CONTROL PLANE LIMITED

ControlPlane Enterprise for Flux CD

CPE-Flux is a subscription-based offering designed to meet the stringent requirements of highly regulated organisations running production cloud native environments. CPE-Flux Continuous Delivery provides a secure, stable, and efficient solution for cloud native enterprises to depend on with confidence.

Features

• Hardened distroless container images for Flux CD GitOps Toolkit controllers
• Enterprise support and expertise for Flux CD and GitOps-Kubernetes environments
• Continuous scanning, patching, and vulnerabilities remediation in components and dependencies
• FIPS-compliant Flux CD builds based on FIPS 140-2 validated BoringSSL
• Extended compatibility of Flux CD controllers for recent Kubernetes releases
• Assured compatibility with Kubernetes provided by Cloud Service Providers
• Access further resources and support through our professional services

Benefits

• CPE-Flux CD supports scalability through single clusters to large-scale deployments
• Enhanced security through hardened components, compliance, and proactive vulnerability management
• Reliable support and expertise ensure stability and integrity of deployments
• Seamless interoperability integration with Kubernetes and compatibility with Cloud Services
• Reduced downtime and increased productivity with dedicated support and expertise
• Seamless transition to CPE-Flux CD without disrupting existing workflows
• Assurance of long-term sustainability and continued development of upstream project

£15,000 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@control-plane.io. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

382751477503439

Contact

Technical Solutions
+447570989398
solutions@control-plane.io

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Normal service hours are from 09:00 to 17:00 UK time on weekdays, excluding bank holidays. Work outside these hours requires prior agreement and may incur additional charges according to the SFIA rate card. All travel and subsistence costs to the client site will be chargeable based on the agreed Terms & Conditions.; ; ControlPlane provides assistance to customers to manage the installation of the Supported Software Components but we require prerequisites are satisfied prior installation. Where an issue is discovered in a supported software component, ControlPlane will work with Customer to ensure that a resolution is integrated into a future release.
• System requirements:
  • Current supported release of Kubernetes
  • Git or OCI Repository
  • Container Registry
  • Access to CPE-Flux Portal

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our support aims to respond to clients based on criticality. We categorise the urgency through Critical to Low and whether it is a question regarding a production or non-production environment.; - Critical Production Continuous effort 4 business hours; - High Production 1 business day; - Medium Production 2 business days; - Low Production 2 business days; - Critical Non-Production 1 business day; - High Non-Production 2 business days; - Medium Non-Production 1 business week; - Low Non-Production 1 business week
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: We provide user support through web chat on our customer established channels. We use Slack as a method of chatting to our customers as it was deemed the most efficient and simple for all to use.
• Web chat accessibility testing: At ControlPlane we have Slack established as a chat platform for our customers who request this. We have confirmed that Slack does provide assistive technology, we have done initial testing, but will need validation from our users to ensure they have everything they need, and we will work with Slack to ensure that it is possible.
• Onsite support: Yes, at extra cost
• Support levels: We provide a general service level agreements as defined below. ; ; - Critical Production Continuous effort 4 business hours; - High Production 1 business day; - Medium Production 2 business days; - Low Production 2 business days; - Critical Non-Production 1 business day; - High Non-Production 2 business days; - Medium Non-Production 1 business week; - Low Non-Production 1 business week; ; Additional support can be provided to the customer through a Technical Account Architect (TAA): For customers who require more comprehensive support and guidance, ControlPlane offers the Technical Account Architect (TAA) service for an additional annual fee.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The On-boarding Process begins when buyers initiate the CPE-Flux subscription in collaboration with ControlPlane's Technical Solutions team. ControlPlane arranges a kick-off meeting with the buyer's key team members to review, discuss the organisation's specific needs, infrastructure, and goals. Following this meeting, a Technical Services Engineer from ControlPlane will be assigned to assist the buyer during the initial on-boarding process. The engineer will ensure that the appropriate buyer contacts can access the CPE-Flux CD software, the CPE-Flux Service Portal, and provide training on how to manage a support ticket, register a feature enhancement or request for information.; ; ControlPlane ensures a smooth transition from the open-source Flux CD (if used) to CPE-Flux CD without disrupting the buyer's existing workflows, and provides access to documentation and resources to support the on-boarding process and help buyers maximise their CPE-Flux CD deployment.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the end of the contract, users can extract their data as a compressed file(s) directly from the Portal. This would be similar to takeout by google or icloud 'manage your data'.
• End-of-contract process: The Off-boarding Process begins upon a notice of termination. The customer need to provide a cancellation notice at least 30 days before the end of their current subscription term if they wish to terminate the service as to avoid the subscription continue for another term. Prior to the termination date, customers can export their data from the CPE-Flux CD service Portal to ensure their continued access to all case management, support requests and feature enhancement requests. Upon the termination date, ControlPlane will remove the buyer's access to the CPE-Flux CD service and any associated resources. ; ; If needed, ControlPlane can engage with the buyer to formulate a customised off-boarding plan to ensure a smooth transition away from the CPE-Flux CD service.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems: Linux or Unix
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The CPE-Flux Service Portal serves as the single point of contact for customers to seek support and make requests. ; ; For customers with the Technical Account Architect (TAA) service, the TAA acts as a dedicated point of contact, managing the relationship and providing regular progress reports.
• Accessibility standards: None or don’t know
• Description of accessibility: Customers can open support tickets through the portal, which are then managed by ControlPlane's Technical Services team. The team comprises experienced engineers who provide 24/7 support for CPE-Flux CD. The portal allows for tracking of issues and connects customers to further various communication channels like email, chat and telephone if necessary. ; ; Using standard Flux CLI https://fluxcd.io/flux/cmd/
• Accessibility testing: Using standard Flux CLI https://fluxcd.io/flux/cmd/
• API: Yes
• What users can and can't do using the API: Users can use the bootstrap that has many sub-commands that push the Flux manifests to a Git repository and deploy Flux on the cluster. Information is available upon request and as documentation.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The CPE-Flux API is the standard upstream CNCF Flux API, that is part of the Kubernetes API known as CRD's (CustomResourceDefinition). Users can extend any API in Kubernetes to include Flux using Go, Bash or Python.

