelligence sectors supporting UK critical national infrastructure, as both point skills/resources as well as teams supporting some of the largest ICT programmes. Expert skills and resources in managing Outsourcing Procurement projects, Delivering complex Enterprise Integration projects for organisations. Professional Consultancy and Architecture Services in Enterprise Issues, Transition Management of Suppliers following a Procurement Programme Management, Project Office and Technical Architecture skills Change and Service Management engineering Design, Technical and Information Assurance in Secure and mission critical environments Contact: Gary Seymour Viewdeck Consulting Limited W:www.viewdeck.com E: gcloud@viewdeck.com 3rd Floor 207 Regent Street T: +44 203 384 3350 London W1B 3HH F: +44 207 990 9455
This topic: Main > WebHome > GCloud7Lot3ProductDescriptions > G7Lot3ServerLAMPApplicationServer Topic revision: r2 2015 10 05 GarySeymour Copyright 2008 2015 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding Viewdeck Extranet? Send feedback