PYTILIA LIMITED

Data Centric Microservices Accelerator DCMA

DCMA is a cloud platform to improve how data rich applications are built while reducing the time and effort to do so including:
1. Pre-built, configurable components.
2. Easy to use studios and tools for microservices.
3. Management tools that take the complexity out deployments
4. Console to optimise performance.

Features

• Enterprise Essentials: security, logging, audit and data provenance and tracking
• Schema Studio: reuse, import or create new microservices and components
• Interface Suite: OOB integration to RDBS, APIs, objects, messaging, components
• Environment Manager: deploy to multiple environments – Developer, Sandbox etc
• Pipeline Engine: to support continuous deployment to multiple environments
• Runtime Orchestrator: Configure runtime engines using Open Microservices Specification (OMS).
• Operations Console: Monitor and report system health, activity and performance

Benefits

• Enterprise Essentials: OOB configuration avoids rebuilding components every application needs
• Schema Studio: accelerated drag/drop creation or reuse legacy code
• Interface Suite: simple drag/drop connectivity to any data component
• Environment Manager: easy definition of and relationship between multiple environments
• Pipeline Engine: reduce deployments from days to minutes
• Runtime Orchestrator: autoscaling, self-healing, in-flight configuration maximises uptime
• Operations Console: visualised diagnostics to support rapid remediation

£40,000 to £250,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bob.mcclean@pytilia.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

347386061278614

Contact

Bob McClean
07989481648
bob.mcclean@pytilia.io

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: DCMA is a stand alone platform to improve how cloud based data rich applications are built while reducing the time and effort to do so. It provides enterprise class low code development combined with a rich set of pre-built components and tools that outputs applications built to the MACH (Microservice based, API lead, Cloud based, Headless) concept. As such there are no known constraints to either the operation of DCMA or the applications it can create.
• System requirements: Internet access

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: 15min response time during standard working hours 24 hour response during weekends UK public and bank holidays.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 A
• Web chat accessibility testing: None
• Onsite support: No
• Support levels: Pytilia provide a range of support options for the DCMA platform (pricing provided in the pricing document):; 1. Basic Annual Support & Maintenance: a fixed price standard software support to the DCMA environment (taking calls, providing work arounds, fixing bugs, installing patches etc.); 2. Enhanced Annual Support & Maintenance (Optional): As Basic Annual Support & Maintenance but with access to new features and Enterprise Essentials components as they become available. ; 3. Expert Support (Optional): A “use or lose” service to provide guidance and advice for using DCMA to support the customer in the mechanics of redeveloping or building new apps on the DCMA platform (best practice, tips and tricks, recommendations on approach etc.).; 4. App Build (Optional): A Time & Materials optional service offered to customers who either don’t have the internal resources to redevelop or build new apps or wish to accelerate their adoption of DCMA in pursuit of a faster return (i.e., in parallel with their own endeavours).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: DCMA is an enterprise low code platform to accelerate the redevelopment or creation of microservice based applications. Onboarding:; ; 1. Commissioning: The core Onboarding service to create and configure a DCMA instance for the individual customer. This service includes the creation of user roles, security access and service initiation.; ; 2. Consultancy (optional): Supporting customers in understanding the problem they face, or guiding them as to how they might proceed towards a more rationalised environment utilising DCMA for improved data management, security, application development, compliance, auditing and integration.; ; 3. Discovery (optional): A service to document the As Is and To Be operating models, providing both a high-level solution architecture and cost based upon DCMA. ; ; 4. Knowledge Transfer (Optional): A service to train (typically “train the trainer”) a set of customer staff such that they are to all intents and purposes, self-sufficient in the use of DCMA.; ; 5. Proof of Concept (optional): A service to apply DCMA to a selected application within the customer’s estate or roadmap to generate a demonstrable output.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: DCMA is an enterprise low code platform to accelerate the redevelopment or creation of microservice based applications. All data created during the utilisation of DCMA is property of the customer and is held on open standards database (depending on hosting platform) and can be extracted at no additional cost.
• End-of-contract process: The end of contract process provides for:; ; 1. Data extract support: Assisting users to export their specific data and meta-data from the system; ; 2. Orderly Shutdown: Turning off any DCMA and 3rd party services in use.; ; 3. Cleanse: Deletion of the DCMA instance and any residual data.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 A
• Description of service interface: DCMA is an enterprise low code platform to accelerate the redevelopment or creation of microservice based applications, and as such DCMA provides a complete Tools Interface accessible via standard browser functionality. Users can create microservices, import legacy code, create integrations, deploy applications seamlessly, monitor and correct their operation, mostly through drag and drop with the ability to easily create bespoke code. All of this is achieved through an intuitive browser-based graphical user interface for user-friendly building, deployment and monitoring with a customisable Web API to enable automation.
• Accessibility standards: WCAG 2.1 A
• Accessibility testing: None
• API: Yes
• What users can and can't do using the API: DCMA is an enterprise low code platform to accelerate the redevelopment or creation of microservice based applications, and as such DCMA provides a complete Interface Suite that allows for access to the existing DCMA API set, but also provides a tool based configuration approach to the creation of new APIs.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: DCMA is an enterprise low code platform to accelerate the redevelopment or creation of microservice based applications, and as such DCMA provides a customisable service. Customers can customise the Enterprise Essentials components to meet their needs for security, logging, audit and data provenance and tracking. Users can create microservices, import legacy code, create integrations, deploy applications seamlessly, monitor and correct their operation, mostly through drag and drop with ability to easily create bespoke code.