Scaling

• Independence of resources: We guarantee users will not be impacted by other customers using our services as customers run the service on their own platforms.

Analytics

• Service usage metrics: Yes
• Metrics types: The customer can request various reports from ControlPlane in relation to the portal. As for service usage metrics relating to Flux, we can look to support the customer to create metrics on their own infrastructure.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Never
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Users export all data from the Portal. There are documentation and guides available for users demonstrated the steps to export their data.
• Data export formats:
  • CSV
  • Other
• Other data export formats: JSON
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Not applicable as the buyer hosts all their own data. The buyer can submit tickets to the portal, in this case, standard https / ssl is used.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: We have various levels of service level agreements that reflect availability, which are dependent on the urgency of the request and type of environment: ; ; - Critical Production Continuous effort 4 business hours; - High Production 1 business day; - Medium Production 2 business days; - Low Production 2 business days; - Critical Non-Production 1 business day; - High Non-Production 2 business days; - Medium Non-Production 1 business week; - Low Non-Production 1 business week
• Approach to resilience: We look to work closely with our customers to define controls to ensure resiliency. Further information can be provided upon request.
• Outage reporting: We report any outages to our customers via public dashboard and API, as well as email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
• Access restrictions in management interfaces and support channels: Further information can be provided on the security of the portal upon request.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: ControlPlane implements a centralised governance structure where the authority, responsibility, and decision-making power are vested within the organisation itself. ControlPlane establishes the appropriate policies, procedures, and processes for ensuring organisation-wide involvement in the development and implementation of risk management and information security strategies, risk, and information security decisions, and the creation of inter-organisational and intra-organisational communication mechanisms.
• Information security policies and processes: The Exec Team owns all risk within the organisation. Information Security Risk is owned by the CTO who is part of, and informed by the Risk Executive. The CTO is responsible for managing the obligations of the Head of Security (HoS) in support of the information security goals against other HoS obligations (consulting, internal leadership, etc).; ; At ControlPlane the Risk Executive function is assumed by the Exec Team and the Head of Security.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Our change management strategy is built around ensuring minimal disruption to operations. We execute a thorough validation process for updates, including canary deployments and phased rollouts, allowing for early detection of potential issues. Furthermore, we prioritise backward compatibility, supporting seamless transition without breaking existing workflows or necessitating extensive reconfigurations.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: ControlPlane provides workarounds and resolutions for CVEs based on their CVSS (Common Vulnerability Scoring System) scores. enterprise clients are responsible for applying the provided workarounds and resolutions.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All notifications are done through the portal, all users with portal accounts will be notified. The ControlPlane reacts to the incidents as per the Service Level Agreements defined, depending on the urgency of the incident and environment.
• Incident management type: Supplier-defined controls
• Incident management approach: When an incident is raised by users, follow up notifications are done through the portal. All users with portal accounts will be notified.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  ControlPlane’s remote-first approach minimises wasteful travel to its corporate office. When travel to a client site is required, sustainable transport options are employed. This remote-first strategy enables ControlPlane to lower its carbon footprint by reducing travel and requiring only a small office.; ; Additionally, in delivering its architecture and engineering services, ControlPlane aims to eradicate wasteful spending on cloud resources. It designs and builds efficient, cost-effective solutions that utilise features such as autoscaling and configuration drift detection to minimise resource usage and expenditure.

