DevOps Consultancy
The Virtual Forge provides DevOps consultancy and a managed DevOps service, depending on your requirements. From CI/CD configuration and management to cloud infrastructure configuration and maintenance. We can also analyse and recommend security improvements to existing cloud infrastructure.
Features
- System Design and Architecture
- Seamless migration to Cloud-based solutions
- System implementation and maintenance
- Continuous Integration/Continuous Delivery
- Data Intelligence
- Complete bespoke design and service
- System monitoring
Benefits
- Combine data science with business analytics to extract data value
- Create scalable, resilient, well architected systems to specifications
- Leverage repeatable automation of your infrastructure
- DevOps cloud services for consultancy, security, with AWS and Azure
- Extensive experience with cloud systems
Pricing
£0 to £137 an instance an hour
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
9 4 2 5 1 6 8 3 5 6 3 0 0 3 0
Contact
The Virtual Forge
The Virtual Forge
Telephone: +44 (0) 207 078 8855
Email: connect@thevirtualforge.com
Service scope
- Service constraints
-
As a certified AWS partner and certified Microsoft Azure consultants. We can provide solutions and services that make use of the full suite of AWS or Azure products and services.
We currently do not offer any hardware support or design as we work exclusively in cloud systems.
Our software is primarily written in .NET Core and Javascript. - System requirements
-
- Solution requirements must be compatible with AWS or Azure
- Solutions must run on Windows, Linux, or serverless.
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
-
Response times are based on the priority of the ticket:
- Priority1 = Immediate
- Priority2 = 2 working hours
- Priority3 = 8 working hours
- Priority4 = 24 working hours
Customers may purchase out of hours and weekend support at an additional cost, and response times will be agreed as part of that service. - User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Our standard support offering includes:
- Access to Freshdesk ticketing system
- Access to onsite support
- Dedicated Account Manager
- Response times SLA
Our Premium offering additionally includes:
- Dedicated support staff
- 24x7 hotline for Priority1 incidents
Both offerings are priced separately per project, depending on the amount of support required each month.
Out of hours support
Unsociable hours, namely weekends and statutory holidays, and after 5.00pm on weekdays, will be charged at £300/month to have the service available.
If the customer uses the emergency call line, £500 will be charged for the call-out. This covers up to one hour of the support team member’s time. £150 will be charged for every whole or partial 30 minute period thereafter.
These rates are for the work the development team will have to perform in order to identify and resolve the problem. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Our approach is to provide a managed service in terms of hosting, so minimal training is required in this regard.
- Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
AWS offers different pricing models, depending on the model you are using the contract date will vary. As AWS services are scalable, you will only pay for what you are using they can be scaled up or down at anytime.
AWS pricing contract information can be found here
https://aws.amazon.com/pricing/?nc2=h_ql_pr_ln-a - End-of-contract process
-
Details of account closure can be found on the AWS Billing and Cost Management site
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/close-account.html
Using the service
- Web browser interface
- Yes
- Using the web interface
-
Almost all AWS services can be accessed via the web portal.
Configuration parameters of some services are only available from the CLI, SDK or API interface. - Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
-
You can sign in to the AWS Management Console using your AWS account root user credentials at https://console.aws.amazon.com/console/home.
AWS Identity and Access Management (IAM) user, can be configured enabling the use of a specialised URL. - Web interface accessibility testing
- AWS offers assistive technology
- API
- Yes
- What users can and can't do using the API
- All functionality is available from the API
- API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
-
- HTML
- Other
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Using the command line interface
- All AWS functionality is available via the CLI.
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
- Provision of multiple instances. Auto-scaling in place for further instances if pre-agreed compute or latency thresholds are exceeded.
- Usage notifications
- Yes
- Usage reporting
-
- API
- SMS
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- AWS Cloudwatch configured to collect all metrics
- All AWS services publish metrics to Cloudwatch
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- AWS
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- Less than once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Encryption of all physical media
- Scale, obfuscating techniques, or data storage sharding
- Other
- Other data at rest protection approach
- Encryption is managed by 3rd party, ie AWS and Azure, who are CSA CCM v3.0 compliant. AWS use AES-256 for the encryption protocol on data at rest.