Scaling

• Independence of resources: DCMA ensures consistent service levels and address the ‘noisy neighbour’ problem by reverse proxy rate limiting capabilities , cloud infrastructure resource allocation and segmentation to isolate each user from the effects of other, highly-active users.

Analytics

• Service usage metrics: Yes
• Metrics types: Statistics retrieval and visualisation per-user for multiple build steps and operations, secrets and configuration management, microservice deployment and runtime performance of deployed microservices.
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: DCMA provides an open documented API to allow all data to be imported and exported and an export function to allow data to be imported/exported in a flat file structure
• Data export formats:
  • CSV
  • ODF
• Data import formats:
  • CSV
  • ODF

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: DCMA is provided with 99.9% availability (excluding negotiated and agreed Maintenance Windows) measured on a monthly basis. Compensation for proven instances where availability was breached outside of Maintenance Windows is capped at 10% of the monthly fee and two instances per month.; ; To underpin the 99.9% availability the DCMA setup is designed for resilience, building on public cloud offerings, and includes the following key items:; ● Compute cluster with auto-restart and auto-scaling for load balancing and high availability; ● Data replication across availability zones for DR (disaster recovery) purposes; ● Multi-AZ operation with automated failover; ● Proactive monitoring and alerting in case of failure; ; DCMA is provided with 99.9% availability measured on a monthly basis. Compensation for proven instances where availability was breached is capped at 10% of the monthly fee and two instances per month.
• Approach to resilience: DCMA can be deployed in multiple cloud models, but typically resides on an MS Azure instance. The DCMA setup is designed for resilience, building on public cloud offerings, and includes the following key items:; ; • Compute cluster with auto-restart and auto-scaling for load balancing and high availability; ; • Data replication across availability zones for DR (disaster recovery) purposes; ; • Multi-AZ operation with automated failover; ; • Proactive monitoring and alerting in case of failure
• Outage reporting: DCMA provides a feature to create a Distribution list providing service status updates by email to registered users. The nature of the emails distributed and the distribution groups can be defined against various severity levels. An API interface allows for ingestion of service outage data into any service desk tool (e.g. ServiceNow, Ivanti etc.).

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Access to management interfaces and support channels is controlled by the Pytilia access control processes to ensure that only qualified and authorised staff can utilise these. This is role based access, linked to the Pytilia Active Directory utilising User ID, password and MFA
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Currently managed to standard required by US financial services regulation.
• Information security policies and processes: Pytilia proactively monitors metrics from our vulnerability management tools in addition to the service provided by our hosting provider to:; • Maintain a list of assets that are assessed against industry notifications; • Manage subscriptions to vulnerability notification services; • Regularly use vulnerability scanning software/security linting; • Use external managed security services that assess threat vectors and provide proactive advice/intelligence; • Carry out regular internal and independent testing of infrastructure and applications