  Covid-19 recovery

  As a result of COVID-19, ControlPlane has become a remote-first organisation, offering enhanced flexibility, eradicating commuting, and improving employee work-life balance.; ; Remote engagements also reduce the burden on healthcare services by minimising virus transmission risks. The introduction of virtual tooling necessary for remote work has expanded accessibility to our services.; ; As a result of these changes, ControlPlane has been able to maintain a minimal office footprint, establish sustainable travel practices, and foster a remote-first culture.

  Tackling economic inequality

  ControlPlane's commitment to skill enhancement through client and community engagement—ranging from classroom-based training and knowledge sharing on projects to active participation and presentations at free community meetups and conferences—effectively addresses skills shortages by empowering individuals to gain new skills and certifications.; ; As a vendor-neutral consultancy with a deep commitment to leveraging open source technologies, ControlPlane boasts a rich history of contributing to open-source projects and sponsoring PhD research in technologies it finds beneficial. This strategy not only promotes diversity within the technology supply chain but also ensures the selection of the most fitting technology to meet specific needs, rather than defaulting to a few monolithic suppliers.; ; Furthermore, with a strong focus on security, ControlPlane demonstrates an in-depth understanding of supply chain risks and management strategies, showcasing a proven record of evaluating supply chain risk and implementing solutions that enable organisations to securely utilize open source and other third-party products.

  Equal opportunity

  ControlPlane is committed to promoting equal opportunity, and our diverse culture empowers and develops individuals with talent and integrity. We ensure that individuals at all levels of the organisation grasp the importance and benefits of diversity in high-performing teams. This empowers them with the motivation and opportunity to express their perspectives and drive change.; ; Our recruitment practices are designed to be as inclusive as possible, attracting and retaining top talent from a variety of experiences and backgrounds. We also offer existing employees support, professional development training, and other mechanisms to advance their careers.; ; Furthermore, ControlPlane partners with charities and schools to introduce underrepresented groups to careers in technology and security. These partnerships include hosting and contributing to workshops aimed at secondary school students. Our goal is to educate and inspire young individuals during their crucial academic decision-making phases.; ; ControlPlane is currently in the process of establishing an outreach programme.

  Wellbeing

  ControlPlane is fully committed to employee wellbeing, offering two fully-paid company-wide mental health days annually. We strongly; encourage employees to take this time to focus on relaxation and wellbeing activities. We make scheduled contributions to an employee rewards and benefits platform, which includes a wellness portal and credits redeemable for various products and services, including those focused on wellness.; ; ControlPlane champions a community of open-source and security advocates by attending, presenting at, and organising industry conferences, local meetups, and engaging with specialist interest groups within the Linux Foundation. Our collaborative ethos is evident in how we engage; we prefer to work embedded within client organisations and existing teams, rather than forming separate teams outside of an organisation.

Pricing

• Price: £15,000 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: ControlPlane offers a 30-day Proof of Concept (POC) for customers interested in evaluating CPE-Flux CD before committing to a full subscription. The POC allows organisations to test and assess the service in a limited, non-production environment to experience the benefits and features of CPE-Flux CD firsthand.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at solutions@control-plane.io. Tell them what format you need. It will help if you say what assistive technology you use.