- Data sanitisation process
- No
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Amazon EBS volumes
- Amazon RDS databases
- Amazon DynamoDB tables
- Amazon EFS file systems
- Azure Virtual Machines
- SQL and SAP databases
- Azure File Shares
- Backup controls
- Both AWS & Azure have enterprise fully managed backup service that makes it easy to centralise and automate the back up of data across their services in the cloud as well as on premises, Utilising the AWS Storage Gateway or the Azure central management interface, The Virtual Forge can centrally configure backup policies and monitor backup activity for resources. Automating and consolidating backup tasks. Providing a fully managed, policy-based backup solution, simplifying your backup management, enabling you to meet your business and regulatory backup compliance requirements.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
- Users can recover backups themselves, for example through a web interface
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- Data protection within supplier network
- TLS (version 1.2 or above)
Availability and resilience
- Guaranteed availability
- Use infrastructure assuring 99.9% uptime
- Approach to resilience
-
We make extensive use of AWS's native resiliency and redundancy capabilities through leveraging multiple Availability Zones through load balancers for servers and (where possible) distributed databases or read replicas. This is further supported by 'warm' backup regions in case of a disaster recovery scenario.
Details of Amazon SLA's can be found here; https://aws.amazon.com/compute/sla/ - Outage reporting
-
Public dashboard
Email alerts
Text messages
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Username or password
- Other
- Other user authentication
- Typically username and password, but MFA also available.
- Access restrictions in management interfaces and support channels
- Username and password. Resets only available directly to user via their email.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Devices users manage the service through
-
- Dedicated device over multiple services or networks
- Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 21/12/2021
- What the ISO/IEC 27001 doesn’t cover
- N/A
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- No
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Company Information Security Policy must be signed by all employees, and is updated regularly.
CTO – The company’s Chief Technology Officer is responsible for corporate-wide IS system planning, implementation, and execution.
Information Security Manager – The IS Manager is responsible for the company-wide datacenter and network infrastructures.
DevOps Engineers – The DevOps Engineers are responsible for all enterprise business systems.
Internal Users -- All members of the the company User Community are required to familiarise themselves with the policies outlined in the The Company Employee and Contractor IS Policies document.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Changes are managed via the change control process to ensure projects remain within approved constraints. Change proposals are agreed with the client, completed by the individual who identifies the need for a change, then submitted to us. The project team then assesses the impact of the change. The request is submitted to the change control board with the project team's findings to be reviewed. If the change is approved, all project documentation must be updated and the change must be communicated to all stakeholders. Some changes may also require re-alignment of the project costs, schedule, or scope.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Threats are monitored using an IDS provided by AWS along with the standard protection offered by AWS. Patches are routinely applied with urgent hotfixes applied the same day as a threat is identified. Threat information is monitored from AWS and industry leading security boards and alert feeds.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- This is managed by AWS on our behalf.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Incidents are managed via a ticketing system.
Information and FAQs are available via the ticketing system to help with common issues. Canned responses are prepared for common issues. Users report incidents via email or through ticket portal. Responses are given according to pre-defined SLAs. RCAs are available for critical issues. Ticket reports are available at client request.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Third-party
- Third-party virtualisation provider
- Amazon Web Services
- How shared infrastructure is kept separate
-
Different accounts for different clients on AWS. Clients have separated AWS instances.
AWS assure security of the cloud.
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
Amazon is committed to achieving 100% renewable energy across our global infrastructure.
https://aws.amazon.com/about-aws/sustainability/
Social Value
- Fighting climate change
-
Fighting climate change
The Virtual Forge are committed to ● Complying and keeping up to date with environmental legislation ● Preventing pollution ● Continually working to reduce our environmental impacts – minimising waste produced, minimising our energy use, training staff and encouraging greener transport options Specific areas where we are working to reduce our environmental footprint: ● Working with our staff and building users to make all of the building’s operations as environmentally friendly as we can, heating and lighting our premises efficiently ● Investigating how much waste we generate, using segregation to enable higher rates of recycling ● Looking at how people travel to and from our site: encouraging public transport and cycling ● Looking at what we buy – sourcing goods with low environmental impact and working with local suppliers wherever possible - Equal opportunity
-
Equal opportunity
The Virtual Forge Limited is committed to achieving a working environment which provides equality of opportunity and freedom from unlawful discrimination on the grounds of race, sex, pregnancy and maternity, marital or civil partnership status, gender reassignment, disability, religion or beliefs, age or sexual orientation.
Pricing
- Price
- £0 to £137 an instance an hour
- Discount for educational organisations
- Yes
- Free trial available
- No