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to DCMA services are planned with and communicated to the customer. Each has agreed success and failure criteria and an agreed back-out/restoration plan. Each change is reviewed against the agreed criteria during implementation and on completion. Any failure triggers the agreed back-out/restoration plan.; All DCMA components built in house and are documented, tracked and logged in a managed Source Code Control System with full change tracking. All service component builds are automated from the SCCS with no opportunity for external interference.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Pytilia proactively monitors metrics from our vulnerability management tools in addition to the service provided by our hosting provider to:; • Maintain a list of assets that are assessed against industry notifications; • Manage subscriptions to vulnerability notification services; • Regularly use vulnerability scanning software/security linting; • Use external managed security services that assess threat vectors and provide proactive advice/intelligence; • Carry out regular internal and independent testing of infrastructure and applications
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Pytilia use specialist intrusion detection systems and carry out; • Regular security testing and baselined results; • Proactive analysis of security and system event data; • Incident response which is dependent on perceived impact, threat, and exposure – it could range from no response being necessary through to full incident response involving senior business individuals and law enforcement agencies; • Security incident management process ; • Security-related incidents assessed and responded to in line with support processes.
• Incident management type: Supplier-defined controls
• Incident management approach: Reporting Incidents - Users can report incidents directly via our dedicated Service Desk, by email, or online via a client specific portal.; ; Incident Reports are provided online and by email and include details of the incident to provide for informed decision making, effective communication, and quality management.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  As a Service DCMA allows organisations to optimise their use of cloud resources and thus eliminates wasted power and cooling and the resultant greenhouse gases released as part of power generation.; As a Company Pytilia will where possible implement effective measures to deliver any/all of the following benefits through the contract:; • MAC 4.1 Deliver additional environmental benefits in the performance of the contract including working towards net-zero greenhouse gas emissions.; • MAC 4.2 Influence staff, suppliers, customers, and communities through the delivery of the contract to support environmental protection and improvement.

  Covid-19 recovery

  As a Company Pytilia will, where possible implement effective measures to deliver any/all of the following benefits through the contract:; • MAC 1.1: Creation of employment, re-training, and other return to work opportunities for those left unemployed by COVID-19, particularly new opportunities in high-growth sectors.; • MAC 1.2: Support for people and communities to manage and recover from the impacts of COVID-19, including those worst affected or who are shielding.; • MAC 1.3: Support for organisations and businesses to manage/recover from the impacts of COVID-19, including where new ways of working are needed to deliver services.; • MAC 1.4: Support for the physical and mental health of people affected by COVID-19, including reducing the demand for health and care services.; • MAC 1.5: Improvements to workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions

  Tackling economic inequality

  As a Service, DCMA is and supports MAC 3.2: innovation and disruptive technologies throughout the supply chain to deliver lower cost, higher quality goods/services.; As a Company Pytilia where possible and appropriate will deliver any/all of the following benefits through the contract:; • MAC2.1: Create opportunities for entrepreneurship and help new organisations grow.; • MAC2.2: Create employment/training opportunities for people who face barriers to employment, are located in deprived areas, and in industries with known skills shortages or high growth sectors.; • MAC2.3: Support educational attainment including training schemes; • MAC 3.1: Create a diverse supply chain including new businesses/entrepreneurs/start-ups/SMEs/VCSEs/mutuals.; • MAC 3.3: Support the development of scalable and future-proofed new methods to modernise delivery and increase productivity.; • MAC 3.4: Demonstrate collaboration and a fair/responsible approach to working with supply chain partners.; • MAC 3.5: Demonstrate action to identify/manage cyber security risks in the delivery including in the supply chain.

  Equal opportunity

  Pytilia is committed to Equal Opportunities and is co-founded by a female entrepreneur. Pytilia focuses on delivering:; • MAC 5.1: Demonstrate action to increase the representation of disabled people in the contract workforce.; • MAC 5.2: Support disabled people in developing new skills relevant to the contract, including through training schemes resulting in recognised qualifications; • MAC 6.1: Demonstrate action to identify/tackle inequality in employment, skills, and pay in the contract workforce.; • MAC 6.2: Support in-work progression to help people, including those from disadvantaged/minority groups, to move into higher-paid work by developing new skills relevant to the contract.; • MAC 6.3 Demonstrate action to identify/manage the risks of modern slavery in the delivery of the contract, including in the supply chain.

  Wellbeing

  As a Service, DCMA removes the mundane and repetitive tasks from microservice and application development and as such allows developers to focus on the more effective and enjoyable elements of the process.; As a Company Pytilia will focus on effectively implementing, where possible and appropriate, measures to deliver the following benefits through the contract:; • MAC 7.1: Demonstrate action to support health and wellbeing, including physical/mental health, in the contract workforce.; • MAC 7.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support health and wellbeing, including physical and mental health.; • MAC 8.1: Demonstrate collaboration with users and communities in the co-design and delivery of the contract to support strong integrated communities.; • MAC 8.2: Influence staff, suppliers, customers, and communities through the delivery of the contract to support strong, integrated communities.

Pricing

• Price: £40,000 to £250,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bob.mcclean@pytilia.io. Tell them what format you need. It will help if you say what assistive technology you use.