Hosting Service Manual
Environment and Infrastructure
Environment Names
We use standard naming conventions across all of our hosting environments.
Environment | Description |
---|---|
Local | A developer's personal workspace, running on their own machine. It may connect to a shared development environment database, iCM or API Server |
Development | A GOSS-hosted environment that developers can use for new functionality and fixes. This environment may be unstable and is likely to change regularly. This is a place for active development and is not suitable for formal testing |
Test | A stable environment used by everyone to test the latest development work. We have dedicated test environments so work can be tested while other work goes on in the development environment |
Pre-Production | A replica of the production environment used as a staging area. This environment should be kept in sync with the production environment and serves as a trial run for deployments. It may also be used to replicate support issues found in the production environment |
Production | The live, public-facing website/intranet |
DR | A Disaster Recovery environment |
Infrastructure
The GOSS Cloud Services infrastructure is powered by various public cloud providers including Amazon Web Services and Google Cloud Platform (both in the London regions), enabling us to deliver a cloud-agnostic, high performance, high security, and most of all, highly reliable platform for the delivery of client services. All data is stored, processed and managed in the UK and we are a UK-based service provider.
The infrastructure allows us to seamlessly increase the resources for a particular service or expand the resilience and capacity of a service by adding more virtual machines to the environment. Tenants of the platform are fully segregated using logical security controls, dedicated private networks and dedicated resource reservations.
Please note that additional storage can be purchased if required.
Scaling
Services are scaled to meet client transactional volumetric requirements and anticipated growth, in line with the suggested fair usage policy, as detailed in the Service Definition Document. If volumes exceed fair usage the service can be scaled-up to cope with additional demand by moving to the next appropriate service level. By using analysis tools, each individual server and service is carefully calibrated to achieve optimum efficiency and performance.
Availability
We offer two SLAs, covering your production environments:
- 99.99% for network availability
- 99.95% website availability
Non-production environments are not covered by the above SLAs. We offer service credits should availability fail to meet these SLAs - refer to your Service Terms and Conditions document.
Energy Efficient Hosting
To reduce the environmental impact of our hosting infrastructure we have implemented policies that will power-down servers when they are not being used - primarily overnight. The following table outlines our standard schedules.
You can request a change to the times below by contacting a member of the support team.
Environment | Available | Notes |
---|---|---|
Production | Always on | We do not power-down production environments. These servers will be available as per our published SLAs |
Pre-production | 07:00 - 19:00 weekdays | The pre-production staging area is available during extended business hours |
Test | 07:00 - 19:00 weekdays | Test servers are available during extended business hours |
Development | On demand - 19:00 | Development servers are, by default, powered-down. They are enabled during active project work, during the upgrade/patching process, and while resolving support issues. Development servers can be enabled with the relevant permission levels via the MyGOSS platform as and when they are needed. Alternatively, a GOSS support technician, developer, or member of the hosting team can enable the development servers on request. |
PCI DSS Compliance
Please note that we are not currently assessed against the Payment Card Industry Data Security Standard. All payment actions are performed via third party hosted payment providers. Form payment fields redirect users to those payment providers and no payment details (card number etc) are entered into or stored by our platform or hosting infrastructure.
Security
All of our internet facing infrastructure has been assessed and certified under the Cyber Essentials Plus scheme developed by the UK National Cyber Security centre.
Our information security management systems are certified as meeting the ISO 27001 information security standard.
We carry out penetration testing on an annual basis and encourage clients to perform their own as required.
DDos Protection
We make use of AWS Shield Standard and rate limiting features to mitigate DDoS attacks.